Sekure4Sure

Imagine a world where every one of the billions of lightbulbs in use today is a wireless hotspot delivering connectivity at speeds that can only be dreamed of with Wi-Fi. That's the goal of the man who invented such a technology, and this week Li-Fi took a step out of the domain of science fiction and into the realm of the real when it was shown to deliver speeds 100 times faster than current Wi-Fi technology in actual tests. An Estonian startup called Velmenni used a Li-Fi-enabled lightbulb to transmit data at speeds as fast as 1 gigabit per second (Gbps), which is about 100 times faster than current Wi-Fi technology, meaning a high-definition film could be downloaded within seconds. The real-world test is the first to be carried out, but laboratory tests have shown theoretical speeds of 224 Gbps. Who Invented Li-Fi? The term was coined by German physicist Harald Haas during a TED Talk when he outlined the idea of using lightbulbs as wireless routers. That addre

In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. A Collision Attack is an attempt to find two input strings of a hash function that produces the same hash result. Because hash functions have infinite input length and a predefined output length, there is inevitably going to be the possibility of two different inputs that produce the same output hash. If two separate inputs produce the same hash output, it is called a collision. This collision can then be exploited by any application that compares two hashes together – such as password hashes, file integrity checks, etc. For example, let’s say we have a hypothetical hash function called “Hesh”. A collision attack would first start with a starting input value, and hash it. Hesh(hello) = 89232323 Now the attacker needs to find a collision – a different input that generates the same hash as the previous input. This would genera

Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. A researcher has found a way to exploit popular archival utility WinRAR to remotely execute malicious code on users' computers, without any interaction being required. Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives. A specially crafted hyper text mark-up language (HTML) text file that is parsed and which attempts to download and run potentially mal

DIGITAL INDIA – A Flagship Programme of the Government of India with a vision to transform India into a digitally empowered society as well as a knowledge economy. Yes, I am a proud Indian, and I support Digital India too, but I am absolutely not supporting Facebook's Internet.org Project. Yesterday, Facebook's CEO Mark Zuckerberg and Indian Prime Minister Narendra Modi met at Facebook’s Headquarter. The Historic meeting between PM Modi and Zuckerberg went great. Hours after this event, Facebook launched a tool that allows you to change your Facebook profile picture to a Tricolor shade of Indian Flag, just like few months back 30 Millions Facebook users had changed their Profile picture with Rainbow color to support "Gay Marriages." What would Facebook get in return for supporting Digital India?? India is one of the biggest market for Facebook. Therefore, Facebook’s support for Digital India could indirectly mean to market its Internet.org proj

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks. The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website (you have visited) wants to set a cookie in your browser, it passes a header named “Set-Cookie” with the parameter name, its value and some options, including cookie expiration time and domain name (for which it is valid). It is also important to note that HTTP based websit

Yahoo launches a new open-source project that will allow system administrators to perform URL scanning in order to find the presence of common security vulnerabilities and malicious web content. Dubbed " Project Gryffin ," it will initially launch in beta and will be under the BSD-style license, the type of license that Yahoo likes to use whenever it is launching open source projects. According to Yahoo, Gryffin is a large-scale Web security scanning platform designed to address two specific issues namely Coverage and Scale . Coverage is said to be made up of two dimensions. The first one, crawl, refers to having the ability to find as much of the application's footprint as possible. The second dimension, scan , refers to having the ability to test each application part based on applied set of vulnerabilities. Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing. Crawl's ability is to find as much

Virtual money is officially a commodity, just like crude oil or wheat. So says the Commodity Futures Trading Commission (CFTC), which on Thursday announced it had filed and settled charges against a Bitcoin exchange for facilitating the trading of option contracts on its platform.  CFTC is an oversight committee of the USA, established to protect the interest of the people who have invested in any of the commodities by ensuring the conduct of no malpractices. The commodity swaps are working according to the Commodity Exchange Act (CEA). "In this order, the CFTC for the first time finds that Bitcoin and other virtual currencies are properly defined as commodities," according to the press release. Considering a scenario, by comparing stolen money and stolen Bitcoin (post becoming a commodity), when stolen cash is reused nobody asks the owner of the cash any question but when a stolen product (commodity) like gold or Bitcoin brought for a reuse, that defi

