Welcome To Hacker News

Welcome to Hacker News. Hacker News is a bit different from other community sites, so we'd appreciate it if you'd take a minute to read the site guidelines

Cyber World News

delivers the latest breaking news and information on the latest top stories, weather, business, entertainment, politics, and more

Hacker News

This is a monthly meetup for entrepreneurs, hackers, techies, or anyone else who reads or likes the topics ... Welcome to the Hacker News Seattle Meetup.

Difrent Community

Welcome to Hacker News. Hacker News is a bit different from other community sites, so we'd appreciate it if you'd take a minute to read the site guidelines.

This is Social Site

Hacker News is a social news website that caters to programmers and entrepreneurs, delivering content related to computer science and entrepreneurship.

Thursday, July 10, 2014

Facebook Takes Down Bitcoin Stealing Botnet that Infected 250,000 Computers


Once again Facebook is on The Hacker News! This time not for any scam or surveillance, but for a different reason. 

The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details.

Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers.

The botnet, dubbed as Lecpetex, was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment.

Once the attachment is opened, it would execute an embedded Java archive file that would download Lecpetex main module and install a program to begin Litecoin mining secretly on the infected computer, and at the same time, other malware sent out from the botnet would steal bitcoins, email passwords and internet banking details.

Moreover, the module would download and run the Facebook spamming module that would hijack user’s account by stealing cookies from their browser in an effort to gain access to the victim's Facebook friend list so that it could further send out more spam messages to each friend with a zip file containing malware.

The Lecpetex botnet infect computers with family of different malware, including the DarkComet remote access trojan, through simple social engineering techniques, and the operators behind it were constantly modifying it in order to evade detection, both by Facebook's attachment scanning software as well as anti-virus software.

Security researchers at Menlo Park said the 31 and 27 year-old botnet creators delivered over 20 distinct spam campaigns, affecting users in Greece, Poland, Norway, India, Portugal, and the US. Not even themalware targeted Facebook alone, the malware was also delivered through torrent files containing pirated content like movies, games and MP3s to trick unwitting downloaders, but this was not observed by Facebook bods.

"On April 30, 2014, we escalated the Lecpetex case to the Cybercrime Subdivision of the Greek Police, and the agency immediately showed strong interest in the case," Facebook engineers wrote in anunauthored post.

After five months of examination, irritated botnet creators began leaving messages for Facebook engineers from their command and control servers saying that:
"Hello people.. :) but am not the f***ing zeus bot/skynet bot or whatever piece of sh*t.. no fraud here.. only a bit of mining. Stop breaking my ballz.."
They also changed their crypto keys to the phrase 'IdontLikeLecpetexName'.

But Facebook didn’t stop its investigation and continued to target botnet with new countermeasures and automated tools in order to extract more information from the botnet to trace its creators, and finally theGreek Police arrested two hackers last week, a 31-year-old and a 27-year-old who were both informatics students.
"According to the Greek Police, the authors were in the process of establishing a Bitcoin 'mixing' service to help launder stolen Bitcoins at the time of their arrest," said Facebook. “Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures, and law enforcement cooperation."
The Greek Reporter says that the Lecpetex operation is the biggest case ever handled by Greece's Cyber Crime Unit.

Wednesday, July 9, 2014

Facebook Founder Wants to Make Internet Availability as Universal as 911 Emergency Service


Facebook founder Mark Zuckerberg has a dream to make Internet access available to everyone across the world - Zuckerberg argues Internet should be a service as essential as of 911 in the case of an emergency.

In a blog post published Monday in The Wall Street Journal, founder of the social networking giant highlighted the future of universal Internet access, along with the steps he thinks to achieve it.

Today 2.7 billion people, just over one-third of the world's population, have access to the Internet, Zuck said, and the adoption has been growing at a very lower rate, by less than 9% each year. The rest of the world’s 5 billion people who do not have access to Internet are lacking access due to issues such as high costs or improper infrastructure.

One may think that Zuckerberg’s vision sounds like a self-interested push to gain more users for its social networking service, Facebook. But its true that the world is currently facing a growing technological divide, where more than 2 billion people live in the Digital Age and can access a vast universe of information, communicate with their friends and family, gain opportunity to participate in the global economy. But at the same time, the other 5 billion people are still stuck in the Paper Age.

Zuckerberg thinks that the problem of about 90 percent of the world’s population isn’t a lack of a network but lack of affordable data plans.
For example, an iPhone with a two-year data plan in the U.S. costs about $2,000, where $500 to $600 is for the phone and about $1,500 is for the data,” Zuckerberg said in the WSJ article.
The solution lies in offering basic Internet services for free, just like any other basic service over the phone, say, “Anyone can call 911 to get medical attention or report a crime even if you haven’t paid for a phone plan,” Zuckerberg said. “In the future, everyone should have access to basic Internet services as well, even if they haven’t paid for a data plan.

