Stagefright Attack : It takes only a single text message to hack an Android Smartphone

Stagefright attack, the Mother of all Android Vulnerabilities puts 950 million smartphones at risk

Over 95 percent of Android smartphones in circulation or roughly 950 million smartphones may be vulnerable to a unique but critical hack attack called Stagefright.
Joshua Drake from Zimperium Mobile Security discovered six + one critical vulnerabilities in the native media playback engine called  Stagefright. He calls this weaknesses ‘Mother of all Android Vulnerabilities’.
Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. While the exploit is deadly, in some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data.
Stagefright is a native media playback tool used by Android and all these weaknesses reside in it. Drake states that they are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data.
Stagefright attack, the Mother of all Android Vulnerabilities puts 950 million smartphones at risk from remote execution
The following design chart explains the working of Stagefright
According to Drake, all that the potential hacker needs to do is to send out the exploits to the would be mobile phone numbers. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions.
Once the vulnerability is exploited, the hackers can access almost anything including recording of audio and video, snooping on photos stored in SD cards. Even the humble Bluetooth radio can also be hacked via Stagefright.
Depending on the MMS application in use, the victim might never know they had even received a message.
The vulnerabilities are so critical that sending an exploit code to to the victim’s Google Hangouts would “instantaneously trigger the exploit even before the user can even look at the smartphone or before you even get the notification”.
Another interesting aspect of the exploit is that once the it has been delivered, the hacker can delete the message before the user had been alerted about it, making attacks completely silent.
Drake will give the full disclosure along with Proof of Concept at Def Con on 6th August. He stated to Forbes that he had reported about the bugs in April this year and Google has sent out the patches to its smartphone manufacturing partners.
Drake stated that a total of seven vulnerabilities had been sent to Google by 9th April, 2015 and Google had reported back to him that it had scheduled patches on May 8th 2015.  Further, Google assured Drake that all future Android versions will be released pre-patched against these vulnerabilities.
However as is the case with any Android smartphone update, the smartphone manufacturers rarely pass on the patches to the end users of the smartphone. Particularly the smaller manufacturers who make localised Android smartphones. As such, it can safely be assumed that almost 950 million Android smartphones and tablets in circulation may be exploitable using the Stagefright vulnerability.
“All devices should be assumed to be vulnerable,” Drake told Forbes. Drake says that only Android phones below version 2.2 are not affected by this particular vulnerability.
“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus… where the default MMS is the messaging application Messenger. That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it,” Drake added.
In an emailed statement sent to Forbes, Google thanked Drake for reporting the issues and supplying patches, noting its manufacturer partners should deploy in the coming weeks and months.
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,” a spokesperson said.

0 comments:

Researchers use a basic cell phone to hack air-gapped computers


Researchers from Ben Gurion University Hack air-gapped computer using a basic phone with radio signals

Air-gapped computers are considered the safest option from hack attacks because they are not connected to the Internet or the outside world. Most companies including defence departments and NASA use air-gapped computer to store their most confidential data. Researchers from Israel’s Ben Gurion University have devised a new method for exfiltrating data from such air-gapped computers by bypassing all protections.
All they needed was a working GSM network in the room where the air-gapped computer is present, electromagnetic waves and a basic low-end mobile phone. The researchers from  Cyber Security Research Center at Ben-Gurion University of the Negev have demonstrated their hacking skills through a video given below and said that it serves as a warning to defense companies and others that they need to immediately “change their security guidelines and prohibit employees and visitors from bringing devices capable of intercepting RF signals.”

The Attack

The attack requires both the targeted computer and the mobile phone to have malware installed on them. Once the malware has been installed on the targeted computer, the attack exploits the natural capabilities of each device to exfiltrate data using electromagnetic radiation.
All electronic gadgets including computers emit electromagnetic radiation of varying degrees during their normal operation. The researchers said that the basic cell phone has been designed in such a way to receive such signals. They combined these two factors and were able to exfiltrate data without triggering any protection alarms.
Earlier researchers were able to hack a air-gapped computer using radio signals generated by a computer’s video card that get picked up by the FM radio receiver in a smartphone. This attack PoC build on that but goes a step further because it can be used in environments where smartphones are prevented as it uses a basic feature phone as an attack vector.
“[U]nlike some other recent work in this field, [this attack]exploits components that are virtually guaranteed to be present on any desktop/server computer and cellular phone,” the researchers noted in theirpaper (registration required).
The researchers admit that this attack permits only a small amount of data using a feature phone, however they say it is enough to exfiltrate passwords or even encryption keys. The exploit is also a serious issue because it can be performed without the attacker being in the same room as the air-gapped computer. The researchers found they could also extract much more data from greater distances using a dedicated receiver positioned up to 30 meters away. This means someone using the above technique could wirelessly exfiltrate data through walls from a parking lot or another building.

