Featured

SALAMI ATTACK

GUYZ  AFTER  A  LONG  TIME I M BACK  WITH  THE NEW  ARTICLE.

MY ONLY AIM  IS  TO  SHOW THE  DARK  SIDE  OF  WEB  ATTACKS. IN THIS  PERSPECTIVE  I  BOUGHT  THE  NEW  ATTACK  “SALAMI  ATTACK”

Salami slicing refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively. Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.

An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.

In politics, the term salami tactics has been used since the 1940s to refer to a divide and conquer process of threats and alliances used to overcome opposition.

In academia, salami slicing refers to the practice of creating several short publications out of material that could have, perhaps more validly, been published as a single article in a journal or review.

HOW  TO  AVOID  SALAMI  ATTACK……………………

A company that protects personal account information of a customer has to be on the lookout for individuals who wish to put them in a compromising situation when it comes to another’s funds. Raj B Lonsane states that it is important to know how to tackle this from an angle that is highly sophisticated.

  1. a) Banks have to update their security so that the attacker doesn’t familiarize himself/herself with the way the framework is designed, before finally hacking into it states Raj B Lonsane.
  1. b)     Raj B Lonsane adds that banks should advise customers on reporting any kind of money deduction that they aren’t aware that they were a part of. Whether a small or big amount, banks should encourage customers to come forward and openly tell them that this could mean that an act of fraud could very well be the scenario.
  1. c)      Most Important according to Raj B Lonsane is that Customers should ideally not store information online when it comes to bank details, but of course they can’t help the fact that banks rely on a network that has all customers hooked onto a common platform of transactions that require a database. The safe thing to do is to make sure the bank/website is highly trusted and hasn’t been a part of a slanderous past that involved fraud in any way.

A salami attack can seem innocent at first, especially if people do not keep track of their finances when it exits their accounts. A lot of people aren’t aware of how money comes and goes, with attackers taking the advantage for such indifference on the part of customers. In the world of cyber criminals, these acts are a way at the end of it all, to seize funds as a way of going against the company for personal reasons, or for no reason at all.

Raj B Lonsane states that a common case of a salami attack is what is called the ‘collect the roundoff’ technique, where a programmer tweaks the arithmetic code sequence, where the calculation exceeds the customary two/three that is meant for financial record keeping. It is like when the currency is in dollars, the roundoff is made to the nearest penny half the time, where it can be lesser the other times. If these fractions are collected, they can then amount to quite a sum of money that financial companies will not take notice of. Another major cause found a programmer cutting off 20 to 30 cents per account two or three times a year, where it went unnoticed by account holders who didn’t pay much attention to small amount deducted.

Salami attacking is a security issue that many places have had to deal with given the malicious intent of those who break through the security that these financial institutions have on their databases. Raj B Lonsane states that Cyber crime amounts to devastating and overseen attacks that plague the world we live in. Security officials are battling it out on the Internet every day to keep the attacks under control, without breaching it on a national or worldwide scale.

IF  ANYONE  OF  YOU  WANTS  TO  KNOW  HOW  TO  DO  THIS  ATTACK.

PLEASE  COMMENT  ON  THIS  POST  AND PING ME…..

 

G-20: The Future of Global Economic Cooperation!!

Image
Image

Attending the G20 Summit in New Delhi, India was a unique and insightful experience that provided valuable insights into the world economy and international relations. In this blog post, I will share my experience attending the summit and highlight some key takeaways and recommendations. The theme of India’s G20 Presidency – “Vasudhaiva Kutumbakam” or “One Earth · One Family · One Future” – is drawn from the ancient Sanskrit text of the Maha Upanishad. Essentially, the theme affirms the value of all life – human, animal, plant, and microorganisms – and their interconnectedness on the planet Earth and in the wider universe.

Image

The G20 Summit is an international forum of the world’s largest economies that was formed to promote international economic cooperation and global economic governance. The G20 Summit is an important platform for addressing global economic challenges, and the discussions and events at the summit are closely watched by policymakers, business leaders, and economists around the world.

New Delhi, the location of the summit, is a city with a rich history, culture, and significance in India. India is the world’s fifth-largest economy and has been one of the fastest-growing economies in recent years. The country’s economic success has been driven by its strong services sector and efforts to attract foreign investment.

During the summit, I had the opportunity to attend several events and discussions that focused on a range of important topics. One of the most important discussions was on global economic growth and the challenges facing the world economy. The discussions also touched on trade, climate change, and financial regulation, among other topics. I got invited for meeting with the President of India at CII’s 25th IETF 2023 in Pragati Maidan.