According to a 2011 McKinsey & Co. report, the Internet has already accounted for a larger share of economic activity in many developed countries in comparison to agriculture and energy, and accounted 21 percent of Gross Domestic Product (GDP) growth in mature economies over the last five years.

If the Internet were treated as its own sector, it would be a greater contributor to GDP than agriculture or utilities, as access to online tools lets people use information to do their jobs even in a better way, and as a result, will create more jobs, business and opportunities.

Internet.org—a global partnership launched by Zuckerberg last year, along with other major information-technology leaders as well as nonprofit organizations and local communities—plans to bring those who are without Internet access into the Digital Age and is already under way to provide free basic Internet services world-wide.
The Internet will help drive human progress,” Zuckerberg said.
On the whole, it is reasonable to expect that giving poor people access to Internet and possibility of connecting with people anywhere around the world will be socially transforming the life in a very positive way.

Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user’s device, even when they lack the necessary permissions.

The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as “Jelly Bean.”

APPS CAN MAKE CALLS FROM YOUR PHONE
This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won’t ask you for extra permissions to do a phone call to a toll number – but it is able to do it,” Curesec’s CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. “This is normally not possible without giving the app this special permission.

By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone calls, disrupt ongoing calls, dialing out to expensive toll services, potentially framing up big charges on unsuspecting users' phone bills.

Android bug allows unauthorized users to terminate outgoing calls and Send USSD
The vulnerability can also be exploited to disconnect the outgoing calls, to send and execute :
  • Unstructured Supplementary Service Data (USSD)
  • Supplementary Service (SS)
  • Manufacturer-defined MMI (Man-Machine Interface) codes.
These special codes can be used to access various device functions or operator services, which makes the problem a nasty one for those who value the data they store on their mobile phone.
The list of USSD/SS/MMI codes is long and there are several quite powerful ones like changing the flow of phone calls (forwarding), blocking your SIM card, enabling or disabling caller anonymisation and so on,” reads the blog post.
Even the Android security programs, where apps without the CALL_PHONE permission should not be able to initiate phone calls, can be easily bypassed and offer no protection from these flaws, because the exploits have capability to deceive the Android permissions system altogether.

"As the app does not have the permission but is abusing a bug, such apps cannot easily protect you from this without the knowledge that this bug exists in another class on the system," wrote the researchers.

A large number of versions of Android are affected by the vulnerabilities. Researchers have found two different flaws that can be exploited to achieve the same ends – one that's present in newer Android releases and another that's found in older versions.

FIRST BUG - AFFECTS NEWER VERSION OF ANDROID
The first security bug, identified as CVE-2013-6272, appears to be introduced in Android version 4.1.1 Jelly Bean, and outlasted all the way through 4.4.2 KitKat before the security team at Google was able to fixed it in Android 4.4.4.

But, luckily only about 14% of users are currently updated to the latest version of the mobile Operating System. So, just think about it, How many users are currently in the grip of the flaws? Not less than a generous users open to vulnerabilities and attack paths.

SECOND BUG - AFFECTS OLDER VERSION OF ANDROID
The second security hole is wider in its reach, affecting both Android 2.3.3 and 2.3.6, the popular versions of Gingerbread variant which are used by lower-end smartphones, budget-style smartphones which continue to surge in popularity amongst emerging markets like those found in Brazil, China, and Russia.

The bug was fixed in Android 3.0 Honeycomb, but that was a tablet-only release that no longer even charts on Google's Android statistics. That means the bugs leave nearly 90 percent of Android users running vulnerable versions of the Operating System to dialer-manipulating vulnerability.

Researchers at Curesec have provided source code and a proof-of-concept demonstration app for both the bugs, so that customers can help themselves to test if their Android devices are vulnerable or not.

It is strongly advised to Android users those are running KitKat on their devices to get upgraded to the latest version 4.4.4 as soon as possible. It is expected that the device makers and carriers will soon roll out the updates in the coming weeks.

Thursday, June 5, 2014

Apple's New Swift Programming Language for iOS And OS X Apps. Goodbye Objective-C


The development of self own languages has become emblematic of the hot new trend in business as every big Internet service provider is now developing their own and unique programming languages.

Two months ago, Facebook released its modern programming language called 'HACK', which is specially designed to make the process of writing and testing code of complex websites and other software faster, and the company already drives almost all of the its social networking site to HACK over the last year.