Mitigation

The researchers noted that the only way to mitigate such attack is to impose a complete ban on all kinds of cell phones in the area of the air-gapped computer. Further the companies could strengthen the working environment with insulated walls or partitions.

Credits

The research was conducted by lead researcher Mordechai Guri, along with Assaf Kachlon, Ofer Hasson, Gabi Kedma, Yisroel Mirsky, and Elovici. Guri said that they will present their findings next month at the Usenix Security Symposium in Washington, DC.

0 comments:

Hackers can take over Steam gamers accounts for 2 weeks with a simple trick



Steam can be hacked by using just username due a security hole (VIDEO)

Popular digital distribution service, Steam had an critical bug which allowed hackers to hack into gamers account for two weeks. For the past week many Steam users have complained that their accounts were being accessed and manipulated from other PCs.
Steam is an Internet-based digital distribution platform developed by Valve Corporation offering digital rights management (DRM), multiplayer, and social networking. Steam provides the user with installation and automatic updating of games on multiple computers, and community features such as friends lists and groups, cloud saving, and in-game voice and chat functionality. It is highly popular among gamers around the world.
The hack attack was fairly simple and anybody who Steam gamers user name could exploit the bug. Elm Hoe, a Steam gamer and YouTuber, help spread word of the breach on July 25 when he posted a video which is given below :

Once the hacker knew the Steam gamers account name, they simply had to visit Steam’s Lost Password page, enter the targeted account and simply click Continue when asked to enter their email verification.
Steam took its services offline on 26 July while Valve, which owns Steam, worked on the issue. Right now the security hole appears to have been fixed but Valve has not issued any comment on the bug or how it was fixed. One report from a Steam user suggested that attackers may have been able to bypass Steam Guard without hacking an e-mail account however the same has not been confirmed either by Valve or Steam.

0 comments:

This Website Will Steal Your Photos and Then Hack Your Computer



WallPart (The Poster Shop) sells stolen images online without the owner’s consent

The website WallPart (also referred to as The Poster Shop) claims to be “the world’s largest online shop of posters…with over 10 billion images.” However, the one thing that the website does not reveal is that their database is filled with copyrighted and stolen images from photographers around the world. To make things worse, in what might be the most heinous hacking scam of all time, the Poster Shop may be actually using these images to spam photographers who use their copyright take down form.
Patrick Hall, founder of Fstopper.com said that a few months ago, he discovered that the poster printing website had put many of his friends wedding photographs up for sale without their consent. To handle this situation, the suggested course of action would have been to instantly get in touch with the website and insist that they remove their photos from the WallPart database or else legal action would be taken.
According to the tumblr Peter and Company, the real business WallPart does not have anything to do with the selling of the prints at all. In reality, WallPart does not go to photographers’ websites and steal photos to sell on their store page. They instead just simply pull images from Google Images and display them as promising art work one can have printed on their own wall art or poster.
If one has to search for his name, image or brand through their search box (which is not recommended), one would be sure to find one of their own images in their database. Several of these images are advertisements, pngs, and banners that were never meant to be printed in the first place. In addition, every image that is displayed on their search results page consists of the exact same title and description found through Google’s search function.
For instance, below are the few searches done by Patrick a Hall of Fstoppers:
WallPart (The Poster Shop) sells stolen images online without the owner's consent
WallPart (The Poster Shop) sells stolen images online without the owner's consent
WallPart (The Poster Shop) sells stolen images online without the owner's consent
It looks like that the main intention of this website is not to sell prints at all, as there is no evidence that actual sales are taking place. This website instead looks for photographers who have featured on WallPart’s website, says Peter and Company reports.
It is a behavioral condition found in photographers when they behave irrationally on finding their images being used without their permission. If and when a photographer does catches their work on the website, they are without a doubt going to issue a cease and desist through WallPart’s DMCA/Copyright link at the bottom of the page. This link that is at the bottom of the page is surprisingly the only one of the only clickable links on the entire page, which is not compatible with most legal e-commerce sites. The entire purpose of the Poster Shop’s website is this contact form. The contact form is a hacking platform that is used to spam the user and possibly affect their computer with malware or other offensive spyware and adware.
Most of the search results, functionality, and contact forms have changed throughout the website’s existence. One day, you search for your name and find stolen images, only to find that 24 hours later the results page are completely empty. There are clear indications that the site was never meant to run as a business and the functionality of it as a whole is pretty divided. Currently hosted in Russia, the site is known to change hosting domains in the past after being removed by tech savvy visitors.
It is very disheartening to know that there are companies and websites out there like WallPart that are targeting photographers who are just trying to protect and maintain the copyright on their own creations. In today’s world, one can be sure as to what personal data is being sent to a company in general or where an email or contact form is actually being sent to. The website Change.org has started a petition with over 50,000 supporters to ouster WallPart; however, there is no news on whether the site will actually be banned forever.
To keep it simple, Patrick says DO NOT VISIT THE SITE like The Poster Shop or other similar sites and DO NOT FILL OUT ANY COPYRIGHT VIOLATION OR DMCA FORMS.

