What are the Deep Web Technologies ???

• I2P – This is an anonymity network which you may find slightly more techie to install and get running, but once you do there are some great tools and apps, including one to make it easier for you to set up your own hidden blog.
• FAI (Free Anonymous Internet) – Based on blockchain technology, this network allows for the anonymous publishing and browsing of content and has a social network style homepage that lets you follow other users, share content with your followers, and tip the creators of content you like.
• FreeNet – One of the older and most highly regarded systems, FreeNet combines deep web with DarkNet. This means that you can maintain a list of trusted peers and either connect to them only, or connect to them in preference to less trusted peers. As far as I know, this gives the highest level of privacy and security of any system, but does require a little more effort to make the most of.
• ZeroNet – Based on torrent technology in combination with Bitcoin encryption, this is a new system which is not well developed but which I think holds promise for the future.

Finding Your Way Around the Deep Web

Finding your way around the hidden interent is just the same as finding your way around the regular internet. You can use a search engine or a directory website like Tor Hidden Wiki which contains a list of interesting links, but is often out of date and is not free from scams.

There is even a search engine specifically for searching hidden services and which allows you to view dot onion websites through a proxy – even if you don’t have TOR installed. It can be found at Onion.City and it is perhaps the easiest and most convenient way to access the hidden internet, but please remember that if you don’t have TOR installed and just use a proxy service like this you aren’t anonymous yourself.

If you are looking for how to access the infamous dark markets then you may like to start off by taking a look at DNStats which offers information about a wide variety of different dark markets including stats about their ‘uptime’, the technology they use, what you can buy there, reviews and more. For more detailed information about how to use these markets please read our article How To BuyThings from Dark Web Markets

For more in depth information about encryption technology and hidden internet applications of all kinds I also recommend browsing the articles on DeepDotWeb from time to time.

Read More

How To Access The Deep Web or DarkNet – A Beginner’s Guide

You may have heard that there is some mysterious hidden internet called the ‘Deep Web’ or the ‘DarkNet’ that you can’t get to from Google, and which is hidden from most web surfers. Perhaps tales of the dark marketplaces selling all kinds of legal and illicit goods anonymously for Bitcoin have picqued your curiosity, and you would like to take a look around and see what they are like. Perhaps you live in a country where social media and ordinary internet sites are censored and you would like to visit a place where everyone is free to speak their mind freely and without fear of repurcussion. Or perhaps you simply care about your privacy and security online and are attracted to the idea of an internet space where users are not constantly tracked, monitored, and analysed by manipulative marketeers, government spies and malicious hackers. All of these are common reasons why people become interested in visiting this hidden, anonymous internet space – but if you are like 99% of people you probably don’t have a clue how to access the so-called ‘darknet’ or ‘deep web’.

Many people find the idea of even trying to access and use the deep web a little bit intimidating and scary, and if you are a complete beginner to this kind of stuff you are probably feeling the same. You may be concerned over what you will see, who you might meet, or what other concequences there may be for using something so strongly linked in the popular imagination to illicit activity. Please do not worry. You will not find anything which you haven’t looked for, and the beauty of the darknet is that nobody you meet will know who you are – you are just another anon – and there is a great security in that. You will be safe and you will suffer no negative consequences for visiting the darknet. You will also have no technical trouble learning how to access the darknet and find your way around once you have read this beginner’ guide which will hopefully tell you everything you need to know!

 How To Access The Deep Web or DarkNet – A Beginner’s Guide

As stated above, the deep web is not a single location, but a whole class of different locations which share one thing in common – that they are hidden from search engines and regular internet users. Different areas of the deep web therefore have different requirements for you to be able to access them, and any technology which you use will only give you access to its specific area of the hidden internet. Having said that, there is a very small number of technologies used to create what is popularly called the ‘deep web’ or ‘darknet’, and one in particular which the vast majority of people use – TOR.

TOR is an acronym which stands for ‘The Onion Router’. It got that name because of the many layers you would have to peel back to find the real identity of any of its users.

Tor is primarily a ‘privacy network’ which lets people use the regular internet without being tracked. It does this by bouncing communications around a lot of different computers, so rather than user A asking for a webpage from server Z, user A asks user B to ask user C to request the webpage (of course this is a massive simplification and is pretty inaccurate really, but it does give you are rough idea of what is happening). This means that any third party who is trying to spy on people will find it very difficult to tell who is actually viewing the webpage, or sending the email, or whatever it may be.

In addition to this enhanced privacy for web browsers, TOR also offers a way for people to host ‘hidden services’. A TOR hidden service is  a website or app of some kind whose location is hidden in exactly the same way that the true location or identity of web browsers is hidden by TOR in the example above. These hidden services can only be accessed by other TOR users – not by regular search engines or regular internet users. You can recognize them by their address – it will end in .onion and is often composed of a seemingly random string of characters. Once you have TOR installed on your computer you can visit these hidden services, which include the infamous dark markets where bitcoin, drugs and hacked credit card details are ubiquitous, in exactly the same way that you would access a regular website.

Installing TOR on your computer is incredibly simple. It is no different from installing any other piece of software. It is also very easy to use – when you open TOR you will see that it is just a web browser which you use exactly the same way as you would any other web browser. In fact, it is based on Firefox so if you have ever used that browser you will find it to be very familiar indeed. For those in need of more rigorous privacy and security there is also a TOR operating system called TAILS (The Amnesiac Incogneto Live System) which you can run from a USB stick, but for most people the browser is sufficient.

You can download the TOR browser here.

Using a VPN with Tor

Virtual Private Networks or VPNs are another kind of privacy software which masks your IP address (hiding who you are) but do not allow you to access hidden deep web sites.

Some users make use of a VPN in addition to Tor, in order to hide the fact that they are using Tor. This is not necessary, but some people just want that extra level of privacy. I recommend IPVanish if you’re looking for a VPN that works well with Tor and provides an excellent service for a fair price.

Read More

iPhone apps can secretly take your photos or videos at any time without you knowing

Camera Permissions of iOS apps allows it to secretly take photos or videos of you

As disturbing and scary as it may sound, an Austrian software engineer has discovered a vulnerability in iOS apps that allows Apple’s iPhones and iPads to secretly record the users without their knowledge thereby raising concern over Apple’s iOS 11 privacy settings. In other words, the security loophole in iOS apps allows the devices to take pictures and videos, record the user at any time and upload the pictures/videos without notification when the users grant permission to apps to access their cameras.

To explain the loophole (see video below), the developer Felix Krause created the watch.user concept app that requested access to his camera initially. Once Krause granted permission, the apps were able to access the front and back cameras and record videos and take photos every second as long as the app was open in the foreground.

According to Krause, once the user has taken and posted one picture or video via a social network app, the user ends up granting full access to the camera. This means that the rogue app can access the front and back camera any time when it is running. It would also be able to immediately upload the photos and/or videos it has taken. The iPhone does not notify that the camera is being used or that the photos are being uploaded to the internet.

“iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo),” Krause explained on his blog. “These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent.”

Granting permission to access your camera in Apple’s latest operating system, iOS11 means that malicious apps could use the software’s facial recognition system to secretly detect the emotions of users.

While Krause isn’t claiming that particular iOS apps are abusing their access to your camera, he is simply highlighting the way Apple has set up its permission system and how apps could spy and collect more information than required.

In order to protect yourself from any hack, Krause offered a few solutions. “The only real safe way to protect yourself is using camera covers: There is many different covers available, find one that looks nice for you, or use a sticky note (for example),” he wrote. “You can revoke camera access for all apps, always use the built-in camera app, and use the image picker of each app to select the photo.”

Krause has contacted Apple regarding the privacy issue on iOS. He suggested that Apple could find a way to bring in a system of temporary permissions to stop any malicious apps interfering with users cameras, or show an icon on the status bar indicating that the cameras are active, or introduce an LED light near the front and back camera that would blink every time the camera is in use thereby alerting the users that they are being recorded. This would in turn help the users take the necessary steps to protect their privacy.

Read More

CryptoPay Wants to Radically Change How You Use Your Cryptocurrency

The last month has seen an unprecedented migration of funds into the cryptocurrency market.  Cryptocurrency prices have spiked, even accounting for last week’s setback after the Chinese government ban on ICOs, and new users are coming in droves.

These new users are not like traditional tech-savvy crypto enthusiasts. They are non technical investors seeking gains from the new asset class. Take, for example, the burgeoning rise in exchange clientele. And these investors are seeking new and better ways to use their Bitcoin.

CryptoPay is poised to radically change the way consumers and investors use Bitcoin, whether as currency or as asset.

Already Leading

CryptoPay is already the industry leader in Bitcoin transactions. Starting in 2013, CryptoPay created the industry standard in Bitcoin wallets, and started moving forward in the cryptocurrency world.

However, CryptoPay realized that the need for a Bitcoin exchange was pressing, and so by 2014, they had created the industry standard in exchanges, used by Bitcoin enthusiasts around the globe. The exchange offered new and better ways of buying and holding Bitcoin and other currencies, making it popular among users.

Again, CryptoPay realized the need for change, and was one of the first to create a Bitcoin debit card which allowed clients to use ‘flex’ accounts, rapidly converting Bitcoin into USD, GBP or EUR. These options created unprecedented flexibility for consumers when using their Bitcoin.

Finally, CryptoPay realized that buyers were being well cared for, but merchants were not, and so decided to create a robust payment gateway for transactions. Starting in 2016, CryptoPay began allowing merchants to receive Bitcoin as payment without having to transfer the funds into fiat currencies, and thus allowing for better transaction speed and smoothness.

Having led the way in all these areas, CryptoPay has become one of the most well-known and appreciated names in the Bitcoin community. Holders, buyers, and merchants are moving to CryptoPay to get more from their cryptocurrency investments.

Adding More

With extensive market knowledge, and strong technical and business success, CryptoPay is the best choice to move the industry forward. CryptoPay has recently announced that it will add additional and unprecedented features to it’s portfolio of services.

First, the company has stated that it will create a new brokerage for investors. The new stock exchange will allow customers to buy stocks and bonds, have access to real financial markets, and invest in indices, all without leaving their CryptoPay account or providing bank details. The brokerage will also allow users to leverage their current portfolio holdings of Bitcoin up to four times for the purpose of investment.

Second, CryptoPay has announced that they will begin offering bank accounts that are cryptocurrency friendly. Users will be able to get accounts in customers’ names, with GB international bank account numbers. This will allow users to make and receive third party payments into their accounts without conversion into or out of cryptocurrencies.

Finally, CryptoPay will offer a new and improved Peer-to-Peer platform for managing ICOs and investment services. The P2P network will be a full stack blockchain fundraising platform, created by CryptoPay to offer full financial services within the CryptoPay ecosystem. The platform will allow users to have access to full ICO underwriting, book running, and much more.

ICO Ahead

In order to create these systems, CryptoPay has announced its coming ICO, which will begin with partners calls starting September 25, followed by a week of presale, and finally concluding with a public sale from October 2 to November 30. While many ICOs are run by companies with a good idea but no track record of business, CryptoPay is different.

The company has studied the market place and has discovered the areas where the cryptocurrency market is weak. Plus with an existing and thriving book of business, CryptoPay can leverage their current marketing into the new features the ICO will help to create.

It’s clear that blockchain and Bitcoin are here to stay, and will eventually change the way we think about finance and currency. CryptoPay is leading the charge in creating and promoting new vehicles for Bitcoin usage for new and old Bitcoin enthusiasts alike.

Read More

WhatsApp finally lets you recall messages sent by mistake for all users

You can now use unsend feature to delete embarrassing messages on WhatsApp

Finally, the wait for WhatsApp users is over, as the popular messaging service has introduced a new function that allows the option of deleting messages sent by mistake to save you from those face palm or embarrassing moments.

The Facebook-owned messaging app is rolling out a new message recall feature called “Delete for everyone (or Delete for me)” for iOS, Android, Windows Phone users that lets you remove specific messages forwarded in group and individual chats that you didn’t really want to send, reports website .

The Delete for Everyone feature works on all types of messages including text messages, images, videos, GIFs, documents, voice messages, contact cards, and more.

However, the new feature is not yet available to everyone, as the rollout of Delete for Everyone is proving “very slow”, according to WABetaInfo. WhatsApp has provided more details about the new feature on a FAQ page.

To delete messages for everyone

Deleting messages for everyone allows you to delete specific messages you have sent to either a group or an individual chat. This is particularly useful if you sent a message to the wrong chat or if the message you sent contains a mistake.

Messages you successfully delete for everyone will be replaced with “This message was deleted” in your recipients’ chats (*). Similarly, if you see “This message was deleted” in a chat, it means that the sender deleted their message for everyone.

In order to use the new feature to Delete Message For Everyone, you need to follow the below steps:

1. Open WhatsApp and go to the chat that contains the message that needs to be deleted.
2. Tap and hold the message > choose Delete from the menu. You can also select multiple messages at once to delete them.
3. Tap Delete > Delete for Everyone.

However, there is a snag to the unsend feature, as you have only up to seven minutes to delete messages for everyone after sending them. To fully enjoy the feature, you and your recipient must be using the latest version of WhatsApp for Android, iPhone or Windows Phone. This means that your recipient will still end up seeing the offending message if they are using an older version of the software. Also, your recipient may see your message before it’s deleted or if deletion was not successful. You will not be notified if the delete for everyone was unsuccessful. Additionally, this feature doesn’t work in case of broadcast messages.

How to Delete Message For Me

Delete Message For Me allows you to delete your copy of messages that you have sent or received from your phone. Your recipients will still see the messages in their chat screen, as this has no outcome on your recipients’ chats.

1. Open WhatsApp and go to the chat that contains the message that needs to be deleted.
2. Tap and hold the message > choose Delete from the option. You can also select multiple messages at once to delete them.
3. Tap Delete > Delete for me.

Read More

With the advancements in Cyber Security

Hackers and DDoS are more Prevalent than ever

016 has had its fair share of record-setting cyberattacks and security breaches emphasizing how much the security landscape has evolved. Cloud-based application delivery platform Incapsula reported a massive 650 Gbps distributed denial-of-service (DDoS) attack on its network.

Today, things are much worse.

2017 has been the worst year to date with increasing number of DDoS attacks.

The Attack

Let’s look at some history.

The aforementioned attack happened just before noon of December 21, aimed at several anycast IPs on its content delivery network. The attack did not appear to be focused on a single target; however, this might be due to the target’s IP being masked by the service. It was likely the attacker then opted to take down the service instead.

The attack lasted two rounds for a total of 37 minutes. The first round peaked at 400 Gbps while the second hit harder peaking at an Incapsula record 650 Gbps. The attacks used spoof IP addresses cleverly masking from which geolocation the attack originated.

The attack used SYN packets to deliver the payload. Upon analysis, Incapsula discovered a “signature” wherein the TCP Options headers spell out 1337, prompting the company to name it “Leet”. It is possible that similar or future attacks may be identified through this signature, and the company speculates that this may be a new botnet.

Mirai vs. Leet

Earlier last year, security website Krebs on Security suffered a massive 620 Gbps DDoS attack that prompted its security partner to drop its free support for the website. French hosting provider OVH has also reported a combined 990 Gbps DDoS attack on its network. Internet services provider Dyn was also hit by a massive DDoS attack that also brought down services like Twitter and Spotify.

These attacks were carried out using the Mirai botnet that exploited Internet-of-Things devices such as cameras and similar connected devices to deliver payload. New research published by security firm Symantec revealed that the poor security on IoT devices is partly to blame for their use in such threats. Many of these devices have lower computing capabilities and are thus incapable of running sophisticated protection against attacks.

With this new Leet botnet, it is still unknown if it also uses IoT devices in carrying out the attack. Mirai does not carry out large SYN attacks. It delivers payloads of randomly generated strings while the Leet botnet uses structured system files. What’s clear is that the Leet botnet can deliver the scale and size of Mirai’s record setting attacks.

Everyone Beware

Cost of downtime for businesses caused by DDoS attacks can run from $20,000 to $100,000 per hour. The impact of attacks may extend beyond downtime as DDoS can also result in lost customers, damaged reputation, and even substantial amounts paid to extortion.

Concern over DDoS should not be confined to larger organizations, as everyone is bound to be affected by such attacks. Attackers do not discriminate in terms of organizational size, and smaller businesses are left vulnerable due to IT security being less of a priority to them.

The threat of DDoS used to come from criminals and syndicates who want to extort money from businesses. With the latest reports, it appears that the motives now are more grand and nefarious. As attackers’ tools and resources become wider and more complex, attacks can be easily launched at any time.

Services like Incapsula are able to thwart and absorb such a massive attack. However, experts anticipate future attacks to be even more massive and complex. This leaves security firms vigilant in improving their capacity to thwart even bigger and perhaps simultaneous attacks in the future.

Security: Everyone’s Responsibility

All businesses that rely on the Internet should have security plans in place to prevent IT security breaches from happening. Educating staff on proper network and device use to prevent malicious software from compromising devices is a must. Network operations teams should also have monitoring and response plans ready so that they can readily react when such attacks occur.

It does not end with security providers. With the inclusion of IoT as attack vectors, even end-users may find their own devices contributing to the problem. Responsible users should invest in devices with adequate security features. It should be standard operating procedure to change the default administrator or root passwords to prevent breaches.

In this connected world, everyone has a part in contributing to security. With the advancement in technology, blockchain might be the solution to such attacks.

Read More

Samsung patents a pressure-sensitive in-display fingerprint reader for its upcoming Galaxy Note 9

Samsung’s in-display pressure-sensitive fingerprint scanner almost ready for Galaxy Note 9

Samsung drew the ire of many of its users when it decided to kill the Home Button on its Galaxy S8 and Galaxy Note 8. The users are largely complaining about the awkwardly placed fingerprint reader next to the camera on the back of the Galaxy S8 line-up making the South Korean giant think of a solution.

According to a new report from SamMobile, Samsung has filed for a patent with Korea’s Intellectual Property Rights Information Service (KIPRIS), the country’s patent office, for a pressure-sensitive in-display fingerprint readerfor its upcoming device next year. While there were reports of people speculating the inclusion of new pressure-sensitive in-display fingerprint reader in the Galaxy S9 and S9+, a recent tweet from a former Samsung executive indicated that this feature could be introduced in its next 2018 flagship smartphone, Galaxy Note 9.

This only confirms the high chances of a pressure-sensitive fingerprint reader being integrated within the display of a Galaxy Note 9, as Samsung already wanted to include this feature in its recent S8 smartphone releases. However, Samsung was not happy with the technology, as the brightness of the display was uneven when it was test on a Galaxy Note 8’s display, which prompted the tech giant to postpone this idea before the release of the S8 line-up.

Samsung had hit a low due to the debacle of Galaxy Note 7 but was revived at the right time with its recent Galaxy Note 8 release. Apparently, Samsung would want to play it safe and hit the right buttons when it launches Galaxy Note 9. Whether or not will the pressure-sensitive in-display fingerprint reader be included in Galaxy Note 9 only time will tell. Until then, keep watching this space for more updates!

Read More

Oracle Announces Java SE 9 and Java EE 8

Oracle releases Java SE 9 and Java EE 8

Oracle Corp. has just announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). In other words, these releases have set the stage for faster releases and more open source engagement from now on.

JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved along with Java EE 8 in the Java Community Process (JCP). On the other hand, with updates to eight major specifications, Java EE 8 looks to streamline and simplify the Java EE platform for the cloud and micro services.

Java SE 9

The star feature of Java SE 9 is the Java Platform Module System, also known as Project Jigsaw, whose goal is to help developers reliably assemble and maintain sophisticated applications. The module system also makes the JDK more flexible, as it allows the developers to bundle only those parts of the JDK that is required to run an application when deploying to the cloud.

“Java SE 9 is the result of industry-wide development involving open review, weekly builds and extensive collaboration between Oracle engineers and members of the worldwide Java developer community via the OpenJDK Community and the JCP,” said Georges Saab, vice president of development for the Java Platform Group at Oracle. “This version of Java SE will provide millions of developers the updated tools they need to continue building next-generation applications with ease, performance and agility.”

Java SE 9 has 91 new features to offer, which includes modularisation and quite a few improvements that look to bring enhanced security, better performance management, and more scalability. However, Oracle reckons its best features are:

jshell delivers an interactive Read-Eval-Print-Loop tool to evaluate declarations, statements, and expressions of the Java programming language along with an API, which allows other applications to leverage this functionality. It also makes easier for developers to explore APIs and try out language features.

Improved Javadoc, which makes it easier for developers to learn new APIs by adding a search box to API documentation generated by the standard doclet, which can be used to search for program elements and tagged words and phrases within the documentation. It can also be used to search information on which module defines each class or interface.

Streams API enhancements, by adding methods to conditionally take/drop items from a Stream, iterate over a Stream’s elements, and create a Stream from a nullable value while expanding the set of Java SE APIs that can serve as sources for Streams, thereby improving developer productivity.

Oracle has also announced several changes to how Java SE and Java EE will be developed and released going forward.

For Oracle Java SE, Oracle is planning to move to a 6-month release cadence using a time driven release model instead of a feature driven release model. Mark Reinhold, the Chief Architect of the Java Platform Group at Oracle, proposed that the Java SE Platform and the JDK go from “the historical feature-driven release model to a strict, time-based model with a new feature release every six months, update releases every quarter, and a long-term support release every three years.”

With this change, Oracle will be providing OpenJDK builds under the General Public License (GPL). Further, Oracle will also be contributing previously commercial features to OpenJDK such as Java Flight Recorder in Oracle JDK in order to make Oracle JDK and OpenJDK more aligned.

Java EE 8

From now on, Java EE technologies will work under the supervision of the Eclipse Foundation. To make this possible, Oracle, Eclipse and other community members are currently working out the details behind the technology transfer and ongoing governance and process.

Mike Lehmann, vice president of product management at Oracle said that “Today’s major release of the Java Platform Enterprise Edition is one we think developers are going to be excited to use by open sourcing Java EE technologies to the Eclipse Foundation, we have set it up for ongoing success in the future. Oracle is committed to working with the Java EE community and the Eclipse Foundation to continue enterprise Java innovation, support and evolution.”

Important features in Java EE 8 include:

• HTTP/2 support in Servlet 4.0
• New JSON binding API and various enhancements in JSON-P 1.1
• Expansion of JAX-RS to support Server-Sent Events and a new reactive client API
• New security API for cloud and PaaS based applications
• Multiple CDI enhancements including support for asynchronous events

Read More

iPhone 8 Plus reportedly cracked open while charging, claims Taiwanese reports

Not even in the wildest dreams one would have thought that in spite of coughing up a huge amount for iPhone 8 Plus, one would in return get a cracked open iPhone screen. That’s what has happened in two separate incidents, when the iPhone 8 Plus reportedly cracked open while charging.

Apple would have not thought of following the embarrassment that Samsung had gone through last year when several incidences of Galaxy Note 7 exploding due to faulty batteries were reported. In case of iPhone 8 Plus too, faulty or damaged batteries are suspected to be the reason behind the devices to crack open.

One victim in question is Ms. Wu, who had recently purchased her gold 64GB iPhone 8 Plus, and had reportedly been in use for five days, reported the Taiwanese media. According to Wu, the iPhone screen started bulging upward and detaching from the chassis just three minutes into charging. She confirmed that she was charging the device using the original cable and adaptor. The current mobile phone is in possession of Apple for analysis.

In another incident reported by a man in Japan said that the iPhone 8 Plus was shipped to him with the screen detached. It was purportedly in such a condition in the box when it arrived.

Read More

Nvidia CEO says Moore’s Law is dead, GPUs will soon replace CPUs

Jensen Huang, founder and CEO of Nvidia in a talk at the GPU Technology Conference (GTC) 2017 in Beijing, China said that Moore’s Law is dead because it cannot keep pace with advancements in GPU design.

What is moore’s law?

Moore’s Law is the observation made by Gordon Moore, co-founder of Intel, in 1965 that the number of transistors per square inch on integrated circuits had doubled every year since the integrated circuit was invented. Moore predicted that this trend would continue for the foreseeable future. However, the pace has slowed down a bit in the subsequent years, but data density has doubled approximately every 18 months.

Speaking on the topic of “AI: Trends, Challenges and Opportunities,” Huang claimed to be the first major semiconductor company head to claim that Moore’s Law is dead.

Since the CPU transistors have grown at an annual pace of 50%, the performance has only been enhanced by 10%, Huang said. As advanced parallel-instruction architectures for CPU can be barely worked out by designers, GPUs will soon replace CPUs, he added.

Huang added that Alibaba, Baidu, Tencent, JD.com and iFLYTEK, the top 5 ecommerce players in China, have accepted Nvidia Volta GPU architectures to support cloud services. Additionally, HGX-based GPU servers have been deployed by Lenovo and Huawei.

Huang also said that Nvidia’s GPUs are the perfect solution for AI-based applications, suggesting he believes GPUs are set to play a larger role in certain aspects of computing, rather than replacing desktop CPUs completely. He showed faith in Nvidia’s GPUs and claimed that they will be able to replace CPUs in the upcoming years.

Intel has disagreed with Huang’s comments in the past too. “In my 34 years in the semiconductor industry, I have witnessed the advertised death of Moore’s Law no less than four times. As we progress from 14 nanometer technology to 10 nanometer and plan for 7 nanometer and 5 nanometer and even beyond, our plans are proof that Moore’s Law is alive and well,” said CEO Brian Krzanich last year.

Read More

A new Android banking Trojan has been discovered

Security researchers from SfyLabs have discovered a new Android trojan called “Red Alert 2.0” that has been created and distributed over the past several months by a new threat actor. The capabilities of the malware are similar to those of other Android banking Trojans, such as the use of overlays to steal login credentials, or SMS control and contact list harvesting.

The Red Alert trojan has many new features to ensure that it still effective. The malware can block and log incoming calls of banks, which could affect the process of fraud operation departments at financials that are calling victims on their infected smartphone about a possible malicious activity.

The trojan also uses Twitter to evade losing bots when the C2 server is taken offline. If the bot fails to connect to the hardcoded C2 it will recover a new C2 from a Twitter account. We have noticed this feature before in the desktop banking trojans, but it’s the first time to see it occurring in an Android trojan.

According to SfyLabs:
“The shift of malware campaigns from desktop (Windows) to mobile (Android) seems largely related to the fact that these days most transactions are initiated from mobile devices instead of the desktop. This motivates actors to invest in developing solutions that target Android and have the same capabilities as the malware variants that have been evolving on the desktop for years. “

Read More

Several WordPress Sites Hacked via Recently Patched Flaw

A critical vulnerability disclosed last week by the WordPress developers was already exploited and thousands of websites are already hacked, the security firm Sucuri warned on Monday.

At the end of last month, WordPress 4.7.2 was released.The developers of the popular content management system (CMS) informed that the latest version has patched three vulnerabilities, including cross-site scripting (XSS), SQL injection and access control issues.

Just roughly one week later, the developers admitted that the version 4.7.2 patched yet another flaw, described as the unauthenticated privilege escalation and the content injection vulnerability affecting REST API. This security hole allows a hacker to modify the content of any post or page on the targeted site.

This flaw, identified by the researchers at Sucuri, was already disclosedone week after the release of WordPress 4.7.2 just to give users enough time to patch their latest installations. However, according to Sucuri, many of the WordPress websites still have not updated.

Sucuri has tracked four different defacement campaigns. They started seeing the first attacks leveraging this vulnerability in less than 48 hours after the official disclosure.

In one of these campaigns, the attackers replaced the content of more than 60,000 web pages with their “Hacked by” messages. In the other three operations, two of which are sharing a single IP address, have each targeted nearly 500 pages.

The SecurityWeek has noticed that some of the compromised websites have also been re-defaced by a fifth actor. Fortunately, some of the affected sites have already been cleaned up and updated to WordPress 4.7.2.

“There’s already a few exploit attempts that try to add spam images and content to a post. Due to the monetization possibilities, this will likely be the #1 route to abuse this vulnerability,” explained Daniel Cid, CTO and founder of Sucuri.

The company’s WAF network has seen an increasing number of exploit attempts, reaching nearly 3,000 on Monday.

1.5M Unpatched WordPress Sites Hacked

.

Experts say that the attackers have taken a liking to content-injection vulnerability that is disclosed last week which is patched in WordPress 4.7.2. It has been exploited to used to deface 1.5M sites so far.

This issue has evolved into “one of the known worst WordPress related vulnerabilities to come up in some time,” researchers at WordFence, a Seattle-based firm that makes WordPress security plugins, said on Thursday.

WordPress has silently patched this issue. An unauthenticated privilege escalation vulnerability in the REST API endpoint, which is when it pushed version 4.7.2 on Jan. 26. A core developer with in the CMS said the following week that they waited to disclose this vulnerability to ensure that millions of more sites could deploy this update. WordPress has a feature which automatically updates the CMS on the majority number of sites, but some users choose not to use it and test updates before applying them.

Mark Maunder, the WordFence’s Chief Executive Officer, said that researchers have seen the biggest spike in attacks on this Tuesday when the company has blocked roughly 13,000 attacks from campaigns which are 20 and different.

The reason for the influx, Maunder said, is because at the beginning of the week attackers refined their attacks to bypass a rule that WordFence and other companies had implemented. While WordFence was quick to engineer a new rule to prevent the bypass, attackers were still able to succeed in infecting a slew of sites–more than 800,000 over a 48-hour period from Tuesday to Wednesday–he said.