This Monday, Apple surprises the gathering of people who build software applications for Apple hardware devices at its World Wide Developers Conference (WWDC) by introducing its whole new programming language called Swift, which probably replace Apple’s main programming language - Objective-C that is being loved by the developers who build software applications for Apple hardware devices, from iPhone, iPad to Macintosh.
The first app built on Swift is the WWDC app itself. Apple is apparently offering its developers a much faster and more effective means of building software applications with an "interactive playground," significantly improving on its own Objective-C.

Swift will use the same LLVM (Low Level Virtual Machine) compiler and runtime as Apple’s Objective-C implementation, and its simplified syntax gives it an easier learning curve.

The reason behind introducing Swift was to make it easier for developers to create apps for Apple's mobile platform. Apple Developers write codes line after line and then compile those results to see output, but using Swift language they can see results in real time instantly while writing their codes.

Also Syntax for type declarations, Switch statement and for other functions are easier to use and faster than the Objective-C and Python.

But that doesn't mean that Swift will completely kill Objective-C, rather Swift will co-exist with the older programming languages. Developers that can write some part of the code in Objective-C and remaining part in Swift, its upto them only.

Also, there are many tools available to port Objective-C to Java i.e port an app from iOS to Android, but porting Swift apps to Android will now become a tough task for developers.

Apple says that Swift has been in development for many years and finally now they have published a free 500-page Swift Programming Language book if you want to learn more about the language.

Sunday, May 4, 2014

Does Google Have A Secret “Translate” Service & Why Should Search Marketers Care?

Google is probably the largest translation service globally with its popular Google Translateonline service. It is also fighting spammers that auto translate content with this service and put it online.

shutterstock_114096775-translate
This is why I was so surprised to see that Google is actually a player in auto translating content. I saw this first with Google Play when they added auto translation of app descriptions, and lately I’ve seen this again in the Chrome web store.
The more interesting thing I have noticed is that this translation seems almost human, at least much closer to human than what I am used to seeing on Google Translate online. But what does this all mean? Let’s start with an overview and move on to the implications.

Overview: Google Translated Content

This is a brief overview of translated content, search marketers and Google – or how Yiddish did became so popular online lately.
The cost of writing content is probably the major hurdle for a website that wishes to expand and grow. Many times, long-tail keywords and subjects just don’t pay off in returns from ads, affiliate programs or any other monetization a site may choose.
This is why in the past few years; you could run into more and more websites that seemed to be based on automatic translation (using Google Translate in most cases). The result was surprisingly good from a quick glance, but very poor when content was read carefully.
Once a website turned to the dark side of automatic translation, it many times translates the original content into as many languages as possible.
This is why the very rare language of Yiddish became so popular despite it being spoken mainly by the Jewish ultra-orthodox community that refrains from using computers. Could it be that Yiddish is growing online due to the single fact that it is available with Google Translate? I believe so.

Google Penalizes Sites Using Auto Translated Content

Google tries to fight translated content in two fronts: AdSense and search.
Search: Google identifies automatically generated content and treats it as spam.
AdSense: Many sites monetize their content using Google AdSense. Recently, many have complained about getting email from Google titled: “Your Google AdSense account has been disabled,” and in the explanation, they noticed the potential violation as “websites with gibberish content that makes no sense or seems auto-generated.”

Can Google Translate Be Used To Create Auto-Translated, Non-Spam Content?

If Google Translate improves, it could mean that websites could get around Google’s own guidelines and sanctions.  I wanted to check to see if this possibility now exists.
So, I took the original text of one web app, and used Google Translate to compare translations from English to Spanish and from English to Hebrew (You can do so, by clicking on the setting icon in the chrome web store, and changing the language).
languagae settings
The internal tool that Google used in the web store was superior to the public online tool in a few major areas that might concern anyone using automatic translation:
  1. Identifying Names. Google translate mistakenly translated the name of the game I checked (Parking Panic) into the equivalent term (“Aparcamiento pánico” in Spanish, for example). Well, if you are Apple, you don’t want your translated brand be “Manzana” (Spanish for the fruit apple), and I assume this goes for most of us.
  2. Identifying Masculine & Feminine. This is another problem which Google Translate has, but not the internal tool. The Hebrew translation describing the game, said “She is a great game,” while the internal tool identified the game in Hebrew as masculine and described it closer to “it is a great game”
  3. Spelling Mistakes. Microsoft Word found only one mistake in the Hebrew translation of the internal tool vs. two mistakes in the public tool.
  4. Fluency. The internal tool made a few more better decisions than the public tool. When comparing Spanish to Hebrew, it seems that overall, Spanish translation was good even in the public version, but the Hebrew translation was really readable only in the internal tool.
google translate ES
Click to enlarge
chrome web store ES
Click to enlarge.