0 comments:

Researcher hacks Brinks ultrasafe ‘Safe’ using USB and 100 lines of code



Brink’s safe called CompuSafe Galileo can be hacked using 100 lines of macro code delivered through a USB stick

Researchers from security company, Bishop Fox have managed to hack the ultra modern Brink’s ’ CompuSafe Galileo using just an USB device and 100 lines of code. The two researchers from Bishop Fox, Daniel Petro and Oscar Salazar will be demonstrating their Proof of Concept at the DefCon 2015 which will start in the first week of August 2015 in Las Vegas.
Brinks’ CompuSafe Galileo is a highly sophisticated and modernized safe that is marketed by Brinks as a easy cash management option.  Brinks claims the CompuSafe helps stores eliminate deposit discrepancies, reduce theft and free staff from recounting and auditing cash. However Petro and Salazar took a special liking to this particular safe and started testing it for vulnerabilities. After a year of research, the duo uncovered a slew of vulnerabilities and design flaws that could easily be exploited by cyber criminals.
The researchers said that all off the 14000 CompuSafe Galileos sold by Brinks in the United States are vulnerable to this attack.
Petro and Salazar said that that work of finding the vulnerability in the Safe was made easier by the fact that the CompuSafe Galileo has a functional USB port on the one of its sides. That allowed them to plug in a keyboard and a mouse, which worked.
“Nothing good comes from that,” Salazar said. It was a sign of more bad things to come. “Every step of the way, we were like, ‘This can’t be possible’,” Petro said.
Once they used the USB port as a input device they were able to bypass the CompuSafe’s authentication screen using a method known as a kiosk-bypass attack. They made use of the 9inch display on the Compusafe and using the application’s help menu, gained access to the backend Windows XP embedded operating system.
Brink's safe called CompuSafe Galileo can be hacked using 100 lines of macro code delivered through a USB stick
Once they had access to the backend, they were able to gain administrative access to the Microsoft Access database file.
Apparently the Microsoft Access database file is used by CompuSafe to save log files, and other critical information like how much money is kept in the safe, user accounts on the system, when the door has been opened and other log files.
“By just editing that file, you can make the safe do anything you want,” Salazar said. They were even able to open the safe’s doors by editing one of the database files.
Salazar said that if cyber criminals had access to their exploit, they could also perform much more sophisticated frauds using the database file that would be hard for safe owners (mostly banks) or Brinks to discover.
To demonstrate the sophistication of the attack, Salazar said, if the machine has US$2,000 in it but the database is modified to only report $1,000, no one would even notice the difference unless there is a physical audit of the cash every day.
“You could very easily make the safe lie about the cash total it has,” he said. “It would be very difficult to track that theft down because the bank would receive exactly how much money it thinks it should be getting.”
The researchers duo said that the exploit code is 100 lines of simple macro code which contains instructions for a certain sequence of mouse and keyboard strokes that crack the CompuSafe and can be supplied using a USB stick.
Bishop Fox had contacted the Brinks security team a year back but they have not yet patched the vulnerability. To compound the problem, the software is apparently made by a third party provider called FireKing Security Group.
Petro and Salazar said that while they will demo the PoC at the DefCon, they wont be reveal the full attack code due to legal issues.  “After the presentation, it will be fairly apparent to anybody who has a little bit of time how you could write your own code,” Petro said.

