How Amazon Employee bought 'Google.com' Domain for Only $12 from Google

Difficult to believe this, as we hardly come across such news.

But trust me, a person managed to buy no ordinary .com domain, but — Google.com and that too for one whole minute.

Sanmay Ved, an ex-Google employee and current-Amazon employee, experienced something of a shock when he found that the world's largest search engine website, Google.com, was "available" for purchase.

What's Even More Shocking?

It's the cost of the most-trafficked domain in the world — Only $12.

Expecting to get an error message, Ved added the domain to his shopping cart and made payment. The entire purchasing process went through without any difficulty.

Within moments, his inbox and Google Webmaster Tools were flooded with webmaster related messages confirming his ownership for Google.com.

"The scary part was I had access to the webmaster controls for a minute," Ved said.

However, soon he received an order cancellation email and refund from Google Domains, as Google personally owns Google Domains, so it can still control all purchases made through it and revoke them if needed.

Google Forgot to Renew Ownership. Really?

It is still unclear what exactly happened – if it was due to a bug in Google Domains or the company really "forgot" to renew ownership of its address using its own domain service.

Whatever the reason, the experience of owning the search engine giant Google.com does indeed sound great.

Ved has posted all the ordeal along with screenshots on his LinkedIn account blog post.

Read more »

A New Company Called Alphabet Now Owns Google; Sundar Pichai Becomes New CEO

Well, this was a very unexpected move by Google.

Google Co-Founder Larry Page announced a restructuring of the whole company, revealing the creation of the umbrella "Alphabet" corporation.

But, don’t worry… Google isn’t dead! Rather, Google will become part of Alphabet.

Why Google Rebrands As ‘Alphabet’

Over time, Google, the Mountain View company has become a lot more than just a Search Engine.

Google created and acquired a large number of other popular Internet services, including Android, YouTube and Gmail, that makes too much difficult for a single company to manage all of them effectively.

According to Google Founders, it’s time, when different projects require different leaders, different company cultures, and different types of resources.

"Our model is to have a strong CEO, who runs each business, with Sergey and me in service to them as needed," Page wrote.

So the founders decided to create an all new parental brand that will manage both Google as well as its other far-flung projects — called ‘Alphabet’, going to be the biggest tech company most people have never heard of.

As a part of the new structure, Alphabet will manage Google and all of its other products, including:

Google

• Calico, an anti-aging biotech Research Division
• Nest, Google's Smart-Home project
• Sidewalk, a company, focused on Smart Cities
• Fiber, Company for High-speed Internet services
• Investment arms, such as Google Capital and Google Ventures
• R&D unit, such as Google X, developing Self-driving cars and Drones.

Alphabet Inc. will replace Google Inc. as the publicly traded company on the Nasdaq Stock Exchange, and shareholders will get one Alphabet share for every Google share they previously owned.

G is for 'Google' and 'Sundar Pichai 'is New CEO

Google’s senior vice president Sundar Pichai (Pichai Sundararajan), currently senior vice president of products, will be the new CEO of the Search Engine.

Google is now a more coherent company than it was previous. Google will now include the company's core businesses, including:

• Search Engine
• Advertising, Adwords, and Adsense
• Google Maps
• YouTube, the Video Service
• Android, Mobile operating system
• Chrome operating system
• related technical infrastructure.

And the current CEO Larry Page will become Alphabet’s CEO. Co-founder Sergey Brin will be its president, and Eric Schmidt will be the executive chairman of Alphabet.

"It is clear to us and our board that it is time for Sundar to be CEO of Google," Larry Page wrote in the open letter announcing the creation of Alphabet.

"Google itself is also making all sorts of new products and I know Sundar will always be focused on innovation—continuing to stretch boundaries. I know he deeply cares that we can continue to make big strides on our core mission to organize the world's information."

The 43-year-old Sundar Pichai rose quickly at Google, from working with the Chrome team to lead both the team as well as Android as senior vice president of Products.

The Launch of Alphabet Inc. will not affect you at all, but Good news… the company’s shares jumped 6 percent after hours, adding tens of billions of dollars to its value.

Read more »

Kali Linux 2.0 Released — Download Most Powerful Penetration Testing Platform

Offensive Security, the creators of Swiss army knife for Security researchers, Penetration testers and Hackers have finally released the much awaited and most powerful version of Kali Linux 2.0.

