Infi-Zeal's Blog

Encrypting your sensitive data is important. As you may know, CIA... C onfidentiality I ntegrity A vailability ...are the essential elements of Information Security. There are a number of tools and methods available out there, but not all encryption tools are same. VeraCrypt , a TrueCrypt alternative, is an open source file encryption software designed to protect your online privacy. VeraCrypt enters the market within months after  TrueCrypt died , almost similar to it, but with enhancements to further secure your data. A week ago, latest version VeraCrypt 1.12 released with a new feature called PIM, which stands for " Personal Iterations Multiplier ".PIM (Personal Iterations Multiplier) is a new parameter introduced in  VeraCrypt 1.12  to secure your data. Your Password is being used to mount the encrypted container or partition, whereas… PIM value will decide the number of iterations, or in simple term, the speed of the mounting and ...

Offensive Security , the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of  Kali Linux 2.0 . Kali Linux 2.0 (Codename ‘Kali Sana’) , an open-source penetration testing platform brings hundreds of Penetration Testing, Forensics, Hacking and Reverse Engineering tools together into a Debian-based Linux distribution. Kali Linux 2.0 offers a redesigned user interface for streamlined work experience, along with a new multi-level menus and tool categories options. Kali Linux 2.0 is now a rolling distribution, means users will receive tools and core system updates frequently. Kali Linux 2.0 Features: Runs on Linux kernel 4.0,  use full Gnome 3 Desktop instead of gnome-fallback,  improved hardware and wireless driver coverage,  support for a variety of Desktop Environments,  updated desktop environment and tools,  Featuring new c...

Millions of Android devices could be hacked exploiting a plugin that comes pre-installed on your Android devices by the manufacturers. Most of the  Android device  manufacturers pre-install ‘ Remote Support Tool (mRST) ’ plugin onto their phones that are intended to help users, such as  RSupport  or  TeamViewer . But, a critical  Certifi-Gate security vulnerability  in this mRTS plugin allows malicious applications to gain illegitimate privileged access rights, even if your device is not rooted. "Certifi-Gate" Android security vulnerability According to Israeli researchers at Check Point, Ohad Bobrov and Avi Bashan, Certifi-Gate Android vulnerability lies in the way Google’s partners (manufacturers) use certificates to sign remote support tools. Remote support tools often have root level access to Android devices, even if your device is not rooted. Thus any installed app can use Certifi-Gate vulnerability to gain unrestr...

Earlier this week,  Mozilla  Security researcher   Cody Crews   discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in Firefox's PDF Viewer and the JavaScript context in order to inject a script capable of searching  sensitive files on user's local file systems . Mozilla versions of Firefox that do not contain the PDF Viewer, such as Firefox for Android, are not affected by the " Same origin violation and local file stealing via PDF reader " vulnerability. The exploit does not execute any arbitrary code but injects a JavaScript payload into the local file context, allowing the script to search for and upload potentially user’s sensitive local files. All an attacker need to do is load the page with this exploit and sit back and relax. The exploit will silentl...

Forget about Financial services and Online shopping websites, but at least we expect from Security Firms and Antivirus vendors to keep our personal and Sensitive data Encrypted and Secured. One of the most popular and much-respected Antivirus and computer security firms 'BitDefender' has recently been hacked and has had a portion of its customer data leaked. The Data Breach in BitDefender is incredibly embarrassing for the security firm, not because the company failed to prevent its customers data from hackers, but because the Security company failed to encrypt its customers’ most sensitive data . They Forget to Encrypt Customers' Passwords The most worrisome part of the BitDefender Hack – the login details were in pure unencrypted format. The Romanian security company admitted its system was breached and said that the attack on its system didn’t penetrate the server, but a security hole " potentially enabled exposure of a few user accounts and pa...

Windows 10 is built with the power features of Windows 7 and 8.1, which makes it a robust operating system. It gained 65 million users in the first three days after its release. Still counting and making Windows 10 as a universal platform for all the devices running the same operating system. By Introducing “ Windows as a service ” utility, The Microsoft is offering  Windows 10 Free Upgrade  to all the users running Windows 7 or 8.1 as a Windows update, and not as a separate product. Talking about features, ' Windows as a Service ' is considered as the most appreciated and huge feature of Windows 10 among others. 1. One Operating System for All Devices: Windows 10 Microsoft Windows 10 is a unique and single operating system that works on all your devices, ranging from mobile phones, personal computers, tablets, to the internet of things. Unlike Apple’s operating systems that is different for different platform, OS X for desktop computers and ...

Bad week for Android. Just days after a critical  Stagefright vulnerability  was revealed in the widely popular mobile platform, another new vulnerability threatens to make most Android devices unresponsive and practically unusable to essential tasks. Security researchers at Trend Micro have developed an attack technique that could ultimately crash more than 55 percent of Android phones , almost making them completely unresponsive and useless to perform very basic functions, including to make or receive calls. The dangerous security flaw affects any device running  Android 4.3 Jelly Bean and later, including the latest Android 5.1.1 Lollipop , potentially putting hundreds of millions of Android users vulnerable to hackers. The flaw surfaced two days after Zimperium researchers warned that nearly  950 Million Android phones can be hijacked  by sending a simple text message. Dubbed  Stagefright , the vulnerability is more serious because...