0 comments:

Critical vulnerability in Apple App Store and iTunes could impact millions of Apple users



Security researcher discovers critical persistent injection vulnerability in Apple App Store and iTunes

A security research from Vulnerability Lab has discovered a critical flaw in Apple’s App Store and iTunes invoice system which could result in session hijacking and malicious invoice manipulation leaving millions of Apple users at risk.
Security researcher Benjamin Kunz Mejri from Vulnerability Lab revealed the persistent injection flaw on his website and said that the vulnerability allows remote attackers to inject malicious script codes into flawed content function and service modules.  The vulnerability has been deemed critical and assigned CVSS 5.8 severity rating.  It is basically a Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver.
According to Mejri, an attacker can exploit the flaw by manipulating a name value (device cell name) within the invoice module through an exchange of malicious specially scripted code. If a product is purchased in Apple’s stores, the backend takes the device value and encodes it with manipulated conditions in order to generate an invoice before sending it on to the seller.  This results in an Application-side script code execution in the invoice of Apple.
Mejri said that the remote hackers can manipulate the vulnerability through persistent manipulated context to other Apple store user accounts, whether they are senders or receives. Mejri states on his blog :
“The invoice is present to both parties (buyer & seller) which demonstrates a significant risk to buyers, sellers or apple website managers/developers.The issue impact also the risk that a buyer can be the seller by usage of the same name to compromise the store online service integrity.”
The exploit can be used to hijack user sessions, launch persistent phishing attacks, create persistent redirects to external sources and manipulate affected or connected service modules.

Proof of Concept :

(Your Invoice by Apple)

<tbody><tr style="background-color: rgb(245,245,245);" class="section-header" height="24">
          <td colspan="2" style="width:350px;padding-left:10px;border-top-left-radius:3px;border-bottom-left-radius:3px;" width="350"><span style="font-size:14px;font-weight:500;">App Store</span></td>
          <td style="width:100px;padding-left:20px;" width="100"><span style="color:rgb(153,153,153);font-size:10px;position:relative;top:1;">TYP</span></td>
          <td style="width:120px;padding-left:20px;" width="120"><span style="color:rgb(153,153,153);font-size:10px;position:relative;top:1;">GEKAUFT BEI</span></td>
          <td style="width:100px;padding-right: 20px;position:relative;top:1;border-top-right-radius:3px;border-bottom-right-radius:3px;" width="90" align="right"><span style="color:rgb(153,153,153);font-size:10px;white-

space:nowrap;">PREIS</span></td>
        </tr>

<tr height="90">
<td class="artwork-cell" style="padding:0 0 0 20px;margin:0;height:60px;width:60px;" width="60" align="center">
            <img src="http://a258.phobos.apple.com/us/r30/Purple7/v4/9d/2b/2d/9d2b2d60-5433-a45e-02fe-12c0f14a1b7b/icon134x134.png" alt="DuckTales: Remastered" style="border:none;padding:0;margin:0;-ms-interpolation-mode: 

bicubic;border-radius:14px;border:1px solid rgba(128,128,128,0.2);" border="0" height="60" width="60">
          </td>
                    <td style="padding:0 0 0 20px;width:260px;line-height:15px;" class="item-cell" width="260">
            <span class="title" style="font-weight:600;">DuckTales: Remastered</span><br>
            <span class="artist" style="color:rgb(153,153,153);">Disney</span><br>                        <span class="item-links" style="font-size:10px;">
                <a href="https://userpub.itunes.apple.com/WebObjects/MZUserPublishing.woa/wa/addUserReview?cc=de&id=925209077&mt=8&o=i&type=App" style="color:#0073ff;">Eine Rezension schreiben</a> | <a 