Kali Linux 2.0 (Codename ‘Kali Sana’), an open-source penetration testing platform brings hundreds of Penetration Testing, Forensics, Hacking and Reverse Engineering tools together into a Debian-based Linux distribution.

Kali Linux 2.0 offers a redesigned user interface for streamlined work experience, along with a new multi-level menus and tool categories options.

Kali Linux 2.0 is now a rolling distribution, means users will receive tools and core system updates frequently.

Kali Linux 2.0 Features:

• Runs on Linux kernel 4.0, 
• use full Gnome 3 Desktop instead of gnome-fallback, 
• improved hardware and wireless driver coverage, 
• support for a variety of Desktop Environments, 
• updated desktop environment and tools, 
• Featuring new cutting-edge wireless penetration tools, 
• Kali Linux now added desktop notifications, so that you do not miss anything, 
• Support Ruby 2.0, which will make Metasploit will load much faster, 
• Kali 2.0 added inbuilt screencasting tool so that you can record desktop.

Sadly, Kali team has removed the Metasploit Community and Pro packages. Instead, now just offers open-source Metasploit-framework package pre-installed.

Video Teaser:

Upgrade to Kali 2.0

Kali Linux users can upgrade their Kali 1.x to Kali 2.0 without reinstalling whole operating system from scratch. To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below. 

cat << EOF > /etc/apt/sources.listdeb http://http.kali.org/kali sana main non-free contribdeb http://security.kali.org/kali-security/ sana/updates main contrib non-freeEOF
apt-get updateapt-get dist-upgrade # get a coffee, or 10.reboot

Download Kali 2.0 Penetration Testing Platform

Kali Linux 2.0 is available to download in following flavors...

• Kali Linux 64 bit
• Kali Linux 32 bit
• Kali Linux VMWare or VirtualBox images
• Kali 2.0 for ARM architecture

…from the official website. You can download it either from direct download link or using Torrents.

Read more »

How Spies Could Unmask Tor Users without Cracking Encryption

The Onion Router (Tor) is weeping Badly!

Yes, Tor browser is in danger of being caught once again by the people commonly known as "Spies," who's one and only intention is to intrude into others’ network and gather information.

A team of security researchers from Massachusetts Institute of Technology (MIT) have developed digital attacks that can be used to unmask Tor hidden services in the Deep Web with a high degree of accuracy.

The Tor network is being used by journalists, hackers, citizens living under repressive regimes as well as criminals to surf the Internet anonymously. A plethora of nodes and relays in Tor network is used to mask its users and make tracking very difficult.

Any user when connects to Tor, the connection gets encrypted and routed through a path called a"circuit." The request first reaches an entry node, also known as a 'Guard' that knows the actual IP address of the user, and then goes through every hop in the route and finishes off a communication circuit via "exit nodes."

However, in some cases, an attacker could passively monitor Tor traffic to figure out the hidden service accessed by a user and even reveal the servers hosting sites on the Tor network.

Revealing identities without decrypting the TOR Traffic

Recently, Net Security team from MIT and the Qatar Computing Research Institute claimed to find a new vulnerability in the Tor's Guard gateway that can be exploited to detect whether a user is accessing one of Tor's hidden services.

They explained, Tor's Guard Gateways could be masqueraded and the packets coming from the user could be made to travel through attacker’s malicious ‘setup’ node acting as an Entry node.

In a proof-of-concept attack published this week, the researchers described this technique as "Circuit Fingerprinting,"...

...kind of behavior biometric, which includes series of passive attacks, allowing spies to unmask Tor users with 88 percent accuracy even without decrypting the Tor traffic.

This new alternative approach not only tracks the digital footprints of Tor users but also reveals exactly which hidden service the user was accessing; just by analyzing the traffic data and the pattern of the data packets.

"Tor exhibits fingerprintable traffic patterns that allow an [enemy] to efficiently and accurately identify and correlate circuits involved in the communication with hidden services," says the team.

"Therefore, instead of monitoring every circuit, which may be costly, the first step in the attacker's strategy is to identify suspicious circuits with high confidence to reduce the problem space to just hidden services."

The technique nowhere breaks down the layered encrypted route of Tor network, so being encrypted doesn't make your identity anonymous from others.

Does the vulnerability Really utter Truth?