Every message that you send -- be it through WhatsApp, SMS, Email or any such service -- must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies under a draft New Encryption Policy that has triggered privacy concerns. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. The draft National Encryption Policy posted by the Department of Electronics and Information Technology (DeitY) on its website points to some serious considerations that might become rules soon. With the aim to ‘provide confidentiality of information’ and ensure ‘protection of sensitive or proprietary information’, the draft policy, proposed by an so-called ‘expert panel’ from the Department of Electronics and Information Technology (DeitY), requires: Access to your Private Data The government wants to

This is not Google’s finest hour: Following on the heels of news that hacking Android Lollipop is as easy as typing a long string of characters comes word that a string of 16 characters can crash Google’s Chrome web browser — and you don’t even have to type it into the address bar. The bug was exposed by Latvia-based software engineer and security researcher Andris Atteka, who shared his discovery in a blog post. In his example, he used a 26-character string to crash Chrome. However, VentureBeat used this 16-character string, which also crashes the browser:  http://a/%%30%30 To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill t

Facebook is to add a " dislike " button to its social network, founder Mark Zuckerberg has said. In a Q+A session held at Facebook's headquarters in Menlo Park, California, the 31-year-old said the button would be a way for people to express empathy. Facebook CEO Mark Zuckerberg said that the Facebook 'dislike' button is on the way. "People have asked about the 'dislike' button for many years," Zuckerberg told the audience at Facebook's Menlo Park office." Today is a special day because today is the day I can say we are working on it and shipping it." He said Facebook was "very close" to having it ready for user testing. “Not every moment is a good moment, right?” said Zuckerberg at the event. “And if you are sharing something that is sad, whether it’s something in current events like the refugee crisis that touches you or if a family member passed away, then it might not feel comfortable to L

A Security researcher and hacker, named John Gordon , has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M). Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices. The vulnerability, assigned CVE-2015-3860 , has been dubbed as " Elevation of Privilege Vulnerability in Lockscreen ". Attack scenario: Open the Emergency dialer screen. Type a long string of numbers or special characters in the input field untill limit exhausts.Don't forget to copy the long string ,coz it will work as a master key. Now Open camera application and click on setting icon found in notification bar without closing the camera application Now, it will ask to the input the password, paste the earlier copied continuously to the input field of the password, to create an even larger string. Come back to camera and divert yourself towards

Google’s new Google Photos app has a bunch of new features users may appreciate, including automatic categorization and unlimited storage and backup, but the service is far from perfect. On top of the odd software issues you may encounter with face recognition or upload limits, there’s also a more annoying problem you should be aware of: Google Photos keeps uploading pictures to Google’s servers even after if you uninstall the app from your Android phone. Arnott provided a video demonstration showing that after uninstalling the Google Photos app from his Samsung smartphone, the photograph he took off his coffee mug still wound up being synced into his account on the web.     "Months ago, I downloaded the [Photos] app to play with it, but I did not like it and so un-installed the app after just a few days," Arnott tweeted Wednesday.     "This evening, I went back to Google Photos on my laptop and found a crap-ton of pictures I'd taken in the interim. It seems t

A high-level government committee has upheld the concept of net neutrality, but its recommendations have raised some major concerns for consumers and startups. Those hooked to applications like WhatsApp, Skype and Viber may no longer be able to make free domestic calls (barring negligible data charges) through these voice over internet protocol (VoIP) services. However, instant messaging and international calls through these services will remain free, if these recommendations are implemented. The Department of Telecommunications (DoT) has now released a much-awaited report [PDF] on the Net Neutrality issue, recommending the Telecom Regulatory Authority of India (TRAI) to regulate the voice calls conducted by the Internet users of over-the-top (OTT) services. Over 100 pages-long report details the DoT's understanding of Net Neutrality Principles, which has been criticized by consumer groups because it could End Free domestic voice calls offered by apps like WhatsApp and Skype. The

On Monday, Microsoft released Security Updates for all Windows versions including Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later. According to report: Microsoft spokesperson confirmed in an emailed statement that Windows 10 Insider Preview is also affected. What is Remote Code Execution Vulnerability? Remote code execution is a security vulnerability that allows an attacker to execute codes from a remote server. Microsoft Released Update This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section. Patch: Rename ATMFD.DLL For 32-bit systems: Enter the following commands

NASA is going to announce of another earth discovery. NASA is organizing Teleconference by today and will share about its Kepler space telescope latest discovery. The first exoplanet orbiting another star like our sun was discovered in 1995. Exoplanets, especially small Earth-size worlds, belonged within the realm of science fiction just 21 years ago. Today, and thousands of discoveries later, astronomers are on the cusp of finding something people have dreamed about for thousands of years - another Earth. About the Mission: Launched in March 2009, Kepler is the first NASA mission to detect Earth-size planets orbiting distant stars in or near the habitable zone -- the range of distances from a star in which the surface temperature of an orbiting planet might sustain liquid water. The telescope has since confirmed more than 1,000 planets and more than 3,000 planet candidates spanning a wide range of sizes and orbital distances, including those in the habitable zone. What does this m

A serious vulnerability present in every iteration of Apple's desktop operating system since OS X 10.7 — one which allows any user process to gain root privileges — was disclosed to the public on Thursday following the release of OS X 10.10.3, which addresses the issue, and users are urged to update as older OS X versions will remain susceptible to attack. The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser, could be exploited by to circumvent security protections and gain full control of Mac computers. The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system. Users who unwittingly install malware containing exploit code could hand over complete control of their Mac to the attacker, no matter what other security precautions they may have taken. As a result, OS X users are urged to upgrade to Yosemite version 10.10.3 as soon as possible. Apple will not pat

How many Zero-Days do you think could hit Microsoft today? Neither one nor two; this times its Four. Hewlett-Packard’s Zero-Day Initiative greeted Microsoft today with not one but four zero day vulnerabilities located in Internet Explorer, allowing hackers to remotely execute a malicious code on target machine. At first it was thought that these vulnerabilities would affect only desktop version of Microsoft’s very own web browser, however later it was reported that even mobile versions are vulnerable. All the four zero-days originally were reported to Microsoft, affecting Internet Explorer on the desktop. However, later it was discovered that the zero-day vulnerabilities affected Internet Explorer Mobile on Windows Phones as well. Four Zero-day vulnerabilities Disclosed by ZDI Here are the zero-day vulnerabilities, as reported by ZDI:     ZDI-15-359: AddRow Out-Of-Bounds Memory Access Vulnerability     ZDI-15-360: Use-After-Free Remote Code Execution Vulnerability     ZDI-15-361: Use

WordPress users in the Americas woke this morning to find update notices in their inboxes due to a critical security vulnerability. WordPress 4.2.3 was released today and automatically pushed out to sites that have auto-updates enabled. Because this is a security release for all previous versions of WordPress, those who do not have automatic update enabled will need to manually update their sites immediately. Core contributor Gary Pendergast explained the severity of the bug in the release post:     WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.     We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Pendergast thanked all parties reporting vulnerabilities for responsibly disclosing them to

A huge amount of information has been stolen from an online cheating site called Ashley Madison, owned by Toronto-based Avid Life Media (ALM), and portions of information have been posted online by a group or individual identified as Impact Team. The hack was confirmed last week, as reported in Krebsonsecurity.com. The information leak has put users' identities, as well as financial records and other personal information in jeopardy. "We're not denying this happened," Ashley Madison's Chief Executive Officer Noel Biderman said. "Like us or not, this is still a criminal act." The information continues to leak and it will definitely damage the 37 million account holders who frequent the adultery website, which has a slogan, "Life is Short. Have an Affair." Reason behind the Ashley Madison Hack The Impact Team of hackers appears to be upset over a website's service called "Full Delete" that promises to erase a customer&