Image

My personal experiences attending the summit were very positive. I had the opportunity to meet and interact with policymakers, business leaders, and economists worldwide. I was impressed by their knowledge, expertise, and commitment to addressing global economic challenges.

One of the key takeaways from the summit was the importance of international cooperation and collaboration in addressing global economic challenges. The discussions at the summit highlighted the need for countries to work together to address issues such as climate change, trade, and financial regulation.

Another important takeaway from the summit was the need for countries to adopt policies that promote inclusive growth and reduce inequality. The discussions at the summit emphasized the importance of ensuring that the benefits of economic growth are shared widely and that no one is left behind.

In conclusion, attending the G20 Summit in New Delhi, India was an insightful and informative experience that provided valuable insights into the world economy and international relations. The discussions and events at the summit highlighted the importance of international cooperation, inclusive growth, and reducing inequality. As we move forward, it is important for policymakers, business leaders, and economists to continue to work together to address global economic challenges and promote sustainable economic growth.

Image

The Confederation of Indian Industry (CII) is celebrating the 25th Silver Jubilee of the India International Engineering and Technology Fair (IETF) in 2023. This event is an important platform for showcasing the latest advancements and innovations in the engineering and technology sector.

The IETF is a flagship event of the CII and has been held every two years since 1975. The fair attracts participants from India and around the world and provides a platform for showcasing the latest products, technologies, and services in the engineering and technology sector.

The event is scheduled to take place at Pragati Maidan, New Delhi, from February 16-19, 2023. The event will feature exhibitions, conferences, and seminars on a wide range of topics, including renewable energy, artificial intelligence, automation, robotics, and many others.

The CII’s 25th Silver Jubilee IETF 2023 promises to be an exciting and informative event for participants. It will provide a unique opportunity to learn about the latest advancements and innovations in the engineering and technology sector and to network with industry experts and leaders.

The IETF 2023 will also serve as a platform for policymakers, business leaders, and entrepreneurs to explore new business opportunities, partnerships, and collaborations. The event will provide an ideal platform to showcase new technologies and products, and to exchange ideas and insights with peers from around the world.

In conclusion, the CII’s 25th Silver Jubilee IETF 2023 promises to be an exciting and informative event for anyone interested in the engineering and technology sector. It is an event not to be missed, and participants can expect to gain valuable insights, knowledge, and connections that will be beneficial for their business and professional growth.

How to Build First Extension in 5 minutes

Image

What are Extensions?

👉It’s a program or a few lines of code that will change your experience while you work on your favorite browsers whether it is Microsoft Edge, Google Chrome, or Mozilla Firefox.

👉 It really helps you to modify some functions of your browser so that you feel amazing while you are working on the browser. For Example- Grammarly (Not Sponsored😂)

Why do we need an Extension?

I am not going to say this you all should use extensions but I would like to say that everyone must try extensions as it is really helpful most of the time as we all know how Grammarly has changed many lives. It’s nothing but like the cherry on the top of the cake or we can say it is like a discount for us when we use our browser. Why I am saying Grammarly or extensions are life savings because now I am going to share the roadmap of Grammarly.

Image
Source- Google Images

📌 Step-by-Step Guide:- How to Build your first Extension?

An extension is made up of a few files and before starting make one folder with any name so in my case I have used “Hello 0xvph”. So we are going to make a basic extension so like “Hello world” I came up with “Hello 0xvph”.

Then we need 3 most important files which are-

Image
hello 0xvph (Folder)
  • manifest.json– it is very important because it is a heart of our extension so whatever we want to tell extension this file will help you. So, basically it takes all our instructions and gives us a output.
  • popup.html- This is important because after giving the instructions we wanted to see our output so this file shows what extension loads.
  • icon.png- This file can be anything like according to you as I will definitely going to use my image here because it’s our first extension and atleast we should have some satisfaction like we did something cool🤩😍
Image
manifest.json
{
    "manifest_version": 2,

    "name": "Hello 0xvph!", 
    "version": "0.1",
    "description": "My first extension.",
    "browser_action": {
        "default_icon": "icon.png",
        "default_popup": "popup.html"
    },
    "permissions": [
        "activeTab"
     ]
}

Now, Let me explain to you what is the function of each field:-

  • manifest_version is required by Google’s extension framework. It must be set to 2 to indicate the current manifest framework.
  • browser action identifies the type of extension you’re building. A browser action extension places a clickable icon in Chrome’s menu bar, allowing the user to interact with your extension and run its contents.
  • default_icon shows the path to the icon. It starts from the extensions directory.
  • default_popup shows the path to the file that will run when the extension is clicked. It will be shown beneath the extension in a popup box.
  • permissions tells the extension where it’s allowed to operate. activeTab is the most common, allowing the extension to access information about the front-most tab.
Image
popup.html
<!doctype html>
<html>
    <head>
         <title>Hello 0xvph</title>
    </head>
    <style type="text/css">
        body {
            margin: 10px;
        }
        h1 {
            font-size: 15px;
            text-align: center;
        }
    </style>
    <body>
        <h1>Hello 0xvph!</h1>
    </body>
</html>

Load Your Extension

Once you’ve finished writing your extension, you can load it into Chrome.