The Tor project leader Roger Dingledine raises a question to the researchers asking about genuineness of the accuracy that the Traffic fingerprinting technique delivers....

... leaving the researchers and the users confused.

As for the Tor, it is considered to be a popular browser that protects your Anonymity while accessing the Internet. However, with the time and successful breaches, it seems that this phenomenon of the Tor network could get depleted.

According to the MIT News article, the fix was suggested to Tor project representatives, who may add it to a future version of Tor.

Read more »

Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know

Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10.

Of course, if you are one of the Millions, you should aware of Windows 10's Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password.

Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should disable it right away.

Even some researchers advised Windows 10 users to rename their Wi-Fi access points.

Before discussing the risks of Wi-Fi Sense, let's first know how it works.

How Windows 10 Wi-Fi Sense works?

Windows 10 Wi-Fi Sense feature allows you to share your Wi-Fi password with your friends or contacts, as well as lets you automatically connect to networks that your friends and acquaintances have connected to in past, even if you don't know the password.

Now, when those friends are within the range of your Wi-Fi network, Windows 10 automatically joins the network with that saved password you just shared with your friends and logs them in, without prompting them for a password.

Enabled by Default, but It's not the actual Security Threat, Here's Why:

Wi-Fi Sense feature is enabled by default in Windows 10 to make it easier for users to receive instant access to the Shared Networks by their Friends or Contacts.

But, But, But… did you notice that the feature says "For networks I select..."?

"Enabled by default" doesn't mean your Wi-Fi passwords are automatically going to be shared with your Facebook or Skype contacts by default, unless you won’t manually configure your Wi-Fi Sense settings to share selected network access with any contact group.

Under "For networks I select..." option, you can explicitly control which group of contacts from which social networks get access to which Wi-Fi Network.

Until or unless you do not offer your Wi-Fi password to Wi-Fi Sense, it will not let selected contact group to connect to your network.

This means Wi-Fi password sharing option is OFF for every social network by default.

And of course even if you choose to share your Wi-Fi network with your contacts, Wi-Fi Sense only shares Internet access and not your actual Wi-Fi password.

Why You Should be Scared of Wi-Fi Sense (Actual Security Threat)

Microsoft promoted Wi-Fi sense as:

In simple words, now you don't need to read out loud your Wi-Fi password, character by character when your friends are at your home and want to use The Internet. So similarly, you don’t need to shout across the office or your friend’s house "What’s the Wi-Fi password?"

However:

"If you choose to share with your Facebook friends, any of your Facebook friends who are using Wi-Fi Sense on a Windows Phone will be able to connect to the network you shared when it's in range, You can't pick and choose individual contacts." -- Microsoft FAQ says.

As a general Internet user, I used to accept almost every friend request on the Facebook and also communicate with lots of people on Skype or Outlook. In short, the majority of people in my contact list are whom I don't know personally or trust.

So, If I can't choose any individual contact from my list, then enabling "Network password sharing feature" will share my network access with all my contacts in the selected social network.

Microsoft also Argued:

Neither it allows anyone to access your local resources so that nobody can hunt through your personal files.

However, We know that...

The biggest threat of sharing your Wi-Fi access with everyone on a list is just like you are allowing hackers to position themselves between you and the connection point i.e. Man-in-the-Middle attack.

In such attack scenarios, the hacker can access every piece of information you're sending out on the Internet, including important emails, account passwords or credit card information.

Sitting on the same network, an attacker can also target your machine directly using Metasploit or any other hacking tool.

Ultimately, Windows 10 Wi-Fi Sense probably is not the most secure feature in the world, but it is not that bad either, if in future, Microsoft could allow Windows 10 users to choose individual contacts from a group.

For Now… Should You Stop Using It?

Like many things in life, we have to make a choice between things that make our life comfortable and that provide us absolute security.

AND, if you are concerned more about security, just turn Wi-Fi Sense OFF.

How to Turn Windows 10 Wi-Fi Sense OFF?

To disable Wi-Fi Sense, go to Windows Settings, then Network & Internet and then click "Change Wi-Fi settings," and then "Manage Wi-Fi settings."

From there, you can change a variety of settings. Turn OFF everything under the Wi-Fi Sense heading; disable WI-Fi password sharing with Facebook, Outlook, or Skype; and have Wi-Fi Sense forget the list of known Wi-Fi networks.

Read more »