Advertisement

Monday, November 4, 2019

Windows 'BlueKeep' Attack #Windows_Attack

Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now


When Microsoft issued the first patch in years for Windows XP in May 2019, you knew that something big was brewing. That something was a wormable Windows vulnerability that security experts warned could have a similar impact to the WannaCry worm from 2017. The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2: and it’s now been confirmed that a BlueKeep exploit attack is currently ongoing.



A little bit of BlueKeep history

BlueKeep, a vulnerability found in older versions of Microsoft Corp.’s Remote Desktop Protocol, has been spotted for the first time being used in the wild as part of a new hacking campaign.

The campaign was detected via Honeypots, a decoy computer system for detecting hacking campaigns set up to detect a BlueKeep attack by security researcher Kevin Beaumont.
BlueKeep, discovered in May, involves a flaw in Microsoft RDP that allows unauthorized access to computers running Windows XP, Windows 7, Windows Server 2003 and Windows Server 2008. Later versions of Windows, 8 and 10 alike, are not affected.
Microsoft took the rare action of issuing updates for the older, unsupported systems May 14 because of the severity the vulnerability presented to servers and other computers still running older Windows versions. The vulnerability is considered so severe that the U.S. National Security Agency issued a cybersecurity advisory on BlueKeep in June.
As of July, about 800,000 systems were believed to remain vulnerable to BlueKeep, with the number having dropped 17% since Microsoft issued the patch in May. It’s likely that a good 500,000 systems, possibly more, could remain exposed to BlueKeep today.

Microsoft twice warned users to update vulnerable Windows systems, first on May 14, and then again with even more urgency on May 30. Those warnings appeared to go unheeded in enough numbers to warrant an escalation on the update alerts. On June 4, the National Security Agency (NSA) took the unusual step of publishing an advisory urging Microsoft Windows administrators to update their operating system or risk a "devastating" and "wide-ranging impact" in the face of a growing threat. This warning was given even more gravitas on June 17 when the U.S. Government, via the Cybersecurity and Infrastructure Security Agency (CISA), issued an "update now" activity alert. At much the same time, security researchers were predicting that a "devastating" BlueKeep exploit was only weeks away.

The Windows BlueKeep exploit attack

Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I’ve seen it being used on a mass scale."
It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.
Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins (also known as MalwareTech) who was responsible for hitting the kill switch that stopped the WannaCry attack, have confirmed that a widespread BlueKeep exploit attack is now currently underway.

BlueKeep exploit attack mitigation

Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability? I'd have thought that a wormable exploit, even if it hasn't been "wormed" on this occasion, that vampires your system resources or crashed your machine was warning enough. But, hey, what do I know?
While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the 700,000 or so still vulnerable Windows systems to get patching. Cryptocurrency miners are resource hogs at best, and a roadmap that further malware installations could follow. In the case of this attack, though, there's another problem to be aware of: the exploit code isn't all that. It would appear that the attackers are using the demo exploit code released by the Metasploit team at Rapid7 in September 2019, but without enough coding skills to get this to work without it causing a Blue Screen of Death (BSOD) error.

Thursday, November 15, 2018

BLACK HOLES

INTRODUCTION OF BLACKHOLES:

 The blackholes are extremely dense objects. their size is very lass with respect to their mass.they are black because they can't able   seen.Due to high gravity near a blackholes, not even light can escape.


HOW  BLACK HOLES ARE FORMED:


  • Blackholes are formed from explosion of massive star.
  • Even then blackholes are a rare phenomena.


HOW A STARS DIES?:
  • Star are extremely massive objects
  • When iron is produced inside them,they stop producing more energy.
  • Hence outward pressure reduce and the star implodes.


HOW TO DETECT A BLACK HOLES?:
  • Just like sun has earth and planets revolving around it,A black hole can have planets and stars revolving around it.
  • We look for such planets revolving around it something  invisible and we observe such system
  • Black holes are black .so, how can we see them.
  • They are not easy to observed and we spent a lot of time and resource for looking them

  • Now we have LIGO detector as well,through this instruments easy to observed
DENSITY OF BLACK HOLES:


MICROBLACK HOLES:



Tuesday, October 2, 2018

Now artificial intelligence using by Ex-Apple engineers show their startup's self-driving car sensor

Aeva was founded by Soroush Salehian and Mina Rezk, who both left Apple's Special Projects Group that houses the iPhone maker's self-driving car work. Aeva is working on a device that would help cars sense the road, vehicles, pedestrians and other surroundings several hundred yards ahead. It would be a critical link in self-driving technology including software and controls made by others


Two former Apple Inc engineers on Monday gave new details about the sensor system their startup company, Aeva Inc, is making to help self-driving cars see the world around them.(source: gd news)

In other self-driving car systems, such data comes from separate sensors from different suppliers. Radar measures speed, so-called "lidar" measures depth and standard cameras capture digital images the car's computer can analyze. The streams must be blended in a step called "sensor fusion."

At a San Francisco warehouse last week, Aeva's device was mounted on a white Audi sport-utility vehicle parked on a mock road. In real time, it captured images of Aeva workers whizzing about on kick-scooters, with the workers' images changing color as they moved toward or away from the vehicle.

Aeva enters a crowded field of sensor firms selling to automakers. One of Volkswagen AG's new Audi sedans features a laser scanner from Valeo. BMW Group has paired with Israeli startup Innoviz Technologies around a new sensor. Ford Motor Co invested $75 million in longtime lidar maker Velodyne.



Aeva aims to combine those functions in one device and skip the external "fusion" step. Its device has sensors for motion, depth, speed and reflected light and contains an  artificial intelligence chip that weaves it together.

"Because we've created this technology from the ground up, we have unique access to the data from deep inside the hardware," Salehian told Reuters in an interview.


Established firms have the most sensors on the road right now, said Angelos Lakrintis, an autonomous vehicles analyst with Strategy Analytics. But "there is still some time" for newcomers to win over automakers because self-driving cars will not hit roads en masse until the mid-2020s, he said.







Automakers are sensitive to cost. Some depth sensors use pricey bespoke laser chips. Aeva would not reveal what chips it uses or its final costs but said it has avoided expensive parts.


"We do not need high-powered lasers anymore," Rezk told Reuters. "We're using laser sources and sensors that are already in mass manufacturing."

Maker of World Wide Web Works on Project To Save Users’ Data

Maker of World Wide Web Works on Project To Save Users’ Data


Data is the new oil and all private entities are obsessed about getting access to consumer data. There is so much data in the hands of a few global giants like Facebook, Google and Amazon, which leaves them susceptible to intrusion. This has happened more than once with the social networking giant Facebook.
Tim Berners-Lee, the man who gave us the World Wide Web, is now keen on ensuring that users have a say on what data can be shared and what cannot. To make this happen, Tim Berners-Lee is collaborating with people at MIT for this project called Solid, which promises to give users the final say over data.
He also specified that the project is built over existing web formats, but developers still have to incorporate Solid separately into their apps and sites.
Berners-Lee claims to have been working on this project over the past few years, looking at the need for a powerful change to thwart the danger to data these days.
"Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time." - Medium post on Solid by Tim Berners-Lee
What kind of innovation is Berners-Lee looking to bring into the data ecosystem and everyone’s digital lifestyle? He plainly puts it out as a collaborative platform where all the apps can talk to each other.
"Imagine if all your current apps talked to each other, collaborating and conceiving ways to enrich and streamline your personal life and business objectives? That’s the kind of innovation, intelligence and creativity Solid apps will generate." - Medium post on Solid by Tim Berners-Lee
To make sure Solid sees itself out of the tunnel, Berners-Lee recused himself of his responsibilities at the World Wide Web Consortium (W3C) and formed a startup called Inrupt to get things moving.
It’s exciting to see the web pioneer once again looking to change the dynamics of how the web revolves around users’ data.
Facebook and Google are the major stakeholders here, but in 2018, there are few companies that can survive on the internet without accruing data from the user. But it doesn’t have to be the only available option and we’re glad that Berners-Lee, is the one championing the need to change it.

Facebook security breach: Up to 50m accounts attacked


Facebook says almost 50 million of its users were left exposed by a security flaw.
The company said attackers were able to exploit a vulnerability in a feature known as “View As” to gain control of people's accounts.
The breach was discovered on Tuesday, Facebook said, and it has informed police.
Users that had potentially been affected were prompted to re-log-in on Friday.
The flaw has been fixed, wrote the firm’s vice-president of product management, Guy Rosen, adding all affected accounts had been reset, as well as another 40 million "as a precautionary step".
Facebook - which saw its share price drop more than 3% on Friday - has more than two billion active monthly users.
The company has confirmed to reporters that the breach would allow hackers to log in to other accounts that use Facebook's system, of which there are many.
This means other major sites, such as AirBnB and Tinder, may also be affected.