Navigate to chrome://extensions and turn on Developer Mode by ticking the checkbox in the upper right.

Then click the “Load unpacked extension…” button and select the extension’s directory. Chrome will run a basic debug on your manifest.json file to make sure it’s up to snuff.

Image
My Extension

Once the extension is loaded, you’ll see its icon in the menu bar. Now we’re getting places!

Jobs- 03/11/2021

Hey Folks!!

We all need a descent jobs according to our career goals and aim. I am back with Job posting and you will get such updates here.

🛑 Adobe Technical Staff 1:- https://bit.ly/3q3KJSj

What you will do:

  • Collaborate with architects, product management and other engineering teams to create the technical vision, and road map for the team.
  • Design, development and testing of large scale, low latency high volume micros services which serves millions of requests every day.
  • Define and drive the best software development/engineering and operational practices for the team.
  • Explore new open source technologies, adopt and contribute back to open source.
  • Mentor and help junior team members to excel.

Must have skills:

  • Experience in design and development of software systems
  • B.S/B.E./B. Tech. in Computer Science or equivalent engineering degree
  • Experience in Java
  • Proven expertise in distributed systems and building RESTful services

Preferred skills:

  • Experience with front end frameworks like React. Angular etc.
  • Experience with technical operations and CI/CD
  • Familiarity with Docker, Mesos, and Kubernetes
  • Familiarity with monitoring systems like NewRelic, DataDog, Grafana etc

🛑 Cisco Software Engineer:- https://bit.ly/2ZKES9x

What You’ll Do

✔ Develop, troubleshoot and debug Automation suite ,programs for enhancements and new products.

✔ Validate new hardware design ,Software to determine overall quality of the product .

Qualifications

 ✔2 to 3 years of overall industry experience OR Recent graduate or on your final year of studies towards a Bachelor’s or Master’s Degree in Computer Science, Computer Engineering, Electrical Engineering, related majors such as Math, Physics

✔ Minimum of a 8.5 GPA or higher

✔ Solid understanding of computer science fundamentals and software engineering with an aptitude for learning new technologies

✔  Proficient in automation scripting. Experience in Scripting. Languages like TCL, Expect, Python preferred.

  • Good understanding of Intel/AMD based server Architecture and Operating Systems concepts will be added advantage .

✔ Possess creative problem solving skills and excellent troubleshooting/debugging skills

✔ Experience in establishing and sustaining excellent relationships with the extended team

✔ Excellent verbal and written skills

Do share with your friends and in your network because maybe someone is really need of this. For more such update follow me on

Instagram:- https://www.instagram.com/techie_vp

Twitter:- https://twitter.com/0xvph

How Re-VoLTE Attack Works?

A group of researchers—who are very popular in cyber security field, today presented a new attack called ‘Re-VoLTE,’ that could let remote attackers break the encryption used by Vo-LTE voice calls and spy on targeted phone calls. Before getting deep into this attack first let me tell explain you what is Vo-LTE and How it works?

Introduction-

Voice over LTE (Vo-LTE) is a packet-based telephony service seamlessly integrated into the Long Term Evolution (LTE) standard. By now all major telecommunication operators use VoLTE. To secure the phone calls, Vo-LTE encrypts the voice data between the phone and the network with a stream cipher. The stream cipher shall generate a unique keystream for each call to prevent the problem of keystream.

◘ How Vo-LTE works?

Vo-LTE (voice over LTE) refers to voice calls that are made over a 4G LTE network instead of more traditional calls which are made by using CSFB (Circuit-Switched Fall-back), a system that switches back to 2G or 3G technologies just before connecting a call.

Image
Source:- Google Images

How does the Re-VoLTE attack works?

The Re-VoLTE attack aims to eavesdrop the call between Alice and Bob. We will name this call the target or first call. To perform the attack, the attacker sniffs the encrypted radio traffic of Alice within the cell of a vulnerable base station. Shortly after the first call ends, the attacker calls Alice and engages her in a conversation. We name this second call, or keystream call. For this call, the attacker sniffs the encrypted radio traffic of Alice and records the unencrypted sound (known as plaintext).

Image
Source:- Google Images
•What does Re-VoLTE exploit?

The Re-VoLTE attacks exploit the reuse of the same keystream for two subsequent calls within one radio connection. This weakness is caused by an implementation flaw of the base station (e-NodeB). In order to determine how widespread the security gap was, we tested a number of randomly selected radio cells mainly across Germany but also other countries. The security gap affected 12 out of 15 base stations.

Image

Since the issue also affects a large number of providers worldwide, researchers released an open source Android app, called ‘Mobile Sentinel,’ that you can use to detect whether their 4G network and base stations are vulnerable to the Re-VoLTE attack or not.

Researchers—David Rupprecht, Katharina Kohls and Thorsten Holz of RUB University Bochum and Christina Pöpper of NYU Abu Dhabi—have also released a dedicated website and research paper PDF, titled “Call Me Maybe: Eavesdropping Encrypted LTE Calls With REVOLTE,” detailing the Re-VoLTE attack, where you can find more details.

If you need more details and demo please refer to this video.

Source:- Youtube

If you Find this article interesting?👏 Follow my work🏆 on FacebookTwitter , Instagram and LinkedIn to read more exclusive content. ✔📢

Amazon’s First Robo-Taxi!!

Image

Zoox, a self-driving car company that Amazon bought in June, has finally revealed its Robo-Taxi after 6 years of prototype. And while it broadly resembles other first-generation autonomous vehicles from automakers and Silicon Valley startups, Zoox’s robotaxi has a few standout features, as well as an overall polish to it that makes obvious why Amazon thinks it might be the cornerstone of this market of Robo-Taxi.

This autonomous “carriage-style” vehicle is an all-electric four-wheeler that can accomodate up to four people, and is similar in appearance to fully self-driving vehicles created by other companies(mostly Google) in this space. At just 3.63 meters long, it falls somewhere in between the big, box robotaxi from Cruise which is owned by General Motors and the delivery focused robot made by Nuro,

Image
source:- Google Images

The Robo-Taxi is powered by a 133kWh battery pack, which is a little bigger than the packs that currently power Tesla’s most capable vehicles. Zoox says these battery packs will last for 16 hours of continuous use which is very high as compared to Tesla.

Zoox was founded to make personal transportation safer, cleaner, and more enjoyable—for everyone. To achieve that goal, the team created a whole new form of transportation.

Zoox will provide mobility-as-a-service in dense urban environments. We will handle the driving, charging, maintenance, and upgrades for our fleet of vehicles. The rider will simply pay for the service. In 2020, Zoox joined forces with Amazon. And in the process, solidified our future in the autonomous vehicle industry. We are focused on testing on private and public roads as we move towards launching the first Zoox ride-hailing service.

Image
Source:- https://www.instagram.com/techie_vp

Zoox are also hiring so they have multiple job openings in software, hardware, Data Science fields, etc. For more details regarding the various job & internship role openings please refer https://zoox.com/careers/.

For more Details regarding this

DM me on any Social Media Platforms:-

Linkedin:- https://www.linkedin.com/in/vishekpratap

Ig:- https://www.instagram.com/techie_vp

FB:-https://www.facebook.com/vishek134

Real Or Fake- Mitron App

As, we all know the Mitron App which gets a lot of hype and become trending app on playstore after the #tiktokvsyoutube Roast video by carryminati on youtube and all Indian people started giving bad reviews to tiktok on playstore and in April 2020 the so called Mitron App came in picture where everyone is comparing this app with tiktok and saying that it’s a Indian version of TikTok but the reality is different.

Mitron app, which has been attempting to tap into both the vocal for local and the anti-TikTok narratives, appears to have not been made by an IIT student, after all. ShopKiller e-Commerce, which is the promoter behind the Mitron app, said, “We want to work in stealth mode, and didn’t want people to know us by our name.

Image
source:-Google

It is important to note that purchasing an app’s source code and using it with a different name is not illegal or unprecedented. Qboxus has in the past built multiple apps that work as clones of other popular apps. Some of its offerings include Hashgram (based on Instagram), Foodies Single Restaurant (akin to Zomato) and TicTic (replicated from TikTok). Of the lot, it is the latter that happens to be one of their most popular listings on the Google Play Store, with over 5,000 downloads and 50-odd reviews with a rating of 3.3.

Whether is it safe or not?

Given the present situation of apps without adequate security protocol on Google Play, it remains to be seen if Google penalises the Mitron app for operating without any privacy policy, no clarity on what it does with user data, and simply hopping on to the Make in India bandwagon by purchasing the source code of a TikTok clone.

Image
source:-FB

Youtube Video:-

For better understanding whether this app is indian origin or not? I must suggest you to check this video on youtube.

Go and watch this video.

Important News from YouTube 😎😊

👉👉👉IMPORTANT NEWS👈👈👈

Today I am going to tell you about an Important News…
This News is coming from Youtube side. Two days ago Youtube made an announcement in which Youtube told to Creators that On 13th and 14th december You might see a decrease in Your no. of subscribers as they remove spam subscription from Your Channel… Removing spam from platform helps to ensure that YouTube remains a fair playing field for everyone and should result in higher confidence that you’re organically building a community of authentic fans….

Maybe Some Questions are arising in Your mind…
Let me tell you answer of some important questions which was mentioned in their announcement…

1. How do You know that you have spam subscribers?

Ans. If Youtube removed spam subscribers from your Youtube channel then You’ll see a banner in YouTube studio or Classic Creator Studio…

2. What does YouTube do about spam?

Ans. YouTube has spent years to building out their advanced technology to identify spam on the platform — it uses advanced statistics, machine learning, label propagation, anomaly detection and manual review…

3rd and Most important :-
What if You have fallen below the YouTube Partner Program (YPP) threshold of 1,000 subscriptions as a result of the removal?

Ans. If Your subscribers has fallen below 1000 then Your channel will be removed from their Youtube Partner Program ( YPP)..

4. How will this affect watch time on your channel?

Ans. These are artificial actions, They do not expect removing these will impact watch time on your channel.

Follow me on Instagram:- @vishekp for more updates…

Facebook Bugs Fixed that reveal the photos of approx 6.8million users..😟

🔺Another Facebook Bug Exposed Private Photos Of 6.8M Users🔺

Facebook troubles and the resultant chaos have now become so frequent that it won’t be wrong to consider them a routine. The last issue happened when Facebook exposed 30 million user accounts to hackers due to three different bugs. Now, following the trend, Facebook has confessed to an API glitch affecting 6.8 million users. Allegedly, this Facebook bug exposed private photos of the affected users to third-party apps.

In developer news published on Friday, Facebook has confessed breaching users’ privacy due to a glitch. Reportedly, a Facebook bug exposed private photos of millions of users to third-party apps.

Instagram hacks that locking users logged account of there accounts…..

2018-09-14 19_53_17-Start

Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts.

A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking them out of their account with their email addresses changed to .ru domains.

According to victims, their account names, profile pictures, passwords, email addresses associated with their Instagram accounts, and even connected Facebook accounts are being changed in the attack.

Many of the affected Instagram users are also complaining about their profile photos replaced with stills from popular films, including Despicable Me 3 and Pirates of the Caribbean.

Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or hacking group is behind the attack, or perhaps hackers pretending to be from Russia.

First spotted by Mashable, the hack even affected Instagram users with two-factor authentication (2FA) enabled, as at least one user told Mashable that he was using 2FA, but it did nothing to stop his account from being hacked. However, it is currently unconfirmed.

2018-09-14 19_54_16-Start

Instagram currently relies on text messages for two-factor authentication, which is believed to be less secure than other app-based 2FA methods, but the Facebook-owned company says it is working on improving its 2FA settings.

However, since the unknown technique being used by attackers to hack Instagram accounts is still unaddressed, there’s nothing much you can do if the suspected loophole can also bypass two-factor authentication.

The motive behind the attacks is still unknown, but it appears that the attacks on Instagram are still happening at the time of writing.

For more information, users are recommended to visit the Instagram Help Centre dedicated to hacked accounts, which includes security tips as well as steps they can take to restore their account.

Flaw in LinkedIN💯

Image

Image
Not just Facebook, a new vulnerability discovered in Linkedin’s popular AutoFill functionality found leaking its users’ sensitive information to third party websites without the user even knowing about it.
LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address, ZIP code, company and job title, with a single click.
In general, the AutoFill button only works on specifically “whitelisted websites,” but 18-year-old security researcher Jack Cable of Lightning Security said it is not just the case.
Cable discovered that the feature was plagued with a simple yet important security vulnerability that potentially enabled any website (scrapers) secretly harvest user profile data and the user would not even realize of the event.
A legitimate website would likely place a AutoFill button near the fields the button can fill, but according to Cable, an attacker could secretly use the AutoFill feature on his website by changing its properties to spread the button across the entire web page and then make it invisible.

And i am providing you the screenshot of the site that i made for demo so you can check that site, I can provide you the link also.

https://lightningsecurity.io/LinkedInDemo.html

Image

Thank you so much please like,share and comment also.