href="https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/reportAProblem?a=925209077&cc=de&d=1666419925&o=i&p=91003564004457&pli=91006585722774" style="color:#0073ff;">Problem melden</a>            </span>
          </td>
          <td class="type-cell" style="padding:0 0 0 20px;width:100px;" width="100">
<span style="color:rgb(153,153,153)">App</span></td>
<td class="device-cell" style="padding:0 0 0 20px;width:120px;" width="120">
<span style="color:rgb(153,153,153);">[PERSISTENT INJECTED SCRIPT CODE VULNERABILITY!]bkm337"><img src="x">%20<iframe src="a">%20<iframe></span></td>
          <td width="90" class="price-cell" align="right" style="padding:0 20px 0 0;width:100px;"><span style="font-weight:600;white-space:nowrap;">9,99 €</span></td>
        </tr>

Note: We used the ducktales remake app to approve the zero-day remote vulnerability in the itunes and appstore without malicious perpose!
A video showing a proof-of-concept (PoC) demo is shown below with step by step.

Mejri notified the Apple about the vulnerability on 8th June and has not revealed the date on which the exploit has been patched by Apple . The disclosure timeline is below.
  • 2015-06-08: Researcher Notification & Coordination (Benjamin Kunz Mejri)
  • 2015-06-09: Vendor Notification (Apple Product Security Team)
  • 2015-**-**: Vendor Response/Feedback (Apple Product Security Team)
  • 2015-**-**: Vendor Fix/Patch Notification (Apple Developer Team)
  • 2015-07-27: Public Disclosure (Vulnerability Laboratory)
Apple has not yet commented on the issue.

0 comments:

3 Estonians who infected 4 million computers including NASA PCs with malware jailed


3 members of the gang of 7 who infected 4 million computers worldwide with malware sentenced by a US Court

An United States Court today handed over cumulative 11 years of jail time to the three Estonians who infected more than 4 million Pcs with malware across 100 countries.
Judge Lewis Kaplan sentenced Timur Gerassimenko, 35, to a four year sentence while his partners in crime, Dmitiri Jegorov, 37, and Konstantin Poltev, 31 were sentenced to 44 months and 40 months imprisonment respectively.
The three cyber criminals were part of a larger 7 member gang based in Eastern Europe. They used a malware to infect more than 4 million PC around the world, 500,000 of them in the US, including some belonging to NASA and other US agencies.
Once they had infected the computers, the malware would then let the cyber gang hijack net sessions. Hijacking the browsers, they would re-route the target computers to websites containing ads through which they earned $14 million in the years of their operation.
They used their illicit proceeds to launder money through numerous companies including one Estonian firm called Rove Digital.
The malware designed by the cyber gang evaded detection and prevented installation of antivirus software programs, updates as well as operating system updates opening them up for further exploits.
Apart from the three above, another Estonian member of the gang, Vladimir Tsastsin entered into a guilty plea with the prosecution and will be sentenced later this month. While Valeri Aleksejev was sentenced to 48 months in prison and Anton Ivanov pleaded guilty to all charges and was sentenced to time served.
One member of the gang who is a Russian by origin is still at large.

0 comments:

NSA to destroy bulk records collected under controversial surveillance program



NSA to destroy millions of American calling records ‘as soon as possible’