Who has been affected?

The firm would not say where in the world the 50 million users are, but it has informed Irish data regulators, where Facebook's European subsidiary is based.
The company said the users prompted to log-in again did not have to change their passwords.
"Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. “
He added: "People’s privacy and security is incredibly important, and we’re sorry this happened."
The company has confirmed that Facebook founder Mark Zuckerberg and its chief operating officer Sheryl Sandberg were among the 50 million accounts affected.

What is 'View As'?

Facebook's "View As" function is a privacy feature that allows people to see what their own profile looks to other users, making it clear what information is viewable to their friends, friends of friends, or the public.
Attackers found multiple bugs in this feature that "allowed them to steal Facebook access tokens, which they could then use to take over people's accounts", Mr Rosen explained.
"Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app," he added.

What does this mean for Facebook?

The breach comes at a time when the firm is struggling to convince lawmakers in the US and beyond, that it is capable of protecting user data.
Facebook founder Mark Zuckerberg  said on a conference call on Friday that the firm took security seriously, in the face of what he said were constant attacks by bad actors.
But Jeff Pollard, vice-president and principal analyst at Forrester, said the fact Facebook held so much data meant it should be prepared for such attacks.
"Attackers go where the data is, and that has made Facebook an obvious target," he said. "The main concern here is that one feature of the platform allowed attackers to harvest the data of tens of millions of users.
"This indicates that Facebook needs to make limiting access to data a priority for users, APIs, and features."
When asked by the BBC, Facebook was unable to say if the investigation would look into why the bugs were missed, or if anyone at the company would be held accountable for the breach.

Opera Touch mobile browser challenges to safari default browser with Flow technology now available for iOS users

Global tech firm Opera Software on 1 October announced that its 'Opera Touch'  mobile browser launched in April on >Android version€" is now available for >iPhone users in India as well.
Opera browser on iPhone.
The company is giving an open challenge to the Safari browser which is the default browser on iOS. It says that with the new Opera Touch they are "challenging the status quo,"
The Opera Touch app doesn't offer anything different from its Android version. The browser directly starts in the search mode, the keyboard pops up and the address bar cursor is blinking.

The UI core elements are also said to be located at the bottom of the screen. There is also a "Fast Action Button" which is in the middle of the screen, which has the browser's key functions which include access to recently opened tabs and search.

Did you know that 95 percent of iOS users in the US stick to the system’s default browser, Safari? We believe that the only thing Safari is currently really best at is at being the default browser. That’s why it’s high time to challenge it with something better, Opera Touch.
We encourage all of the iPhone users among you to give it a try – it just might be better than your current browser!

We have designed Opera Touch to match the beauty, speed and ease of use of the new iPhone line and hope that, soon, even Apple Geniuses will put our browser in their docks. In fact, we are challenging this “allegiance” to a default browser and have shot some videos to have a bit of fun with them. Check them out:


Hello,
Did you know that 95 percent of iOS users in the US stick to the system’s default browser, Safari? We believe that the only thing Safari is currently really best at is at being the default browser. That’s why it’s high time to challenge it with something better, Opera Touch.
We encourage all of the iPhone users among you to give it a try – it just might be better than your current browser!
We have designed Opera Touch to match the beauty, speed and ease of use of the new iPhone line and hope that, soon, even Apple Geniuses will put our browser in their docks. In fact, we are challenging this “allegiance” to a default browser and have shot some videos to have a bit of fun with them. Check them out:
But, what is Opera Touch? It’s a browser we made that combines high-end technology with impactful aesthetics to address the needs of iPhone users who want something more than their default browser.

We are releasing Opera Touch just in time for Apple’s new iPhone XS, XS Max and XR because we believe that our browser is the perfect one to make these new devices really shine. Today’s new phones have big, beautiful displays, but conventional browsers are yet to adapt to this development. Our product is aimed at people who want to fully appreciate their iPhones.

