Sekure4Sure

Beware Windows Users! A new dangerous unpatched Zero-day Vulnerability has been detected in the latest version of WinRAR affects over millions of users worldwide. According to Mohammad Reza Espargham, a security researcher at Vulnerability-Lab, the stable version of WinRAR 5.21 for Windows computers is vulnerable to Remote Code Execution (RCE) flaw. WinRAR is one of the most popular utility program used to compress and decompress files with more than 500 Million installations worldwide. A researcher has found a way to exploit popular archival utility WinRAR to remotely execute malicious code on users' computers, without any interaction being required. Iranian researcher Mohammad Reza Espargham found that it was possible to use WinRAR SFX 2.51 to add malicious payloads that would execute when users decompress archives. A specially crafted hyper text mark-up language (HTML) text file that is parsed and which attempts to download and run potentially mal...

DIGITAL INDIA – A Flagship Programme of the Government of India with a vision to transform India into a digitally empowered society as well as a knowledge economy. Yes, I am a proud Indian, and I support Digital India too, but I am absolutely not supporting Facebook's Internet.org Project. Yesterday, Facebook's CEO Mark Zuckerberg and Indian Prime Minister Narendra Modi met at Facebook’s Headquarter. The Historic meeting between PM Modi and Zuckerberg went great. Hours after this event, Facebook launched a tool that allows you to change your Facebook profile picture to a Tricolor shade of Indian Flag, just like few months back 30 Millions Facebook users had changed their Profile picture with Rainbow color to support "Gay Marriages." What would Facebook get in return for supporting Digital India?? India is one of the biggest market for Facebook. Therefore, Facebook’s support for Digital India could indirectly mean to market its Internet.org proj...

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks. The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as " Browser Cookies ," allowing remote attackers to bypass secure HTTPS protocol and reveal confidential private session data. Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website. HTTPS Cookie Injection Vulnerability Whenever a website (you have visited) wants to set a cookie in your browser, it passes a header named “Set-Cookie” with the parameter name, its value and some options, including cookie expiration time and domain name (for which it is valid). It is also important to note that HTTP based websit...

Yahoo launches a new open-source project that will allow system administrators to perform URL scanning in order to find the presence of common security vulnerabilities and malicious web content. Dubbed " Project Gryffin ," it will initially launch in beta and will be under the BSD-style license, the type of license that Yahoo likes to use whenever it is launching open source projects. According to Yahoo, Gryffin is a large-scale Web security scanning platform designed to address two specific issues namely Coverage and Scale . Coverage is said to be made up of two dimensions. The first one, crawl, refers to having the ability to find as much of the application's footprint as possible. The second dimension, scan , refers to having the ability to test each application part based on applied set of vulnerabilities. Scale is obviously implied for large Web, while Coverage has two dimensions – Crawl and Fuzzing. Crawl's ability is to find as much...

Virtual money is officially a commodity, just like crude oil or wheat. So says the Commodity Futures Trading Commission (CFTC), which on Thursday announced it had filed and settled charges against a Bitcoin exchange for facilitating the trading of option contracts on its platform.  CFTC is an oversight committee of the USA, established to protect the interest of the people who have invested in any of the commodities by ensuring the conduct of no malpractices. The commodity swaps are working according to the Commodity Exchange Act (CEA). "In this order, the CFTC for the first time finds that Bitcoin and other virtual currencies are properly defined as commodities," according to the press release. Considering a scenario, by comparing stolen money and stolen Bitcoin (post becoming a commodity), when stolen cash is reused nobody asks the owner of the cash any question but when a stolen product (commodity) like gold or Bitcoin brought for a reuse, that defi...

Every message that you send -- be it through WhatsApp, SMS, Email or any such service -- must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies under a draft New Encryption Policy that has triggered privacy concerns. If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster. The draft National Encryption Policy posted by the Department of Electronics and Information Technology (DeitY) on its website points to some serious considerations that might become rules soon. With the aim to ‘provide confidentiality of information’ and ensure ‘protection of sensitive or proprietary information’, the draft policy, proposed by an so-called ‘expert panel’ from the Department of Electronics and Information Technology (DeitY), requires: Access to your Private Data The government wants to ...

This is not Google’s finest hour: Following on the heels of news that hacking Android Lollipop is as easy as typing a long string of characters comes word that a string of 16 characters can crash Google’s Chrome web browser — and you don’t even have to type it into the address bar. The bug was exposed by Latvia-based software engineer and security researcher Andris Atteka, who shared his discovery in a blog post. In his example, he used a 26-character string to crash Chrome. However, VentureBeat used this 16-character string, which also crashes the browser:  http://a/%%30%30 To do this, all you need to do is follow one of these tricks: Type a 16-character link and hit enter Click on a 16-character link Just put your cursor on a 16-character link Yes, that's right. You don't even have to open or click the malformed link to cause the crash, putting the cursor on the link is enough to crash your Chrome. All the tricks mentioned above will either kill t...

Facebook is to add a " dislike " button to its social network, founder Mark Zuckerberg has said. In a Q+A session held at Facebook's headquarters in Menlo Park, California, the 31-year-old said the button would be a way for people to express empathy. Facebook CEO Mark Zuckerberg said that the Facebook 'dislike' button is on the way. "People have asked about the 'dislike' button for many years," Zuckerberg told the audience at Facebook's Menlo Park office." Today is a special day because today is the day I can say we are working on it and shipping it." He said Facebook was "very close" to having it ready for user testing. “Not every moment is a good moment, right?” said Zuckerberg at the event. “And if you are sharing something that is sad, whether it’s something in current events like the refugee crisis that touches you or if a family member passed away, then it might not feel comfortable to L...

A Security researcher and hacker, named John Gordon , has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M). Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices. The vulnerability, assigned CVE-2015-3860 , has been dubbed as " Elevation of Privilege Vulnerability in Lockscreen ". Attack scenario: Open the Emergency dialer screen. Type a long string of numbers or special characters in the input field untill limit exhausts.Don't forget to copy the long string ,coz it will work as a master key. Now Open camera application and click on setting icon found in notification bar without closing the camera application Now, it will ask to the input the password, paste the earlier copied continuously to the input field of the password, to create an even larger string. Come back to camera and divert yourself towards...