The National Security Agency (NSA) will soon stop accessing most of the bulk data collected under a controversial surveillance program in November. However, those records can be retained for litigation purposes, officials said on Monday.
The office of the Director of National Intelligence said in a statement that according to a law passed by Congress in early June, the bulk telephony data that was the subject of leaks by former intelligence contractor Edward Snowden surprising many in the US and abroad would be destroyed “as soon as possible” to comply with the law.
The statement said that during the 180-day transition period needed under the USA Freedom Act, “analytic access to that historical metadata… will cease on November 29, 2015.”
However, NSA will let technical personnel to continue to have access to the metadata for an additional three months “for data integrity purposes.” The statement said that will allow them to compare the data to the calling records produced under the new system. After those three months, that access will cease, too.
The statement additionally said NSA must retain bulk telephony metadata collection “until civil litigation regarding the program is resolved, or the relevant courts relieve NSA of such obligations.”
The data kept for litigation “will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.”
The USA Freedom Act attempted to restore the powers of the NSA under the Patriot Act, and especially Section 215, which gave official permission for a vast data sweep program the agency said was targeted at following potential terrorists.
The new law interrupts the NSA’s ability to dig up and store dates and times of calls,, metadata telephone numbers, but not the matter from millions of Americans who have no links with terrorism.
It transfers responsibility for storing the data to telephone companies, which allows authorities to obtain the information only with a warrant from a secret counterterror court that recognizes a specific person or group of people doubted of terror ties.
The intelligence court’s rules have required the NSA to get rid of the data after five years on a rolling basis. The bulk call-data program dates to October 2001, and was revealed in June 2013 in leaks by Edward J. Snowden.

0 comments:

UFO theorists say they saw an Alien spacecraft drifting near Sun in NASA live feed videos


Alien spacecraft spotted hovering near sun in Nasa images say UFO theorists

UFO hunters have spotted an unusually huge alien spacecraft to be hovering around Sun in the official NASA images, could this be an indication that Aliens do exist?

On 15 July 2015, NASA’s Solar and Heliospheric Observatory (SOHO) released a footage of the Sun which has been spotted with a massive alien spacecraft drifting near the hottest star of the Solar system.
The footage has been published on YouTube and Scott C Waring, editor of the website UFO Daily Sightings claims that there is an “Unidentified Foreign Object” (UFO) which seems to be refueling near the Sun.
The footage has been posted by Streetcap1 and the UFO theorist also commented: “This object has structure and for NASA to dismiss it as nothing is an insult to people’s intelligence. If they post data then they must expect UFO hunters to find anomalies and share them.” Streetcap1 claims that the image appearing in the footage seems to be an unusually huge alien spacecraft which is almost the size of the US state of Idaho.
Waring added: “This UFO is awesome. Every time I try to ask NASA about these UFOs on Twitter, they ignore me. They have never answered and refuse to talk about these giant UFOs near our sun. These craft sometimes are even moon size. This one look like its about the size of [the US state of]Idaho, yet does NASA care?”
Waring is also convinced that aliens are sending massive ships to “suck our Sun’s energy.” He also said: “If we are sharing our Sun, it’s not going to last the five billion years scientist predicted it at, but may drop below a billion years before its used up.”
For a long time, humans are trying to get answers whether the aliens and UFOs do exist! In addition the conspiracy theories in regards to the extraterrestrials keep adding their own flavor to these fascinations. Similarly, UFO theorists too come up with their own theories whenever they detect anything suspicious in the space, which they see through NASA’s live feed videos.
Generally most of the people ignore these theories as mere illusions.
Many of them believe that these so called ‘UFOs’ and other dots that are appearing around the Sun are just electrons, ions, atoms which are released during the flare and coronal mass ejections of the Sun. Few of them also believe that these dots are nothing but the lens flare and one viewer has posted a comment that states: “That’s just swamp gas.”

‘Solar Flare’ is actually a sudden flash of brightness which has been observed over the surface of the Sun and scientists interpret it as a huge release of energy wherein 6×1025 joules of energy is released. Most of the times this flare is accompanied by a colossal coronal mass ejection.
However, there are a few of them who actually believe that living entities DO exist and they keep visiting Earth just to observe human lives.
A believer who feels aliens are evolved humans commented in the YouTube says:  “They may be charging the craft with the energy near the Sun.”
Alien spacecraft spotted hovering near sun in Nasa images say UFO theorists
On the other hand, NASA has never supported such theories of alien life visiting Earth and has always refuted these rumors.
At the same time, NASA’s Kepler, launched by the Space Research Organization is trying to discover Earth-like planet by orbiting other stars in an attempt to search for life on planets other than Earth.
Recently, Kepler mission gave confirmation of the first near Earth size planet moving around Sun-like star in the habitable zone.
NASA said: “This exciting result brings us one step closer to finding an Earth 2.0. Kepler-452b is 60 percent larger in diameter than Earth and is considered a super-Earth-size planet. While its mass and composition are not yet determined, previous research suggests that planets the size of Kepler-452b have a good chance of being rocky.”

