Tuesday, September 30, 2014

Windows 10 Unvieled; Microsoft Skips Windows 9 to Emphasize Advances

Microsoft officially unvieled the next version of Microsoft Windows OS , named Windows 10. Microsoft says it'll be "the most comprehensive platform ever", featuring a full range of products that'll be placed under the Windows 10 family as part of "one tailored experience."

 Windows 10 represents the first step of a whole new genearation of windows. it provides its customers a new place to work , play and connect. Windows 10 will run onthe broadest type of devices ever , from the smallest Internet of Things (IoT) to enterprise data centers worldwide. including handheld, touch and non touch devices.
Windows 10 bring the familiarity of Windows 7 and combine it with the functionality of Windows 8.
Lets talk about each feature: 

Start bar


 A series of Live Tiles can be found in the Start Menu at the right side, as in the Windows 7 with a set of pinned and frequent apps on the left side, along with web and app search below. The tiles as well as the Start menu can be resized in Windows 10.

Taskview

For users with multitasking, a new feature is introduced in Windows 10 called "the task view," which shows all of the apps that are running in each virtual desktop; your current desktop is primarily shown on the screen, but you'll see a few thumbnails down below that give you the option to switch between desktops (or add a new one, if you prefer).

Command prompt

They have added new features in the command prompt so that we can copy and paste text in and from the command prompt using the keyboard shortcuts "Ctrl+C" and "Ctrl+V". They have provioded a work flow between the applications and the Syatem.

 They want to make people productive by using Windows 10

 They are on a feature named "continueum" to enhance mouse/keyboard use with touch to improve the experience for using Windows 10 as a tablet and a laptop.

They have started a insider program for developers to check the new Windows 10. The developer preview will be availabe to download tommorow.

Thursday, September 25, 2014

What is the Shellshock Bash vulnerability and how it affects you ?

You must have heard about a new bug found in the Bash shell. Are you Wondering about what is it...
Bash stands for Bourne-Again SHell. It's a computer program that allows users to type commands and execute them on Mac OS X and Linux Systems. Bash has been since the 80s, and is used by system administrators and computer programmers. It can be accessed remotely to configure, repair and diagnose servers without physically being there. So Bash is used in most of the servers. 

 So how does this bug works...
Open the Terminal and run this line of code in your Linux Machine:
env x='() { :;}; echo Vulnerable' bash -c 'echo Update ur PC'
The "env" command sets an enviournment variable, and then executes a command based on that enviournment. The variable 'x' if used in the second echo then the value of 'x' will be echoed at the position ' $x '. In this case the variable 'x ' isn't used in the second echo. So naturally, the " echo Vulnerable " command must be ignored. But, If you are vulnerable to the Shellshock Bash vulnrerability, then the malicious string " '() { :;}; echo Vulnerable' " starts working by taking advantage of the bug, and starts running the command (echo Vulnerable) automatically. 
In a real attack, the code will be relaced with malicious codes to remotely use your system to run a spyware, to spy on you, take your passwords and much more ...
To solve this problem, update your PC. 

Bash Shell flaw makes Linux and Mac OS X to attack

A new bug is found in the Bash shell which makes it open to attack. Machines running in Linux  and Mac OS X are vulnerable to this attack. Researchers have discovered a flaw in the Unix command shell (bash) that lets attackers run any code they want as soon as the shell starts running so that they can get control of any internetworked devices and web servers which runs bash command, they can remotely acess your system. Android phones are not vulnerable because they use a Bash alternative (Almquist shell).

 Patches are availabe online to get updated and be error free from this 'bash' vulnerability. Linux varients ( Redhat, Debain etc. ) are providing update to this flaw. You can check if your system is vulnerable or not by using this code in your terminal.

 env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

 If it returns the word "vulnerable" then your system is Vulnerable. If its says so Don't get worried. Just update your OS, the vulnerability will be removed.

Saturday, August 23, 2014

Microsoft unveiling Windows 9 on September 30th



Microsoft is going to unveil its next major version of Windows OS, named Windows 9 or Windows “Threshold"—as it's currently code-named—at a press event on September 30 or soon thereafter, according to technology news website The Verge.

Windows 9 is expected to come with a wide range of improvements, including a "mini" Start Menu, separate windowed Metro-style apps running on the desktop, and support for virtual desktops. They are planning to remove its Charms bar which was debuted on Windows 8.

Microsoft is also adding support to Virtual Desktops, as Apple’s OS X virtual desktops. These Virtual desktops will allow users to create separate active desktops and switch between them easily.

Microsoft is trying to improve the mouse and keyboard experience and making the Windows users pleasing with its focus on the form factor.

The public preview version of Windows 9 will be released before the end of this year, to test its new features and is expected to release in April 2015.

Wednesday, August 20, 2014

Simplest Way To Bypass YouTube Filters !







                                                     

                                                                    
My college recently added education filters to YouTube so that we students can only watch Educational Videos. And for student nothing more can irritate us this much .
So here is a Very simple bypass of YouTube filters .
Instead of using www.youtube.com use https://www.youtube.com/?gl=IN that’s it you have now successfully bypassed YouTube filters ! 

Tuesday, August 19, 2014

DoSing Pebble SmartWatch And Thus Deleting All Data Remotely




                                           Pebble Dos Vulnerability




                                                                                           Hemanth Joseph
                                                                       hemanthvjoseph@gmail.com



            During my recent security research on Pebble Smart watch and its Android/iOS application, I found one critical Dos vulnerability by which we can delete all data’s, apps, notes, and other information stored in it remotely .

About Pebble Smart Watches !


              Pebble smartwatch is developed by Pebble Technology Corporation and is released in 2013 . It is considered as one of the BEST Smart Watch available out there and is compatible with Android and iOS . Over 10 lack units of Pebble sold as of July 2014 .


 



Pebble Dos Vulnerability !!!  [POC]


                      
                   Pebble Smartwatch when connected to a Phone will give a Vibrating alert to Calls, Messages, E-mails, etc .. . I’m testing a Pebble with its latest v2.4.1 Firmware .

                  For every messages from Whatsapp or Facebook Messenger or such apps  Pebble will give an alert with the whole message displayed on its screen . There is no character limit in showing such messages. Even if we get a lengthy 100 word message from whatsapp with an alert Pebble will show the whole message in its small screen . From this itself it is clear that we can make it freeze by giving it a lot of notifications to display . But what actually happened during my testing shows how serious this Bug is .


What I Did Is ......


1.     Connected my Pebble Smart Watch with my Sony Z2.
2.     Tested if I am getting notification or not.
3.     Did a message bombing to my own Whatsaap Account [1500 messages in 5 sec ]

What All Ended Up With?



      As expected the whole screen of my Pebble became filled with lines ( As shown in the Picture  ) .  Soon itself it got Switched Off automatically and executed a Factory Reset without any actions from my side to do so ! . Due to that automatic Factory Reset I lost all my Apps and other data’s which I was having in my Pebble .

The same occurred even when I decreased the no. of messages to 300 in 5 sec .

By exploiting this Dos bug a person with your FB ID or Mobile Number or any such thing  can  remotely DELETE all your data’s in your Pebble by simply giving you a Small Message Bomb .



Possible Fix


·        Give a Character limit while showing such messages in Pebble .
·        Remove the Automatic Factory Reset Bug .


 



**UPDATE**


   After the freezing of your Pebble you will see a lot of white straight lines all over the screen. We can’t make it back to a working condition by simply Switching it off   we MUST do a Factory Reset in order to make it working again . So it is sure that all your data will be Deleted if your pebble gets a DoS !


Thank You For Reading .

Copyright © 2014 White Hat Pages