Friday, March 13, 2015

Don't let inaction come back to haunt you: patch the GHOST vulnerability now

Don't let inaction come back to haunt you: patch the GHOST vulnerability now
The dust is still settling here at Qualys after thediscovery of the Linux GHOST vulnerability back in January, but we already observed some valuable lessons. While GHOST sparked some debate in the industry with regards to whether or not the vulnerability was severe enough to take action, it also once again highlighted the common questions associated with such a discovery.
Specifically: how likely is this vulnerability to be exploited? How quickly and inclusively do I need to react? Here we dive deeper into GHOST and what organisations should do to ensure they have properly addressed the impact on their security posture.

GNU problem

First, some background. During the course of analysing potential vulnerabilities, our security researchers at Qualys found a critical problem in a basic part of the Linux operating system, the GNU C Library (also known as glibc). This library is a core part of Linux, and all Linux programs use it for basic operations. Many internet-facing programs run on Linux, making a remote attack quite likely. In our initial advisory we outlined the proof-of-concept for such an attack using the EXIM mail server as an example.
Any Linux program that uses the glibc function "gethostbyname" is potentially vulnerable. GHOST refers to a weakness in this function that maps human readable names such as www.qualys.com to IP addresses such as 64.39.186.16 - a basic function exercised billions of times a day. It is in this function that the vulnerability was found. If the attacker can influence the address to be translated and is allowed to provide an abnormally long (greater than 1000 characters) address, the vulnerability is triggered.
A program can protect itself by, for example, refusing to accept an address that is so long (the relevant internet standard limits length to 255 characters), but many do not have this additional check. To illustrate this behaviour, when we ran the original advisory, Qualys included references to four programs that had this issue as well as some programs that were not vulnerable.
Ultimately it is difficult to decide whether a program is vulnerable, but attackers have access to fuzzing algorithms that can automate the finding of problematic instances, and of course with access to the source code can just look for the usage of the vulnerable function.

Protection from poltergeists

One of the more controversial elements of the GHOST vulnerability has been the discussion around the urgency of the fix. Few will argue that fixing the vulnerability is unimportant, but there was a large amount of discussion around exactly how exploitable and dangerous GHOST is.
The most common issue raised was the difficulty in exploiting the vulnerability. For GHOST to be exploited by an attacker, a particular set of circumstances needs to be fulfilled. The attacker needs to be able to provide the long hostname to an accessible program that does not sanitise its inputs. This situation led some to deprioritise the patch or even not to patch at all.
However, just a few weeks after the initial release researchers at Sucuri found that the popular blogging software Wordpress fulfilled the listed circumstances. A feature called "pingback" allows the attacker to provide a lengthy hostname that gets passed unfiltered to the underlying PHP engine, which uses the "gethostbyname" function directly on the passed argument. Wordpress has millions of installations, the majority directly on the internet. Shortly thereafter Veracode published their statistics on enterprise web applications and stated that at least 25% make use of the vulnerable function.
We believe the best way to mitigate risk is to apply a patch from your Linux vendor. Qualys has worked closely with Linux distribution vendors and patches are available today (see the list here). While we do not recommend patching blindly, we think a speedy resolution is important, starting with internet exposed systems.
There is much to be lost by refusing to apply a patch and everything to gain by protecting your network from unwarranted access. Attackers are working hard to find exploits for GHOST and administrators cannot fall back on the belief that nothing which has been reported thus far impacts them.

Ready for next time

A vulnerability scanning solution can provide reports detailing your enterprise-wide exposure and allows you to get visibility into the impact within your organisation, and efficiently track the remediation progress of this serious vulnerability.
GHOST was not the first time that we have seen such a wide reaching vulnerability in the Linux operating system and it won't be the last. The work you are doing now to catalogue and prioritise systems will be beneficial for your team when the next vulnerability occurs, allowing you to look at the problem calmly, prioritise systems and then patch accordingly. After all, even something that looks initially harmless has the potential to significantly impact the security of your network.
Posted by at No comments:

Tuesday, December 23, 2014

Secret Hacking Codes for iphone

Secret Hacking Codes for iphone, Secret Hacking Codes for iphone 4 or 4s, iphone hacking code, iphone hacking software