0 comments:

Increasing CO2 Levels Reduce Nutrition Levels In Crops



Rising CO2 levels in the atmosphere will cause nutrition levels to drop in important staple global crops, according to a study published in Nature.
With the planets steadily growing population, many scientist are now focusing their research on the worlds food supply and how climate change will affect our crops. The two main components of a harvest are the crops yield and its nutritional value. Unfortunately, the majority of the time, much of the focus is placed around the crops yields rather than their nutritional value.
According to the study, written by Samuel Myers of Harvard University and colleagues, as CO2 levels increase over the coming decades, nutrition levels— particularly zinc and iron— within wheat, rice and beans are going to drop. However, the study also suggested that crop yields may increase, a theory which has sparked many debates between scientists.
Image Source: Wikimedia  Commons
Image Source: Wikimedia Commons
In contrast to these findings a recent study, published in the journal Global Change Biologyearlier this year, found that as the carbon dioxide levels in the atmosphere increase, the concentration of nitrogen in plants decreases , ultimately decreasing the plant’s protein levels and growth ability.
“For all types of ecosystem the results show that high carbon dioxide levels can impede plants’ ability to absorb nitrogen, and that this negative effect is partly why raised carbon dioxide has a marginal or non-existent effect on growth in many ecosystems,” Johan Uddling, senior lecturer at the Department of Biological and Environmental Sciences at the University of Gothenburg and lead researcher on the project, said in a press statement.


For Myers’s study, the team placed CO2 jet around test plots, creating growing conditions of CO2 levels upwards of 500 parts per million. Currently, the world’s atmospheric CO2 level is 400 parts per million of carbon dioxide. Within this future environment the grains and legumes contained between 5 and 10 percent less iron, zinc and protein. “Given that an estimated 2 billion people suffer from zinc and iron deficiencies…. the reduction in these nutrients represents the most significant health threat ever shown to be associated with climate change,” according to a Harvard press release.
Globally, 2 billion people suffer from zinc and iron deficiencies, “amounting to the loss of 63 million life-years annually,” according to the study led by the Harvard School of Public Health. Iron deficiency can cause anemia — which according to the World Health Organizationcontributes to 20 percent of maternal deaths—and zinc deficiency can cause a higher susceptibility to infectious diseases due to its effects on the immune system.
Image Credit: Oliver Spalt
Image Credit: Oliver Spalt
Today, “in countries that rely on rice, which is naturally low in iron and zinc, as a staple crop,”these nutrient deficiencies are already more pronounced. According to the study’s findings, some varieties of rice grown in the future-climate test plots saw less of a drop in nutrients compared to others. Researchers and plant breeders have therefore taken on the task of developing varieties of rice which would be less sensitive to our future-climate by using the data collected within the study. Although some of these efforts have shown some success, none have been without setbacks.

0 comments:

Moroccan Hackers Take Down Google, Microsoft & Kaspersky



A group of Moroccan hackers, The Exploit3rshacked and defaced the official Moroccan sites of Google, Microsoft and Kaspersky as well as that of Morocco Trade and Development Services ( domain.ma ) to show that major websites, which provide data protection of their users, are vulnerable and thus hackable.


Hackers aren't criminals , they are just people who want to have fun but don't know the right way ! xD 'tJudgeUs
After hacking the sites, the hackers, who have earlier attacked several international sites owned by MacDonald’s, Orange, Twitter , Dell, Pepsi , HP, and Samsung in 2013, left this message: “You think that you control the domains but this is not the case! Everyone knows that it is false. We control the domains including NIC in Morocco! We Want To Inform You That We Can Own Any .Ma Website Now.”
hacked-g
Using DNS hijacking, the group was able to hack into the Internet country code top-level domain(ccTLD) for Morocco where domain.ma, google.co.ma, google.ma, microsoft.ma and Kaspersky.ma domains are hosted. The Google.ma and Microsoft.ma both are parked domains while the Google.co.ma and Kaspersky.ma labs are the official domains for the companies in Morocco.
pastebin

0 comments: