NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean.

Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration (NASA).

Yes! This time, a serious hacktivism had been triggered by the Hacking group named “AnonSec” who made their presence in the cyber universe by previous NASA Hacks.

The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers.

The hacking group has released a self-published paper named “Zine” that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak.

Here’s How AnonSec Hacked into NASA

The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a year ago.

After purchasing an “initial foothold” in 2013 from a hacker with the knowledge of NASA Servers, AnonSec group of hackers claimed to pentested the NASA network to figure out how many systems are penetrable, the group told InfoWar.

Bruteforcing Admin’s SSH Password only took 0.32 seconds due to the weak password policy, and the group gained further indoor access that allowed it to grab more login information with a hidden packet sniffing tool.

They also claimed to infiltrate successfully into the Goddard Space Flight Center, the Glenn Research Center, and the Dryden Research Center.

Hacker Attempted to Crash $222 Million Drone into the Pacific Ocean

Three NAS Devices (Network Attached Storage) which gathers aircraft flight log backups were also compromised, rapidly opening a new room for the extended hack:

Hacking Global Hawk Drones, specialized in Surveillance Operations.

Hackers have tried to gain the control over the drone by re-routing the flight path (by Man-in-the-Middle or MitM strategy) to crash it in the Pacific Ocean, but…

…the sudden notification of a security glitch in the unusual flight plan made the NASA engineers to take the control manually that saved their $222.7 Million drone from drowning in the ocean.

This hacking attempt had happened due to the trivial routine of drone operators of uploading the drone flight paths for the next fly, soon after a drone session ends.

After this final episode, AnonSec lost their control over the compromised NASA servers and everything was set to normal by NASA engineers as before.

This marked the attack’s magnitude at a steep height by infecting into other pipelines of NASA, leading to this nasty situation.

However, in a statement emailed to Forbes, NASA has denied alleged hacking incident, says leaked information could be part of freely available datasets, and there is no proof that a drone was hijacked.

“Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.”

Why Did AnonSec Hack into NASA?

If you are going to point your fingers against the AnonSec Hackers, then Wait! Here’s what the group of hackers wants to highlight:

“One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/Weather Modification, whatever you want to call it, they all represent the same thing.”

“NASA even has several missions dedicated to studying Aerosols and their affects (sic) on the environment and weather, so we targeted their systems.”

And Here’s What NASA was actually doing:

Cloud seeding: A weather alteration method that uses silver iodide to create precipitation in clouds which results to cause more rainfall to fight carbon emission which ultimately manipulates the nature.

Geoengineering: Geoengineering aims to tackle climate change by removing CO2 from the air or limiting the sunlight reaching the planet.

Similar projects are running on behalf of the US Government such as Operation Icebridge [OIB], Aerosol-Cloud-Ecosystem (ACE) which are dedicated to climate modeling.

This security breach would be a black label for the Security Advisory Team of NASA and became a warning bell to beef up the security.

(Source:- http://www.ehackingdna.com/nasa-hacked-anonsec-tried-to-crash-222-million-drone-into-pacific-ocean/33)

A New Technique For Hacking ATMs...

An old method used for stealing card details is drilling holes in the ATM and hooking a data-intercepting device to the card reader in the machine. The problem with the old-method is that the traces of tampering can be easily detected by the bank employees or service personnel.

NCR, a global manufacturer of ATMs has identified a new technique (derived from the old method) that has compromised ATMs in the United Arab Emirates and Europe.

In the new method, hackers target free-standing ATMs, such as those placed in retail locations. Access to the inside card reader is done by opening the top box of the machine by picking the locks.

Since this type of attack doesn’t leave any evidence of intrusion from the outside, the data-intercepting device can remain undetected by bank employees filling the money cassettes or by service personnel.

“…. all observed cases of eavesdropping to date have been against Personas ATMs, however all ATMs must be protected against this form of attack,” NCR says.

NCR recommends an Anti-Eavesdropping kit that provides a physical protective shield around the ATM Card reader for SelfServ and Personas ATMs.

(Source:- http://www.hacoder.com/2016/02/a-new-technique-for-hacking-atms/)

OSCP Course PDF – Penetration Testing with Kali Linux.

