'The Hacker News' Weekly Roundup — 14 Most Popular Stories

THN Weekly Roundup — 14 Most Popular Hacking Stories
To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up.

Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0.1 that made us sad, but…

…we were also thrilled by latest developments such as Microsoft’s new Linux-based operating system Azure Cloud Switch (ACS), unhackable MicroKernel "SeL4", and Facebook 'Dislike or Empathy Button'.

I recommend you to read the entire thing (just click ‘Read More’ because there’s some valuable advice in there as well).

Here's the list:

1. Microsoft Developed its Own Linux Operating System


One of the trending news of last week. Microsoft built its own Linux-based operating system known asAzure Cloud Switch (ACS).

The company described ACS as a "cross-platform, modular operating system for data center networking built on Linux," or simply, a "commodity switch software stack for data center networks".

The aim of developing a Linux-based operating system is to make it easier and simpler to control the hardware from multiple vendors (such as Switches) that power their cloud-based services. For working and functions of ACS, Read more

2. D-Link Publishes its Private Code-Signing Keys on the Internet


Taiwan-based networking equipment manufacturer D-Link accidently published its Private code signing keys inside its open-source firmware packages.

As a result, an online user successfully developed a Windows application, which he was able to sign with the D-Link code signing keys, which was valid at the time.

Besides that code signing private keys, the user also discovered pass-phrases into the source code needed to sign the software. For in-depth information, Read more

3. Unhackable Bug-Free MicroKernel – SeL4


Security Researchers, Mathematicians and Aviation gurus from Boeing and Rockwell Collins joined a team of dedicated NICTA researchers to create an open source, unhackable MicroKernel dubbed "SeL4."

SeL4 (Secure Microkernel Project) is a 3rd Generation MicroKernel designed to detect & foil hacking attempts. It supports various L4 microkernels features and promises high-performance with robust Security mechanisms that are even harder to Crack.

For an in-depth explanation, Read more

4. AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers


Remember, Nothing comes for Free! "Free" is just a relative term, as one of the world's most famous anti-virus companies has now admitted.

Czech Republic-based antivirus firm AVG updated its privacy policy in which it openly admits to collect and sell your data to online advertisers for the purpose of making money from its free anti-virus software.

The so-called "non-personal data" includes your browser and search history, meta-data, advertising ID associated with your device, Internet Service Provider (ISP) or Mobile Network you use and information regarding other apps you have on your device. For more information, Read more

5. Aw, Snap! This 16-Character String can Crash Your Google Chrome

This 16-Character String can Crash Your Google Chrome
Security researcher Andris Atteka discovered a simple way to crash your Chrome browser — a small string of special characters.

Yes, a small string of 16 characters (http://a/%%30%30) caused your Chrome browser to crash. However, Google patched the flaw now, but the researcher didn’t receive any bounty, as the bug was not a real security threat. Read more

6. WIN $1 Million Bounty For Hacking the New iOS 9 iPhone


Yes, $1,000,000.00 Reward for finding zero-day hacks for iPhones and iPads.

Security firm Zerodium, a startup by the infamous security firm "VUPEN", announced a total of $3 Million ($3,000,000) bounty rewards for exploits and jailbreaks for Apple's latest mobile operating system iOS 9.

To know how you can Win this bounty reward, Read more

7. 4000 Malicious iOS Store Apps Linked to CIA?


With the discovery of 39 malware infected iOS apps, FireEye researchers discovered nearly 4000 compromised iOS apps that were infected with same XCodeGhost malware.

XCodeGhost, a very harmful and dangerous piece of malware, was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode.

It isn't clear that the attackers of XCodeGhost are linked to CIA, but the technique used by XCodeGhost is similar to that developed by Central Intelligence Agency (CIA) researchers, disclosed by the leaked documents provided by Edward Snowden.

For in-depth information, Read more

8. Here's How Facebook 'Dislike or Empathy Button' Would Look Like


Excited about having Facebook Dislike or Empathy button to your Facebook Profile and News Feed?

Facebook will soon offer you this feature, But if you are thinking that Facebook Dislike button is going to be a thumbs-down, then you are wrong.

As Facebook’s founder Mark Zuckerberg says, "We did not want to just build a Dislike button [as] we do not want to turn Facebook into a forum where people are voting up or down on people’s posts."

Instead of thumbs down to express disapproval or pity, it could be Emojis. How? Read more

9. How to Access Private Photos and Contacts in iOS Device Without a Passcode

How to Access Private Photos
Last week, iPhone user Jose Rodriguez found a new and quite simple way of bypassing the lockscreen of an iOS device running Apple's latest iOS 9 operating system, allowing you to access the device's photos and contacts in 30 seconds or less.

Few days after, Apple released its first update to iOS 9 mobile operating system that addressed several bugs but, unfortunately, the latest update iOS 9.0.1 didn't fix the lockscreen bypass vulnerability.

To prove this, Rodriguez published a new video that detailed a step-by-step explanation on how tobypass the passcode on iOS 9 as well as iOS 9.0.1 device, using the benevolent nature of Apple's personal assistant Siri.

For detailed explanation, Read more

10. Fingerprints of 5.6 Million Federal Employees Stolen in OPM Hack


Few month ago, a massive data breach in the US Office of Personnel Management affected more than21 Million federal employees, who had their personal, and highly sensitive private information hijacked.

However, now the US officials are admitting that more than 5.6 Million Fingerprints of its federal employees were also stolen in the data breach took place in April this year. The number is bigger thanpreviously reported that some 1.1 Million Fingerprints were taken. Read more

11. Lenovo Caught Pre-Installing Spyware on its Laptops


Lenovo has once again been caught pre-installing spyware on its laptops and workstations from LenovoThinkPad, ThinkCentre, and ThinkStation series without the user's permission or knowledge.

Lenovo embedded a tracking software program, called "Lenovo Customer Feedback Program 64," categorized as Spyware, into its laptops and workstations that operate daily on these systems.

For more details on What this software does?, and How to Remove this software, Read more

12.China developed a Linux OS that totally Looks Like Windows XP


Yes, China has created its own Desktop Operating System, dubbed "NeoKylin", tagged as a substitute to Windows XP by Quartz, who got an opportunity to have a hands-on experience of its 'community version' OS.

NeoKylin is developed by Shanghai-based China Standard Software Company, and the operating system is already running on more than 40 percent of commercial units sold in the country by Dell.

How NeoKylin looks like and similar is NeoKylin to Windows XP, Read more

13. The World's First $9 Computer has Started Shipping

The World's First $9 Computer has Started Shipping
C.H.I.P. – Computer Hardware in Products – a $9 Linux-based, super-cheap computer has started shipping.

Dave Rauchwerk, CEO of Next Thing Co., said that the first run of CHIP computers is beginning to be distributed to early backers within few days.

For specifications and capabilities of C.H.I.P., Read more

14. North America Runs Completely Out of IPv4 Internet Addresses


The American Registry for Internet Numbers (ARIN) announced the final exhaustion of their free pool of IPv4 (Internet Protocol version 4) addresses.

The free pool of IPv4 addresses has reached zero, i.e., the availability of IPv4 addresses no more exists.

This is just the start of an era of IPv6, which was first invented in about two decades ago, and features much longer addresses (e.g. FE80:0000:0000:0000:0202:B3FF:FE1E:8329).

This simply means that IPv6 (Internet Protocol version 6) could offer a total available pool of 340 Trillion Trillion Trillion addresses, providing capacity for a very long time.

uh-oh! North America Runs Completely Out of IPv4 Internet Addresses

IPv4-Internet-Addresses
Two months ago, THN reported about a similar announcement made by The American Registry for Internet Numbers (ARIN), which said that the agency is no longer able to produce IPv4 addresses in North America.

Within a time frame of few months, ARIN, which handles Internet addresses in America, has announced the final exhaustion of their free pool of IPv4 addresses has reached zero...

...i.e. the availability of IPv4 (Internet Protocol version 4) addresses no more exists.
Meanwhile, they are going to accept requests for IPv4, which will be approved via two ways:
  1. Wait List for Unmet IPv4 Requests - Join the waitlist for unmet requests in the hopes that a block of the desired size will be available in the future.
  2. IPv4 Transfer Market - Can be purchased from another organization that has more than it needs.
So, in the future, IPv4 address space will be allocated to the approved requests on the Waiting List for Unmet Requests, if ARIN:
  • receives any IPv4 address space from IANA (Internet Assigned Numbers Authority),
  • recovers from cancellations, or
  • returns from organizations.
They say, "The source entity (-ies within the ARIN Region (8.4)) will be ineligible to receive any further IPv4 address allocations or assignments from ARIN for a period of 12 months after a transfer approval, or until the exhaustion of ARIN's IPv4 space, whichever occurs first."
These changes will impact the organizations existing in Transfers between Specified Recipients within the ARIN Region (Transfer 8.3) and Inter-RIR Transfers to Specified Recipients (Transfer 8.4).

RIR refers to Regional Internet Registry, like ARIN, which is one of the RIRs.

Also, if they are successful in allotting IPv4 address pool to the waiting list entities and are still left with IPv4 addresses, then they will open the free pool for IPv4 addresses and add them there for future use.

We see this is just the start of an era (IPv6).

IPv6 was invented in about two decades ago in 1998, and it features much longer addresses, such as — FE80:0000:0000:0000:0202:B3FF:FE1E:8329. This means that IPv6 will offer a total available pool of 340 Trillion Trillion Trillion addresses, providing capacity for a very long term.
source: the hacker news
Share on Google Plus

About ANON JEKLOY

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

loading...