In some instances, hackers are competing to compromise sites that haven’t yet applied the fix. WordFence researchers claim they’ve come across some sites where multiple hackers attempt to take credit on multiple pages for hacking them. The defacing and re-defacing will likely continue until those sites apply the 4.7.2 fix, Maunder says.

Read More

Several vulnerabilities have been patched in WordPress

WordPress 4.8.2 is now available. The new security release came with several patches that fix 9 vulnerabilities affecting version 4.8.1 and earlier, including cross-site scripting (XSS), SQL injection, path traversal and open redirection vulnerabilities.

The SQL injection vulnerability has been discovered and reported by Slavco, the issue exists due to the $wpdb->prepare() can generate unexpected and unsafe queries leading to possible SQL injection. The core is not directly vulnerable to this flaw, but they have added hardening to stop plugins and themes from accidentally causing a vulnerability.

Five XSS vulnerabilities that affect oEmbed discovery, the visual editor, the plugin editor, template names and the link modal. The vulnerabilities have been discovered by security researchers and a member of the WordPress Security Team, the flaws were patched in the latest version of WordPress 4.8.2.

Two path traversal vulnerabilities that affect the customizer and file unzipping code have discovered and reported by another member of the WordPress Security Team and Alex Chapman.

The last one is an open redirect vulnerability that was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).

WordPress is reportedly the most popular website management or blogging system in use on the Web, supporting more than 60 million websites.

Read More

Top 10 WiFi Penetration Testing Tools Used by Hackers

Many people come in search of us for WiFi penetration testing tools. This post is especially for those who is in need of WiFi hacking tools.

Note: We are not responsible for any damage that cause you. Make sure you use these tools for experiment purposes only in controlled environment.

1.Aircrack

Aircrack-ng is the next generation of Aircrack with lots of new features and  mainly used by hackers to hack WiFi connections. Aircrack-ng is an 802.11 WPA-PSK and WEP  keys cracking program that can recover keys. Aircrack-ng cracks WEP keys using the FMS attack, PTW attack, and dictionary attacks, and WPA using dictionary attacks.

2.AirSnort

AirSnort supports both Windows and Linux operating system  but there is no longer updates for this tool. It is popular tool for decrypting WEP encryption on a Wi-Fi 802.11b network. This tool might be outdated, but still you can download it free on sourceforge.

3.Kismet

Kismet another great software used as network detector, packet sniffer for 802.11 a/b/g/n layers. This software support Linux, OSX, Windows and BSD platforms. It identifies networks by collecting packets and detecting standard named networks and detecting hidden networks.

4.Cain and Able

Cain and Able best, recommended and popular tool for password sniffing. It recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks and more options. It can also recover wireless network keys by analyzing routing protocols.

5.WireShark

Wireshark is a free and open-source packet analyzer. It can capture live data from Ethernet, IEEE 802.11, ATM, Bluetooth, USB and many others. It supports Linux, Windows, OSX, Solaries, FreeBSD and others.

6.CommView for Wi-Fi

CommView for WiFi is a powerful wireless network monitor and analyzer.It works on 802.11 a/b/g/n/ac networks. It supports Windows 7/8/8.1/10 both 64 and 32 bit versions. It scans the air for WiFi stations and access points. It can view detailed IP connections statistics: IP addresses, ports, sessions, and much more!

7. Airjack

AirJack is a device driver (or suit of device drivers) for 802.11(a/b/g) raw frame injection and reception. It is ment as a development tool for all manor of 802.11 applications that need to access the raw protocol.

8.inSSIDer

inSSIDer, free tool which displays every wireless hotspot’s MAC address, encryption, signal strength and channel. This tool was opensource long back but now it cost $19.99. This software received award as “Best Opensource Software in Networking”.

9.WepAttack

Wepattack is an open source Linux tool for 802.11WEP keys. This tool is based on dictionary attack on WEP keys in WLAN networks.

10.NetStumbler

Last but not the least, NetStumbler is also called as Network Stumbler used in Windows to detect Wireless LANs using 802.11 b/a/g networks. Down version of the tool is available and also knows as MiniStumbler

Note: We cannot provide links for the above penetration testing tools, because few of those software contains virus, so kindly google it.

Read More