Secret Hacking Codes for iphone
*#43#   
Use to verify if call waiting is enabled
*#61#  
Verify the number for unanswered calls
*3282#     
Get your data usage information.
*729     
Options to make payments. Its operator specific.
*#62#   
Verify the number for call forwarding if no service is available.
*#67#   
Verify the number for call forwarding if phone is busy
*#33#  
To verify whether barring is enabled or disabled for outgoing
*#21#   
To display the settings for your call forwarding
*3001#12345#*
Enters Field mode which allows you to access most of the hidden settings and functions of your iPhone.
*#30#    
This shows whether you have enabled or disabled the presentation of the calling line, presumably the number of the party placing the call.
*#76#    
State whether the connected line presentation is enabled or disabled. Similar to the calling line presentation.
*#06# 
Display the IMEI of your iPhone, as always this is the standard code for all brands of phones.
*225#    
Displays the account balance for postpaid contracts.
*777#     
Displays the account balance for prepaid accounts.
*646#  
Displays the remaining minutes available.
611     
Dials customer service, (114 in RSA for Vodacom). Its operator specific.
Note: This is the list of all iPhone codes available till now in market. If hope i haven’t even missed the one. If still you are able to find any extra hack code for iPhone 4 or iPhone 4S then don’t hesitate in sharing, as Sharing is Caring.

Posted by at No comments:

How to Create a Strong Password


Creating a strong password is our primary step towards our online security. But we still do not put a lot of thought into creating a strong password. Actually it’s not our fault, human brain always try to find out the easiest way to do something. Same thing it applies on passwords, usually we create a short, easy-to-remember passwords. It’s logical too the more easy password we set, it will more easy to remember and even a average person probably won’t be able to guess these passwords but what hacker who are expert in guessing passwords, they often use cracking tools and they keep on testing many different passwords until they will found correct one. Shocked!!!

So, today let’s adopt a good habit of creating strong passwords. We just have to remember few things for creating strong passwords:
1. Always use longer passwords. At Least six character long.
2. Never use your personal information in your passwords like your name, girlfriend’s name, spouse’s name, your birth of date etc because these information often available in public domain.
3. Never use same passwords for every account because if someone got/ discover your password then your all accounts will be vulnerable.
4. Never use words that can be found in dictionary because it can be easily cracked using dictionary attack.
5. For a ideal strong password you should include uppercase and lowercase letters, symbols and numbers.
6. Do not write down your passwords, always try to keep them in your brain or you can note down some hints of your passwords that will help you to remember them.
Stay Safe…

keep visiting  :)
Posted by at No comments:

How to Use Facebook without internet on pc phone 2014



Hello Friends, Today we are sharing with you a special trick for free service that is called How to use Facebook without internet on PC phone, Now this time ninety percentage people using social sites, There are many social sites like Twitter, Facebook, Google Plus and many more, Facebook is the one of best and so popular social site, Every one wanna use it, if you get this totally free than its very awesome,  Now time also of tricks, There many tricks on Facebook, Mostly free services tricks are more liked by people, Always people trying to get a new trick for free Facebook on mobile, PC, computer and there laptop etc, I wanna share some method which may be help you to get free Facebook on computer PC, mobile and android, in all or many country.

Access Free Facebook without Internet Mobile
 
There are many tricks for access free Facebook without any internet connection or without any charge, Some are working and some are not working, actually we never try these any tips for free services, So don't know about these tips working or not working, Its not Facebook official tricks, So we are not responsible for this its work or not work, If you wanna try than you can try it, If work its benefit for you, 


  •     Just send SMS or Dial This *325*22# code and subscribe it.
  •     They will may be charge RS 2 Per day from you for this,
  •     And in India and Bangladesh Its may Be free, 
Access Free Facebook without Internet in PC Computer laptop

Actually we are try many tricks for access free Facebook services in your computer, PC or in mobile, After many trying we will notice there are no any trick for this, Many site owner share fake method which totally not working, If we get any working method , Than we will sure post here, My best suggestion for you that there is no trick for PC so you must don't try any other these,


Final Words

If you are our daily user than you will notice that we always trying to share only working method, If you get any working method please comment below we will share on our site with your name, If you like this article, Please give us a minute for say thanks, If you have any question please comment below, We will try to help you

KEEP VISITING 
Posted by at No comments:

APPS TO FIND YOUR LOST MOBILE

1. WHERES MY DROID

Wheres My Droid is a very simple and dependable app to be used with your Android Smartphone. You can  get the location of your phone as it is coordinated with Google Maps , it can also turn the ringer volume up and make your phone ring. Also if you are not near to your phone to hear the ring , it has ability to show the location because it uses Google Maps.You can activate this app remotely by simply sending a secret attention word/code or phrase to the phone by a text message that enables the app’sFind-Me mode, which automatically switches the phone from vibrate to ringer, increases the volume of phone and makes it ring for 30 seconds.
Some of the Key Features of Wheres My Droid are :

  •      Find phone by making it ring/vibrate
  •      Find phone using GPS location
  •      Text your attention word
  •      Passcode protection to prevent unauthorized app changes
  •      Notification of changed SIM card or phone number
  •      Stealth Mode hides incoming text with attention word
  •      White/Black list to control who can use the app via text
  •      No battery drain

To download  click on the below link  My Droid


2. AVAST Anti-Theft

Best free cell phone tracker helps you find and track your lost or stolen phone, making ‘lost’ Android phones/tablets a thing of the past.
No need to think “How can I find my phone?” – its cell phone locator features find and control it remotely.

TOP FEATURES

■ Locate and Track your ‘lost’ phone or droid on a map through our web-based mobile phone tracking feature (uses GPS tracker and other triangulation methods).

■ Control your cell phone remotely via a web-based interface or SMS if the phone is stolen (to do this, go to: http://my.avast.com).

■ Remotely lock and/or wipe the phone memory, to keep your data safe.

■ Remotely take photos or listen to audio of the phone’s surroundings.

■ Set up a SIM-card-change notification to another device.

■ Stealth Mode automatically hides the app on your phone whenever Anti-Theft is activated, so that a thief is not even aware of its presence


To download  click on the below link avast anti-theft

REMOTE FEATURE HIGHLIGHTS

You can trigger remote features via SMS command from a friend’s phone or via our web interface at http://my.avast.com

■ Remotely lock device.

■ Activate a customizable siren.

■ Find my phone.

■ Wipe memory to keep your private data safe.

■ Custom locked-screen text (e.g. show rewards for its return).

■ Send an on-display message to the phone.

■ Have the phone call you elsewhere to listen to surroundings (with blacked-out screen, so invisible to thieves).

■ Have calls and messages forwarded to a different phone. 

Keep visiting :)  
Posted by at No comments:

Create you own android app free


Hi people out there today i am going to give you the most simple trick to make your own android app for your website , blog or anything, so that people can also browse your site easily by their android mobile phones.

First go to the following website and click create on the below  link

 
After that select the option you will prefer , suppose you want to make an android app for your website then you should click on the link that says website , if you want to make an android app for and PDF document then you should select the second option , and so on the third option.


If you wanna create an android app for your website click website , and a form like this will 


Give the link of the website that you want to create app for
Give the name of the app like 'Apps,Tricks & Tips'.
Add a description for your website in the description box .
Chose  a custom icon if you want so.
now choose the category as blog don't change it otherwise your all will not work.
After clicking create app you will get  a form like this.


Just fill up the form and click sign up and your account will be created .

And now you will be redirected to the download page of your app .
Now download the app and  upload it in and site that you would like  your fans to download from like , media fire,4shared,Google play,4mobile and much more.

keep visiting
Posted by at No comments:

Recharge Your Phone Battery Without Charger



Yes that’s true you can recharge your mobile phone battery without charger for a limited time.
It is really annoying when you are away from home and your phone battery goes empty.
If you are not carrying the charger the situation is more worse. What will you do if you have to make a call from your phone.
There is an easy way without having to recharge the batteries charged. Although it did not last long as in the case, but for such cases we can call to simply provide some important news.
You do this by removing the battery from the phone and then rub and rub with hands or to a shirt or your pants for 3-5 minutes.

After a bit of heat, insert the battery into the phone and make an important phone call immediately because the battery life is usually only lasted two minute.The fact behind this is that when the battery is kept in a cool place the faster the battery capacity will be reduced.

If you do this in a rather cold battery condition, battery life time will usually be much longer. May be useful.

keep visiting  :)
Posted by at No comments:
Subscribe to: Comments (Atom)