Webitron Technologies

Beware! Your Credit/Debit Card Can Be Hacked In Just 6 Seconds Card number, expiry date, CVV2, address -- everything is guessable Short Bytes:  A new attack mechanism, called Distributed Guessing Attack, can steal your credit and debit card details in as few as six seconds. This assault exploits two basic security flaws in the online payment systems–unlimited guesses on payment pages and variation in the payment data fields. T oday, different kinds of cards have become the de facto means of online payments. This has also resulted in an increase in the number of online frauds taking place every month. The current situation, automatically, presents before us the question — what security methods are being taken to ensure a safe cashless transaction? The researchers from the University of Newcastle have carried out a research and  published their results  in the IEEE Security & Privacy Journal. The study shows how an attack mechanism, called Distributed Guessing Attack,

OSS-Fuzz An Open Source Fuzzing Service By Google It’s just been a couple of months since Microsoft announced its Project Springfield code fuzzing service and now Google has launched the beta version of its own OSS-Fuzz. The purpose of both of these is to help developers to locate the bugs in their code which might eventually lead to breaches. Even though the purpose of both of these organisations works for the same cause, one is a paid service while the other is free; one is proprietary while the other is open source. Google has described the OSS-Fuzz as ‘continuous fuzzing for open source software’. According to the development team in Google’s Testing  Blog , “OSS-Fuzz’s goal, is to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution. OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially,  AddressSanitizer ) and provides a massively distributed execution

Here is How Hackers Perform a SQL Injection Attack A “SQL injection” (SQLI) attack is an exploit that takes advantage of poor web development techniques and, typically combined with, faulty database security. The result of a successful attack can range from impersonating a user account to a complete compromise of the respective database or server. Unlike a DDoS attack, an SQLI attack is completely and easily preventable if a web application is appropriately programmed. Executing the attack Whenever you login to a web site and enter your user name and password, in order to test your credentials the web application may run a query like the following: SELECT UserID FROM Users WHERE UserName='myuser' AND Password='mypass'; Note: string values in a SQL query must be enclosed in single quotes which is why they appear around the user entered values. So the combination of the entered user name (myuser) and password (mypass) must match an entry in the User

Social Engineering Attacks: This Hacker Shows How To Destroy Someone’s Online Life In Minutes S ocial engineering – Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak). Here we are going to show some steps and video, how hackers are performi

10 Most Dangerous Linux Commands – You Should Never Run On Linux Os Linux terminal is one of the most powerful tools in the Linux OS world. You can do anything with Linux terminal, whatever you want. Linux command lines are more interesting, useful and productive features. But it may be very dangerous, especially when you don’t know what you are doing. Even a small mistake can lead to lose your data and operating system too. A new Linux user should be very careful while executing the commands. We just want to make you aware of some of the commands which you should think before execute them. Here are the 10 most Deadly Linux command which you should know before execute them. 1. rm –rf The rm –rf command is one of the fastest way to erase your entire files and even entire content. This command leads to a lot of loss. rm: rm commands in Linux are used to erase/delete files. rm –r: this command used to delete the folder recursively and empty the folder. rm –f: this comma

How To Download YouTube Videos Without Any External Tools? YouTube is the one of the most popular video platform in the world. According to Wikipedia, YouTube has monthly 800 million visitors. More than 4 billion videos are viewed each day. Downloading the YouTube videos are very common in these days. But YouTube doesn’t provide any default option to download YouTube videos directly. There are many sites, extensions, Software and tricks for downloading the YouTube Videos. How To Download YouTube Videos Without Any External Tools? Method 1: Step 1:  Open the Developers tools in the browser and go to “Network.” If you are using Mozilla Firefox then use combine with “Ctrl+Shift+Q.” Step 2:  Now, click on “Media” in the “Network tool,” here you will see the HTTP requests made to media files, like audio and video files. Step 3:  Open any YouTube Video in browser, which you want to download. You will see the requests made by the YouTube Page to be audio &video files

Just Pressing Shift+F10 During Windows 10 Update Makes Your PC Super Easy To Hack Don't leave your machines unattended during the update. Short Bytes:  A security researcher named Sami Laiho has found a simple flaw in the Windows 10 update procedure that can let a hacker bypass BitLocker and access elevated Command Line. To do so, one needs to hold Shift+F10 during the update process. Laiho advises the users to avoid leaving their PCs unattended during the update process. B y taking the advantage of an underlying bug in the new build of Windows 10, an attacker can access an elevated Command Line interface in the Windows Preinstallation Environment by simply holding Shift+F10 during the update process. As the Command Line interface grants the administrative privileges, the hacker can access the computer’s hard drive by automatically bypassing BitLocker encryption–a feature that’s supposed to add an extra layer of security to your personal files.. This is possible due

If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds. All an attacker need to do is hold  SHIFT+F10  during Windows 10 update procedure. Security researcher Sami Laiho  discovered  this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges just by holding SHIFT+F10 while a  Windows 10  PC is installing a new OS build. The command-line interface (CLI) then grants the attacker full access to the computer's hard drive, even when the victim has enabled BitLocker disk encryption feature. Laiho explains that during the installation of a new build (Windows 10 upgrade), the operating system disables BitLocker while the Windows PE installs a new image of the main Windows 10 OS. "The installation [Windows 10 upgrade] of a new build is done by reimaging the machine and the ima