Opera is challenging the status quo
According to data from StatCounter, only five out of every 100 iOS users in the US currently choose to divert from their device’s default browser, Safari.
We’ve witnessed this situation before with a web browser reaching a dominant market position. This slows a web browser’s progress. That’s precisely why we want to propose something new: a carefully designed browser that gives iPhone users a better web experience on their beautiful phones.
Award-winning and great to use on big displays with one hand
The Android version of Opera Touch won the Red Dot Communication Design Award 2018 for its unique user interface, which solves some of the current finger-gymnastics smartphone users struggle with in their everyday lives.
The new iPhone XS Max has nearly twice the display size of the original iPhone that premiered in 2007. We believe that this shift in size calls for big changes in browser design. With Opera Touch we made it faster and easier to browse the web when on the go. This is especially useful when you’re using a smartphone with a large display.
Opera Touch is fast, light and beautiful – it has all the key features you need
But we wouldn’t be us if we didn’t discuss the features we have packed into our brand new browser. You will find that, since the Android launch, we have added some new ones and kept working on our product.
Launch the browser and instantly start searching
People want to quickly find something online and move on with their lives. That’s why Opera has reduced the number of steps before they can start their search upon opening the browser to zero.
The first thing you will notice in Opera Touch is that the browser starts in search mode and is instantly ready to find things on the web. The keyboard is up and the address bar cursor is blinking.
The UI’s core elements are also conveniently located at the bottom of the screen, which makes them easy to reach.
The Fast Action Button in the bottom middle of the screen holds all of the browser’s key function, including access to your most recent tabs and search.
Flow connects your devices – did we mention it’s encrypted?
A final addition which rounds up the browsing experience is Flow, Opera’s innovative way of allowing users to share links, images, videos or notes with themselves. It is available both in Opera Touch and in the Opera computer browser. And the good news? It doesn’t require any logins or passwords – you simply scan a QR code displayed on your Opera desktop browser’s screen with Opera Touch and you’re good to go.
Whenever an item, such as a scan of medical results or a website with top restaurants to check out, is added to the Flow on one device, the other one instantly receives it. Flow is end-to-end encrypted, and works independently of operating systems and manufacturers.
Connect to Opera on your desktop to make your browsing truly seamless
That’s right: once you have established your Flow, Opera Touch will also display the most recent tabs from you desktop browser.
Opera Touch adapts to your browsing patterns
The browser will also adapt to you. Your favorite sites will automatically be added to the browser’s home screen.
Opera Touch features built-in cryptojacking protection and ad blocker
We have also worked the a built-in ad blocker and cryptojacking protection into Opera Touch to keep you browsing safely and without interruptions. To check if your browser is safe from cryptojacking, click here to run a test.

Thursday, September 27, 2018

Facebook launches programme to boost coding skills of students

Facebook launches programme to boost coding skills of students
Facebook has launched in the US free online education programme CodeFWD to increase the numbers of underrepresented and female students interested in pursuing computer programming.

"We're working on a number of initiatives like CodeFWD to widen the pipeline of diverse talent studying computer science so the next generation of tech innovators reflects and incorporates diverse perspectives, building a future that benefits us all," Lauryn Ogbechie, Education Partnerships Director at Facebook, said in a statement on Tuesday.
Created in partnership with connected toys maker Sphero, CodeFWD by Facebook, has been designed for both English and Spanish speakers.

To help educators inspire students to pursue computer programming, today we’re introducing CodeFWD by Facebook. CodeFWD is a free online education program created in partnership with Sphero to increase the amount of underrepresented and female students interested in studying computer science.
Schools and learning communities are among the most important communities that we all belong to. At Facebook, we’re creating the programs, tools, and products to build diverse education communities that bring the world closer together. We’re working on a number of initiatives like CodeFWD to widen the pipeline of diverse talent studying computer science so the next generation of tech innovators reflects and incorporates diverse perspectives, building a future that benefits us all.


How CodeFWD Works
[Updated on September 25, 2018 at 10:10AM PT to clarify program’s scope.]
CodeFWD by Facebook – launching in the U.S. and designed for both English and Spanish speakers – is a three-step program where educators and organizations introduce computer programming to 4th through 8th grade students:
  • I do: educators learning. CodeFWD prepares educators to introduce the basics of computer programming to their students, even as they may be discovering the concepts themselves.
  • We do: educators and students learn together. The next set of online activities is designed for educators to use to introduce students to computer programming.
  • You do: students practice their new skills. During this last set of activities, educators are supporting their students as they take what they’ve learned and apply it to block-based coding exercises.
After completing these three steps, educators who want to continue developing their students’ coding skills using a tangible, hands-on product can apply to earn a free classroom set of programmable robots from our partners at Sphero.
Educators and educational organizations are essential to expose more underrepresented and female students to computer programming and to create the next generation of diverse tech innovators. We hope CodeFWD by Facebook will help support educators and organizations as they introduce and inspire underrepresented students to study computer science.