Why Doesn’t Google Release Its Best Technology If They Have It?

My best bet is that Google is afraid of mass spamming that could be hard to identify. Nevertheless, if they think it is good enough for them to publish it on their Android and Chrome stores, why wouldn’t they allow others to do the same in Google Translate? Knowing Google, you probably are aware that their rules sometimes oblige us, but don’t apply to those located in Mountain View.
If you have other ideas and tests you did yourself on other languages, please share it here.
Opinions expressed in the article are those of the guest author and not necessarily Search Engine Land.

Wednesday, April 30, 2014

4Chan "Hacked" Most Popular Image-Bulletin Board Compromised


The Founder of 4Chan,Christopher Poole aka "moot" has confirmed few hour ago,in a blogspot that the popular image-based bulletin board was hacked.
The attacker gained access to the administrative function and successfully hacked into 4chan database by exploting a website vulnerability last week.The motive behind the hack was to expose the posting habits of fpecific user the attacker didnt like,moot wrote
It is belived that the software vulnerability allowed attacker to hack into only the image board moderation panel,and some table in 4chan back-end database.According to the blog post, the way hacker extracted the information from its database, 4chan know the detail logs of what was accessed,which indicate that the primaly moderator account name and their credential were targeted and compromised bye the hacker.

A permanent hacker space in the Brazilian Congress

On December 17, the presidency of the Brazilian Chamber of Deputies passed a resolution that creates a permanent Laboratório Ráquer or “Hacker Lab” inside the Chamber—a global first.

The resolution mandates the creation of a physical space at the Chamber that is “open for access and use by any citizen, especially programmers and software developers, members of parliament and other public workers, where they can utilize public data in a collaborative fashion for actions that enhance citizenship.”
The idea was born out of a week-long, hackathon (or “hacker marathon”) event hosted by the Chamber of Deputies in November, with the goal of using technology to enhance the transparency of legislative work and increase citizen understanding of the legislative process. More than 40 software developers and designers worked to create 22 applications for computers and mobile devices. The applications were voted on and the top three awarded prizes.

Photo credit: Brazilian Chamber of Deputies
The winner was Meu Congress, a website that allows citizens to track the activities of their elected representatives, and monitor their expenses. Runner-ups included Monitora, Brasil!, an Android application that allows users to track proposed bills, attendance and the Twitter feeds of members; and Deliberatório, an online card game that simulates the deliberation of bills in the Chamber of Deputies.
The hackathon engaged the software developers directly with members and staff of the Chamber of Deputies, including the Chamber’s President, Henrique Eduardo Alves. Hackathon organizer Pedro Markun of Transparencia Hacker made a formal proposal to the President of the Chamber for a permanent outpost, where, as Markun said in an email, “we could hack from inside the leviathan’s belly.”
The Chamber’s Director-General has established nine staff positions for the Hacker Lab under the leadership of the Cristiano Ferri Faria, who spoke with me about the new project.
Faria explained that the hackathon event was a watershed moment for many public officials: “For 90-95% of parliamentarians and probably 80% of civil servants, they didn’t know how amazing a simple app, for instance, can make it much easier to analyze speeches.” Faria pointed to one of the hackathon contest entries, Retórica Parlamentar, which provides an interactive visualization of plenary remarks by members of the Chamber. “When members saw that, they got impressed and wondered, ‘There’s something new going on and we need to understand it and support it.’”
imageA screenshot of the website Retórica Parlamentar.
The new space will also offer an opportunity for the Chamber to work with citizen innovators to expand upon existing platforms for citizen engagement in Brazil like the Chamber’s e-Democracia project, which we profiled last year in an OpeningParliament.org case study. Faria said that the collaborative space can build on and evolve the model the Chamber already works with. “We set up [e-Democracia as] a participatory platform in the way that we thought was good, but now we need to change it for these [citizens] to take it over.” Participants in the new lab will be encouraged to use public data and open source software in their work.
The Hacker Lab is still in its formative stages. Faria said that he is in the process of organizing open meetings with leading civic hackers from all over Brazil in order to determine the best way forward for the space, and to plan new hackathons, contests and workshops in the coming months.
Faria also noted that the Chamber will be eager to share its experience with other parliaments around the world—including through the Open Government Partnership’s new working group on legislative openness—so we will continue to bring you information on the Hacker Lab as it moves ahead.