Penetration Testing with Kali Linux (PWK) is an information security training and ethical hacking course. This online security training is designed for network administrators and security professionals who need to acquaint themselves with the world of offensive security.

Penetration testing training introduces the latest hacking tools and techniques in the field and simulates a full penetration test from start to finish. YOU will gain hands-on experience by injecting yourself into a diverse and vulnerable network.

Starting from $800 USD, Penetration Testing with Kali Linux (PWK) is one of the most highly regarded InfoSec Training Courses in the security industry. The PWK course is delivered entirely online and is completely self-paced, allowing you to take the time to fully explore and exploit our vast virtual penetration testing lab environment. Successfully completing the 24-hour certification exam earns you the coveted Offensive Security Certified Professional (OSCP) certification.

(Source:- http://www.hacoder.com/2016/02/oscp-course-pdf-penetration-testing-with-kali-linux/)

10 year old Kid Scores 100 Percent in Java Exam, Completes 150 Minutes Paper in 18 Minutes.

Ronil Shah almost surprised everyone by scoring cent percent in a Java exam. Well, that’s not the end of the story. The story continues as he just finished the entire paper of 150 minutes in just 18 minutes. If you want to know the level of the paper, let me tell you that he competed in an exam which is generally taken by engineering graduates or professionals preparing to be software developers. That too, not all of the graduates crack it.

The Java exam was held on September 2 last year. In the IT world, this exam is very famous and it’s called Java Standard Edition 6 Programmer Certified Professional examination. This exam is an international exam and it is conducted by US-based Oracle University.

Ronil Shah did not take any previous attempt and he cleared this exam just in his first attempt. This exam is required to show the deep understanding of the programming language, Java, and is a prerequisite to many other Java certificates. Ronil is a student of standard five from Euro School in Ahmedabad, and now he is also called a ‘JAVA champion’.

As Ronil says —

“I developed so much love for computers that I started learning animation, coding programming after standard 1. I took a holiday to practice for JAVA standard edition 6 program exam. I used to reach my computer institute to practice at 11.30 am and come home by 6 pm. That is how I managed to complete my online exam in 18 minutes,” 

Ronil wants to work in robotics in coming years. We wish him all the best.

(Source:- http://fossbytes.com/10-year-kid-scores-100-percent-in-java-exam-completes-150-minute-paper-just-in-18-minutes/)

How to share files over wifi

Most of Now a days Operating System’s come with inbuilt file sharing, but most of the user pivot to cloud services like Dropbox to transfer files from even the local PC’s, but users whose internet connection is slow and they need files in a pinch this trick might come in handy help you share files over the Wifi.

The folder is shared over the Wifi as the shared it is declared as the shared folder over the two computers or the number of the computer participating in the share.
The file sharing over the wifi helps you in the faster distribution of the data moreover if you are a student and you want to share a video file with your class it may come in handy and saves lot of mobile data. First make sure both of the PC’s or laptops are connected to the same wifi network if you don’t have wifi router with you turn on wifi hot-spot in your mobile without turning on the mobile data this will create a temporary hot-spot to share files over wifi We will show you how it is done in Windows and even Ubuntu

Windows

Right Click on the folder you want to share and select the properties


Now go to the sharing tab and you will find an option called Advanced sharing

When you click on the advanced sharing option there will be another tab popped up, click on share this folder check box thus followed by deciding the name of the folder

Below you need to set the permission of whom can access your folder keep it as guest so that every body can read it, but not to delete it

Finally click share There you folder sharing is done on windows
From the other computer search in the network to find the computer on which the folder is being shared and access it.

Ubuntu

When coming to Linux there will be folder sharing software for the Linux called samba
Install it
If you didn’t install it will prompt you install the software
After installing the software, right click on the folder and click on local network share


If you didn’t install samba it will prompt you install it
There will be a dialog opened you will find and square tick box to start sharing tick and
allow the guest access


If you want specific people to access that folder then there will be special permissions in the windows
Restrict the access to your network if you are in ubuntu

(Source:- http://www.dexterstuff.com/how-to-share-a-folder-or-a-file-over-wifi/#.Vrq8odC2a00)

CyberWarfare on the Web

In recent years, social media platforms like Twitter and Facebook also have been used by Islamic State group fighters to navigate and coordinate their operations on the ground. Social media has been used by Hamas to determine how effective missile strikes on Israeli targets are.And then, of course, social media is an efficient means of spreading misinformation, a tool that has been used in wars for centuries. There are indications that Russia spends significant resources on misinformation campaigns targeting the United States. That pro-Putin comment below an online news article may seem like it was posted by an American, but may have been the work of a “Russian troll.”As New York Times writer Adrian Chen reported in June, there are entire buildings in Russia filled with employees who do nothing but feed the social media universe with misinformation. They even attempt to stir up panic situations, like the time these trolls faked a chemical leak in a town in Louisiana, causing needless alarm. These kinds of actions can have broad impacts. In 2013, the stock market plummeted temporarily and fear swept across social media after the Twitter account of the Associated Press was hacked and a bogus tweet reported that the president had been injured during a bomb attack on The White House. The state-sponsored hacker group The Syrian Electronic Army claimed credit.

Anonymous And Islamic State CyberWarfare

After the deadly terrorists attacks in Paris, the hacktivist network Anonymous declared war on ISIS. In a widely distributed video, a figure in a Guy Fawkes mask announced Operation Paris, or #OpParis, and promised the Islamist group that “Anonymous from all over the world will hunt you down.”
So far, Anonymous’ much-hyped digital war has generated lots of headlines but not much in the way of impressive results. It’s been mostly focused on identifying ISIS-affiliated websites, Twitter accounts, and internet addresses and reporting them to Twitter and other webmasters in an effort to get them shut down. Shortly after OpParis launched, Anonymous claimed to have helped get 5,500 ISIS Twitter accounts taken down, a number that ballooned to 20,000 by last Friday. An unnamed Twitter spokesperson told the Daily Dot that Anonymous’s claims are “wildly inaccurate.”
“In terms of effectiveness, I think all they can do is make a small dent,” saysGabriella Coleman, an anthropologist and the author of Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous. “Since they started, ISIS’s online presence hasn’t really shrunk or grown. It doesn’t really matter if there is a small dent. ISIS, unlike Al Qaeda, has been really savvy with online propaganda.” Last week, ISIS posted a message on the encrypted messaging app Telegram, calling the hacktivists “idiots” and offered an online security guide for their sympathizers. Noting that Anonymous had only gone after Twitter accounts, the message joked, “What they gonna hack?”

North Korea Cyber Attack on Sony

ony Pictures Entertainment is hacked. Employees are locked out of their computer network and glowing, red skeletons appear on their screens. An accompanying message says they’ve been “Hacked by #GOP” and all of their internal data have been obtained and can be shared. In the days that follow, personal information, e-mails and unreleased movies like Still Alice, Annie and To Write Love on Her Arms are leaked online.
Some speculate that North Korea is behind the attack because Sony’s upcoming comedy The Interview, starring Seth Rogen and James Franco, is about an assassination attempt on Kim Jong Un.

A screen shot of an image that appeared on computers at Sony Pictures Entertainment on Nov. 24, 2014. (Photo: Reddit)

Indian regulators have effectively blocked Free Basics, a controversial Facebook online service that sought to bring free access to a limited version of the social network and other sites to the country’s poorest people. The Telecom Regulatory Authority of India(TRAI) on Monday outlawed charging different prices for downloading different kinds of internet content.

The ruling, which regulators said was guided by the principles of net neutrality, is a major setback for Mark Zuckerberg, the Facebook chief executive, who had lobbied hard for the programme as part of a campaign to expand Internet access to billions of people around the world. Yet, it is a victory for critics who argued that Facebook’s Free Basics programme gave an unfair advantage to some internet services over others.

Facebook founder Mark Zuckerberg said he would work to make Free Basics legal.

“While we’re disappointed with today’s decision,” he wrote. “I want to personally communicate that we are committed to keep working to break down barriers to connectivity in India and around the world.
“Connecting India is an important goal we won’t give up on, because more than a billion people in India don’t have access to the internet. We know that connecting them can help lift people out of poverty, create millions of jobs and spread education opportunities.”
The World Wide Web Foundation, founded by Sir Tim Berners-Lee, the inventor of the web, welcomed the regulator’s decision.
“The message is clear: We can’t create a two-tier Internet – one for the haves, and one for the have-nots,” said programme manager Renata Avila.
“We must connect everyone to the full potential of the open Web. We call on companies and the government of India to work with citizens and civil society to explore new approaches to connect everyone as active users, whether through free data allowances, public access schemes or other innovative approaches.”

(Source:-  http://www.geekboy.co/news/india-blocks-facebooks-free-basics-app/)

Thousands of FBI and Homeland Security Details Stolen by Hackers

The Hackers Accessed the Data Through a US Department of Justice Email Account.

Hackers have Breached the US Department of Homeland Security’s System and Leaked Personal Details of the People Who Work There. The Hacker group – which we have chosen not to name – posted a database online that contained 9,355 names, titles, locations, telephone numbers and email addresses of the US government employees. The details were posted to an encrypted text-sharing website called Cryptobin. The group has warned that it has a further database, containing the details of 20,000 Federal Bureau of Investigations (FBI) employees, that it will release soon. It also claims to have access to 200 GB of data from the Department of Justice.
The Hackers claim that the leaked database contains the information of “all Homeland Security employees.” In fact, the Department employs around 240,000 people. But the Telegraph can confirm that names on the list of 9,355 employees do correspond with people that work at the Department.
The employees listed include people in the communications team, security specialists, intelligence analysts, and many more. Some of the names are publicly available on databases online, including Linked In.
One of the Hackers that claims to be behind the breach is a British male, and a former member of the Lizard Squad – The Hacking Group that claimed Responsibility for the Sony PlayStation and Xbox Live outages in Christmas 2014.
Ahead of the Release, he told Motherboard how he accessed the data – through a simple spear phishing email attack. He first got access to an internal Department of Justice network through an email account and a quick phone call to a member of staff there.
He found the database on the intranet, along with 1TB of data. He managed to download the details of about 30,000 US government employees from the FBI and Homeland Security, as well as 200GB of data. The data includes more sensitive information like credit card numbers and military emails, he said.
It is likely that the list of Homeland Security employees is just the first release that will come from the group, which describes itself as pro-Palestine. The Homeland Security data was posted under the message: “This is for Palestine, Ramallah, West Bank, Gaza, this is for the child that is searching for an answer.”
The breach is the latest in a series of foreign policy-motivated attacks against US government employees. In October, a teenage hacker accessed the personal email account of John Brennan, the CIA director. They then posted online a list of email addresses apparently from his contacts list.
The same teen followed the hack with a prank that meant every call to James Clapper, the US Director of National Intelligence, was forwarded to the Free Palestine Movement.
WikiLeaks released a trove of documents from the hacked personal email of Brennan back in October.
Peter Carr, a spokesman for the Department of Justice, said it did not think the hackers had managed to release “sensitive, personally-identifiable information”, and that if it discovered criminal activity it would press charges.
“The department is looking into the unauthorized access of a system operated by one of its components containing employee contact information,” he told The Telegraph.
“This unauthorised access is still under investigation; however, there is no indication at this time that there is any breach of sensitive personally identifiable information.
“The department takes this very seriously and is continuing to deploy protection and defensive measures to safeguard information. Any activity that is determined to be criminal in nature will be referred to law enforcement for investigation.”
A spokesman from the Department of Homeland Security said it is “looking into the reports.”
“We take these reports very seriously, however there is no indication at this time that there is any breach of sensitive or personally identifiable information,” They Said.

(Source:- http://blog.toorpwn.com/thousands-of-fbi-and-homeland-security-details-stolen-by-hackers/)

Here Are The Best Linux Distros of 2016

Here are the top Linux distros of 2016

Linux was developed by Linus Torvalds at the University of Helsinki in Finland. It was inspired by Minix, a small Unix System and was introduced in October 1991.

The first official version was Linux 0.02. In 2001, 2.4 version was released. It is developed under GNU license, which allows the source code of Linux to be distributed freely. Linux is used for networking, software development and web hosting.

Ever since it was introduced, Linux has beengaining rapid popularity among users. However, choosing the right distro is very important given that there are dozens of them which can fulfill your needs.
Swapnil Bhartiya from Linux.com has prepared a exhaustive list of best Linux distros for 2016 which you can choose according to your needs.

Here are the best Linux distros of 2016

Best Comeback Distro: openSUSE

openSUSE formerly SUSE Linux and SuSE Linux Professional, is a Linux-based project and distribution sponsored by SUSE Linux GmbH and other companies. It is widely used throughout the world, particularly in Germany. The focus of its development is creating usable open-source tools for software developers and system administrators, while providing a user-friendly desktop, and feature-rich server environment.

The company actually predates Linux king Red Hat. SUSE is also the sponsor of the community-based distro openSUSE.

In 2015, openSUSE teams decided to come closer to SUSE Linux Enterprise (SLE) so that users could have a distribution that shares its DNA with the enterprise server — similar to CentOS and Ubuntu. Thus, openSUSE became openSUSE Leap, a distribution that’s directly based on SLE SP (service pack) 1.

Furthermore, openSUSE also announced the release of Tumbleweed, a pure rolling-release version. So, now, users can use either the super-stable openSUSE Leap or the always up-to-date openSUSE Tumbleweed.

Most Customizable Distro: Arch Linux

Arch Linux is a Linux distribution for computers based on IA-32 and x86-64 architectures. The design approach of the development team follows the KISS principle (“keep it simple, stupid”) as the general guideline, and focuses on elegance, code correctness, minimalism and simplicity, and expects the user to be willing to make some effort to understand the system’s operation. A package manager written specifically for Arch Linux, pacman, is used to install, remove and update software packages.

Arch Linux is the best rolling-release distribution for the following reasons.

• Arch Linux is a great distro for those who want to learn everything about Linux. Because you have to install everything manually, you learn all the bits and pieces of a Linux-based operating system.
• Arch is the most customizable distribution. There is no “Arch” flavor of any DE. All you get is a foundation and you can build whatever distro want, on top of it. For good or for worse, unlike openSUSE or Ubuntu there is no extra patching or integration. You get what upstream developers created. Period.
• Arch Linux is also one of the best rolling releases. It’s always updated. Users always run the latest packages, and they can also run pre-released software through unstable repositories.
• Arch is also known for having excellent documentation. Arch Wiki is best go-to resource for everything Linux related.
• Arch offers almost every package and software that’s available for “any” Linux distribution, thanks to the Arch User Repository, aka AUR.

Best-Looking Distro: elementary OS

Elementary OS is a Linux distribution based on Ubuntu. It is the vehicle to introduce the Pantheon desktop environment, similar to how Linux Mint was the vehicle to introduce the Cinnamon desktop environment before Cinnamon was available in other Linux distributions.

elementary OS is quite strict about the holistic look and feel. The developers have created their own components, including the desktop environment. Additionally, they choose only those applications that fit into the design paradigm. One can find heavy influence of Mac OS X on elementary OS.

Best Newcomer: Solus

Solus is a decent-looking operating system that has been created from scratch. It’s not a derivative of Debian or Ubuntu. It comes with the Budgie desktop environment, which was built from scratch but aims to integrate with Gnome. Solus has the same minimalistic approach as Google’s Chrome OS.

Best Cloud OS: Chrome OS

Chrome OS is a browser-based operating system for online activities. However, because it’s based on Linux and its source code is available for anyone to compile.

Best Laptop OS: Ubuntu MATE

Ubuntu MATE is a free and open source Linux distribution and an official derivative of Ubuntu. Its main differentiation from Ubuntu is that it uses the MATE desktop environment as its default user interface, based on GNOME 2 which was used for Ubuntu versions prior to 11.04, instead of the Unity graphical shell that is the default user interface for the Ubuntu desktop.
Ubuntu MATE to be an excellent operating system if you are a Ubuntu lover.

Best Distro for Old Hardware: Lubuntu

If you have an old laptop or PC sitting around, breathe new life into it with Lubuntu. Lubuntu uses LXDE, but the project has merged with Razor Qt to create LXQt. Although the latest release 15.04 is still using LXDE, the future versions will be using LXQt. Lubuntu is a decent operating system for old hardware.

Best Distro for IoT: Snappy Ubuntu Core

Now a days Internet of Things (IoT) is everywhere and Snappy Ubuntu Core is the best Linux-based operating system for IoT connected devices. The operating system holds great potential to turn almost everything around us into smart devices — such as routers, coffeemakers, drones, etc. What makes it even more interesting is the way the software manages updates and offers containerization for added security.

Best Distro for Desktops: Linux Mint Cinnamon

Linux Mint Cinnamon is the best operating system for desktops and powerful laptops. I will go as far as calling it the Mac OS X of the Linux world. Honestly, I had not been a huge fan of Linux Mint for a long time because of unstable Cinnamon. But, as soon as the developers chose to use LTS as the base, the distro has become incredibly stable. Because the developers don’t have to spend much time worrying about keeping up with Ubuntu, they are now investing all of their time in making Cinnamon better.

Best Distro for Games: Steam OS

Gaming has been a weakness of desktop Linux. Many users dual-boot with Windows just to be able to play games. Valve Software, the games distributor is trying to bring as many games as possible on Linux. And, Valve has now created their open operating system — Steam OS — to create a Linux-based gaming platform.

Best Distro for Privacy: Tails

In this age of mass surveillance and tracking by marketers (anonymous tracking for targeted content is acceptable), privacy has become a major issue. If you are someone who needs to keep the government and marketing agencies out of your business, you need an operating system that’s created — from the ground up — with privacy in mind.

And, nothing beats Tails for this purpose. It’s a Debian-based distribution that offers privacy and anonymity by design. Tails is so good that, according to reports, the NSA considers it a major threat to their hacking activities.

Best Distro for Multimedia Production: Ubuntu Studio

Ubuntu Studio is an officially recognized derivative of the Ubuntu Linux distribution, which is explicitly geared to general multimedia production. It should use a lightweight desktop environment so that precious system resources — such as CPU and RAM — are used sparingly by the system itself, leaving them for the multimedia applications. And, the best Linux distribution for multimedia production is Ubuntu Studio. It uses Xfce and comes with a broad range of audio, video, and image editing applications.

Best Enterprise Distro: SLE/RHEL

Enterprise customers don’t look for articles like these to choose a distribution to run on their servers. They already know where to go: It’s either Red Hat Enterprise Linux or SUSE Linux Enterprise. These two names have become synonymous with enterprise servers. These companies are also pushing boundaries by innovating in this changing landscape where everything is containerized and becoming software defined.

Best Server OS: Debian/CentOS

If you are looking at running a server, but you can’t afford or don’t want to pay a subscription fee for RHEL or SLE, then there is nothing better than Debian or CentOS. These distributions are the gold standard when it comes to community-based servers. And, they are supported for a very long time, so you won’t have to worry about upgrading your system so often.

Best Mobile OS: Plasma Mobile

Although the Linux-based distribution Android is ruling the roost, KDE’s Plasma Mobile is one the best alternative for a mobile operating system. This Kubuntu-based distribution was launched in 2015.

Best Distro for ARM Devices: Arch Linux ARM

Arch Linux ARM is a port of Arch Linux for ARM processors. Its design philosophy is “simplicity and full control to the end user,” and like its parent operating system Arch Linux, aims to be very Unix-like. This goal of minimalism and complete user control, however, can make Arch Linux difficult for Linux beginners as it requires more knowledge of and responsibility for the operating system.

Arch Linux ARM is a purely community-based distribution that’s based on Arch Linux. You can run it on Raspberry Pi, Chromebooks, Android devices, Nvidia Shield, and what not. What makes this distribution even more interesting is that, thanks to the Arch User Repository (AUR), you can install many applications than you may not get on other distributions.

These are the best distros which we could figure out. If you find any distro that is not mentioned here but, you think is a better alternative, kindly mention the same in the comments.

(Source:- http://www.techworm.net/2016/01/here-are-the-best-linux-distros-of-2016.html)

What’s Dark Web And How Does It Work

What a tangled web we weave, indeed. About 40 percent of the world’s population uses the Web for news, entertainment, communication and myriad other purposes [source: Internet World Stats]. Yet even as more and more people log on, they are actually finding less of the data that’s stored online. That’s because only a sliver of what we know as the World Wide Web is easily accessible.

The so-called surface Web, which all of us use routinely, consists of data that search engines can find and then offer up in response to your queries. But in the same way that only the tip of an iceberg is visible to observers, a traditional search engine sees only a small amount of the information that’s available — a measly 0.03 percent.

[source: <a href="http://oedb.org/ilibrarian/invisible-web/">OEDB

What’s Dark Web ?

The Dark Web is a term that refers specifically to a collection of websites that are publicly visible, but hide the IP addresses of the servers that run them. Thus they can be visited by any web user, but it is very difficult to work out who is behind the sites. And you cannot find these sites using search engines.

Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. You may know Tor for its end-user-hiding properties. You can use Tor to hide your identity, and spoof your location. When a website is run through Tor it has much the same effect.
Indeed, it multiplies the effect. To visit a site on the Dark Web that is using Tor encryption, the web user needs to be using Tor. Just as the end user’s IP is bounced through several layers of encryption to appear to be at another IP address on the Tor network, so is that of the website. So there are several layers of magnitude more secrecy than the already secret act of using Tor to visit a website on the open internet – for both parties.
Not all Dark Web sites use Tor. Some use similar services such as I2P – indeed the all new Silk Road Reloaded uses this service. But the principle remains the same. The visitor has to use the same encryption tool as the site and – crucially – know where to find the site, in order to type in the URL and visit.
Infamous examples of Dark Web sites include the Silk Road and its offspring. The Silk Road was (and maybe still is) a website for the buying and selling of recreational drugs. But there are legitimate uses for the Dark Web. People operating within closed, totalitarian societies can use the Dark Web to communicate with the outside world. And given recent revelations about US- and UK government snooping on web use, you may feel it is sensible to take your communication on to the Dark Web. (I’ll stick to Facebook, but I like the attention.)

How Does It Work ?

it’s buried in what’s called the deep Web. The deep Web (also known as the undernet, invisible Web and hidden Web, among other monikers) consists of data that you won’t locate with a simple Google search.
No one really knows how big the deep Web really is, but it’s hundreds (or perhaps even thousands) of times bigger that the surface Web. This data isn’t necessarily hidden on purpose. It’s just hard for current search engine technology to find and make sense of it.
There’s a flip side of the deep Web that’s a lot murkier — and, sometimes, darker — which is why it’s also known as the dark Web. In the dark Web, users really do intentionally bury data. Often, these parts of the Web are accessible only if you use special browser software that helps to peel away the onion-like layers of the dark Web.
This software maintains the privacy of both the source and the destination of data and the people who access it. For political dissidents and criminals alike, this kind of anonymity shows the immense power of the dark Web, enabling transfers of information, goods and services, legally or illegally, to the chagrin of the powers-that-be all over the world.
Just as a search engine is simply scratching the surface of the Web, we’re only getting started. Keep reading to find out how tangled our Web really becomes.

How to access the Dark Web ?

Technically, this is not a difficult process. You simply need to install and use Tor. Go to www.torproject.org and download the Tor Browser Bundle, which contains all the required tools. Run the downloaded file, choose an extraction location, then open the folder and click Start Tor Browser. That’s it. The Vidalia Control Panel will automatically handle the randomised network setup and, when Tor is ready, the browser will open; just close it again to disconnect from the network.
Depending on what you intend to do on the Dark Web, some users recommend placing tape over your laptop’s webcam to prevent prying eyes watching you. A tinfoil hat is also an option.
The difficult thing is knowing where to look. There, reader, we leave you to your own devices and wish you good luck and safe surfing. And a warning before you go any further. Once you get into the Dark Web, you *will* be able to access those sites to which the tabloids refer. This means that you could be a click away from sites selling drugs and guns, and – frankly – even worse things.
Aggregation sites such as Reddit offer lists of links, as do several Wikis, including http://thehiddenwiki.org/  – a list that offers access to some very bad places. Have a quick look by all means, but please don’t take our linking to it as an endorsement.
Also, Dark Web sites do go down from time to time, due to their dark nature. But if you want good customer service, stay out of the dark!
And do heed our warning: this article is intended as a guide to what is the Dark Web – not an endorsement or encouragement for you to start behaving in illegal or immoral behaviour.


(Source:- http://www.geekboy.co/geekboy/whats-dark-web-and-how-does-it-work/)

4 Things You Didn’t Know Could Be Hacked

At two big hacking conferences in Las Vegas over the summer, security pros revealed new vulnerabilities in daily items we never considered security risks. These events serve as annual displays of the latest hacking tricks.

At one of the conferences, called Black Hat, two researchers outlined how they hacked a Jeep from more than 10 miles away using a laptop. After Wired broke that story last month, Fiat Chrystler recalled 1.4 million vehicles due to hacking concerns.
1. Rifles

© Provided by MarketWatch 4 things you didn’t know could be hacked

The Austin, Texas-based company TrackingPoint makes auto-aiming rifles that increase a shooter’s accuracy and have Wi-Fi connectivity. Within the 100- to 150-feet range of the Wi-Fi and using a mobile phone, a hacker can compromise the weapon and change the target of the shooter, says Runa Sandvik, one of the researchers who presented at the annual hacker gathering Def Con last week.
In a demonstration for Wired, Sandvik and a research partner finagled with a rifle’s software to shift aim 2.5 feet to the left, hitting a different target.
The company posted a notice on its website in response to the Wired article, saying that it is working with the researchers and will offer a software update if one is warranted. Until then, the note says, you can continue using the Wi-Fi intended for downloading photos, among other functionality, “if you are confident no hackers are within 100 feet.”
Sandvik says the Wi-Fi must be turned on to hack into the rifle and manipulate the target, and attackers cannot force the rifle to fire remotely, though they could unlock the trigger. Plus, she added, researchers have in the past found ways to boost Wi-Fi signals from other devices and stretch connectivity to longer distances.
“A successful attacker could cause the rifle to misbehave on every single shot without the shooter knowing how or why,” Sandvik told MarketWatch. “The short version here is that you cannot underestimate a motivated attacker.”
2. Electronic skateboards

© YASUYOSHI CHIBA/AFP/Getty Images A girl rides an electric skateboard in Brazil

Electric skateboards can make your ride smoother — until the board no longer listens to your controls and throws you off. Two researchers developed a hack they dubbed “FacePlant,” which gave them total control over digital skateboards by manipulating the Bluetooth connection.
An attacker could force the skateboard to connect to a laptop and then stop the board, alter its direction or disable its brakes. The hackers conducted their research with a $1,500 board made by Boosted, a Mountain View, Calif.-based company, and a $700 to $1,000 board from the Australian firm Revo and a $700 board by China’s Yuneec.
“It’s easy to point to this and say, oh it’s just a skateboard,” Richo Healey, a security engineer at the payments company Stripe, told Wired. “But for people who are buying these boards and commuting on them every day … there is risk obviously associated with that.”
3. Death records

© Corbis Funeral casket

It’s pretty simple to kill someone off — at least on paper — Chris Rock, chief executive officer and founder of the security company Kustodian, showed in a presentation at Def Con. Using information found online, anyone can complete state electronic death records, Rock found, and then register to become a funeral director online to complete a certificate of death.
Why kill someone off officially, but not physically? For revenge against an ex-partner or a jerk boss, according to Rock’s presentation, or to enjoy the insurance benefits or access elderly parents’ estates.
He also found that it’s simple to game birth records in a similar manner and create spare identities to commit crimes, and “be like a cat and have nine lives.”
4. Teslas

© Lucy Nicholson/Reuters All-wheel-drive versions of the Tesla Model S car are lined up for test drives in Hawthorne, California.

We already know that the modern car is like a smartphone on wheels in that it’s susceptible to hack attacks like any other connected device. Part of the problem is that car makers haven’t always been considered technology companies, and are now being forced to figure out how to lock down infotainment and other systems to protect drivers from potential hacking threats.
Elon Musk’s Tesla Motors  , though, is closer to a technology company than most other auto makers, says Kevin Mahaffey, chief technology officer at the San Francisco-based mobile security firm Lookout. He and a research partner from another company set out to see whether its security would be any better, and if they could hack into controls like the steering and brakes on a Tesla Model S by cracking the infotainment system.
What they found: Teslas are, in fact, built with more security in mind than the average vehicle. But they also found several vulnerabilities, and were able to remotely open and close trunks, lock and unlock doors and stop a Tesla, depending on what speed it was being driven at.
The researchers worked with Tesla, and Tesla automatically pushed an update to all the cars so drivers could patch the vulnerabilities within one to two weeks — unlike other car companies, which have had to issue recalls on vehicles with security flaws.

(Source:- http://www.geekboy.co/hacking/4-things-you-didnt-know-could-be-hacked/)