TOR got compromised !!! Finally Onion got pealed off..

Tor anonymizing network Compromised by French researchers

French researchers from ESIEA, a French engineering school, have found and exploited some serious vulnerabilities in the TOR network. They performed an inventory of the network, finding 6,000 machines, many of whose IPs are accessible publicly and directly with the system’s source code. They demonstrated that it is possible to take control of the network and read all the messages that circulate.

But there are also hidden nodes, the Tor Bridges, which are provided by the system that in some cases. Researchers have developed a script that, once again, to identify them. They found 181. "We now have a complete picture of the topography of Tor," said Eric Filiol.

The specific attack involves creating a virus and using it to infect such vulnerable systems in a laboratory environment, and thus decrypting traffic passing through them again via an unknown, unmentioned mechanism. Finally, traffic is redirected towards infected nodes by essentially performing a denial of service on clean systems.

Researchers showed that one third of the nodes are vulnerable, "sufficient in all cases so that we can easily infect and obtain system privileges," says the director. Researchers clone then a part of the network in order not to touch the real network, and they make a virus with which they will be able to take control of the machine."This allows us to set the encryption keys and readers initialization of cryptographic algorithms and thus cancel two layers of encryption on all three," says Eric Filiol. The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

To guide communication to nodes infected, researchers make unavailable all other nodes. To do this, they apply a double attack: localized congestion, which involves sending a large number of requests Tor on uninfected machines, and spinning the packet, which will enclose Tor servers in a loop circuit to fill them. The Tor protocol will then, naturally, to route calls to infected machines, and that's it.

However, if it is real, details are to be presented at Hackers to Hackers in São Paulo on October 29/30-2011. TOR is no more than an additional layer of obfuscation and should not be relied upon for anonymity or security. Like any darknet, it is a complement to application-layer encryption and authentication, no more.

Read more »

Dennis Ritchie co-creator of C and Unix dies at 70

Dennis Ritchie known as the co-creator of C and Unix has died at the age of 70 . Having created arguably the best OS which has spawned better clones like BSD and GNU/Linux and a language truly designed for programming, he will be missed by all who use products of his legacy . RIP Dennis

Read more »

Nokia's gamble with Linux

After failing to capture the hearts or rather the pockets of people with the S40 and facing severe attrition , Nokia is reintroducing Linux(not again) into its line of mobile phones operating systems.

Nokia has announced that it will be developing a new linux based operating system called meltemi which will run on its low end phones that will replace the current crop of S40 based feature phones.

Link

http://www.bgr.com/2011/09/29/nokia-to-turn-mobile-landscape-on-its-head-with-meltemi-smartphone-os/

http://www.itworld.com/hardware/208803/nokia-readies-linux-os-low-end-smartphones

Another key factor in mellemi is the development of applications . Apps will be developed using the Qt Toolkit which was acquired by Nokia from Trolltech and since then made open. Qt allows applications developed in to to be run independent of the platform ( Desktop , phones etc etc ) .

The move is one of the many inconsistent decisions made by Nokia over the years since the rise of Android and iOS, to protect its user base and expansion options . While android bought profits to a sinking Motorola and lead to cheap smartphones , Symbian bore the brunt of a rapidly burgeoning android market share , shedding share like ice cream melting in the heat. Nokia made a few erratic moves by merging its thriving base in maemo with the Mobiln distro from Intel ( another failed attempt in bringing Linux to the desktop masses through netbooks ) . Meego was abandoned by Nokia once again after its partnership with Windows through which it received 1.2 billion USD . Even now it is still doubtful if Nokia can get back its market share it enjoyed in the hey days of Symbian.

The future of Meego (doubtful) was been buried completely following the announcement of Tizen, yet another Linux based OS ( so far no. 3 ) that will developed along with Intel, the LiMo foundation and the linux foundation .

However with cheap feature phones and basic phones providing most of its income in third world countries , Nokia cannot choose to ignore its cash cow. With the arrival of Windows 7 based Nokia phones , Nokia can mount a serious challenge to the bastions of Android and iOS . However licensing costs that would come with win 7 means that low end market simply cannot be cheap enough and Nokia would still end up losing market share.

Enter Meltemi . Named after favorable winds in the Aegian Basin , meltemi would provide a Linux based OS for the low end phones using the Qt toolkit to develop apps and the OS itself . This also is sweet news to developers who hate writing apps in Java .

While S40 made for a cheap platform , it is seriously behind the competition in terms of polish and features. A dated UI , and a lack of modern features has left s40 panting in the middle of the track .Though history proves otherwise with Nokia's record of inconsistency and bad decisions regarding Linux, Meltemi just might change the equation for Nokia if it can bring in a better UI , app development persuading people in the third worlds looking for better phones to stick with the Nokia camp.

Read more »

HP Pulling the plug on touchpad

Its all over the news.HP is closing down its WebOS division and is pulling the plug on its Touchpad and other WebOS devices.The Palm Pre 3 which was to released this year has been cancelled .Currently HP is looking for buyers for its WebOS division. HP is also reportedly shutting down its Personal Computer Systems division (indeed you might have chanced upon the full page adverts in The Hindu) and is keen on selling it too and concentrate only on the enterprise and software market. The PCS division is supposed to value around 40 Billion USD.

While WebOS did not turn out to the iPad Killer it was deemed to be , It wasnt a bad OS.WebOS is still one of the most advanced OSes for embedded devices in terms of process management and UI. Critics and user alike loved its card stack UI for handling process and simple clean interface.Had HP had some patience it could have improved on the WebOS , bringing it on par to Android and iOS. Closing down the WebOS division seems to be a desperate move . Nevertheless it can still salvage WebOS by open sourcing it or putting its development and maintenance in the hands of the open community.Not only would legacy devices and the TouchPad be supported, HP can still use it when it wants to come up with a Future iOS /Android killer. Projects like Linux and Debian really point the way towards the advantages of involving the community in development processes. As far as the PC division is concerned, HP is making the same move IBM made in 2005 by selling its PC division to Lenovo.Granted things may have been better for PC's then.With the tablet wars and the Mobile era growing rapidly , PC's may no longer be the center of attention or innovation.Not that we will lose all the tower and LCD's in our home anytime soon.PC's still play a major role in developing countries and among power users as the computing device of choice.HP's move may make sense as it has more corporate customers and is planning on a transition to purely software and systems seller like IBM .

 Right now , it is too early to say whether the move made by HP is a clever one or one taken in desperation.Emerging trends , and HP's future strategy will decide the fate of the once largest PC maker on Earth.

Read more »

QuakeCon 2011

QuakeCon is a big massive LAN gaming event orgainzed every year in Dallas , Texas,US.Named after id Software's Quake Game ( one of the first online multiplayer FPS ) its the worlds biggest LAN party and goes on for four days . It has become the premier event where new games are launched or details regarding them are published. Its a free event run by Volunteers and is called as a week of "peace , love and rockets".

This year's Quakecon started off with a keynote from id's John Cormack the key developer behingd Quake and Doom
a URL to his keynote is given below :

http://www.youtube.com/watch?v=4zgYG-_ha28&feature=player_embedded

The offcial YouTube Channel is
Quakecon2011

Stay tuned for more info
Cheerios
Darklighter

Read more »

HTC Corporation launches new version of smart phone HTC ChaCha

In a view to target tech-savvy youth in India, cellphone-maker HTC Corporation , along with the GSM arm of Tata Teleservices, Tata DOCOMO, on launched its new version of smart phone, HTC ChaCha that features a dedicated Facebook button. 

The smart phone version is priced at Rs 15,990. "At HTC, we always strive to take mobility experience to newer levels and add multi dimensions to our devices.

By featuring a dedicated Facebook button, we aim to make it simpler and convenient for our users to share and connect through their favourite social networking sites," HTC Country Manager Faisal Siddiqui told reporters here. 

The sleek feature-packed smart phone that combines a 2.6-inch touch screen with a full QWERTY keypad, was launched by Bollywood actress Riya Sen. 

"The smart phone is designed to provide a seamless, social experience for our customers. We will strive to introduce many more such advanced smart phones in the coming months," Siddiqui said. 

Under the partnership, Tata DOCOMO- 3G prepaid customers can avail 3GB free data, valid for a period of 90 days, whereas 1 GB free data is offered each month to postpaid customers for 90 days across all 3G circles, Tata Teleservices Head (Mobility Services and Devices Management), Sunil Tandon said. 

Besides, all subscribers of Tata DOCOMO-3G will also get 3-hour free mobile TV services that include data access charges valid for 90 days. 

Apart from this, Tata DOCOMO 2G prepaid customers can avail 3GB free data and 300 intra-network calls valid for a period of 90 days. 

The 2G postpaid subscribers can avail 1GB of free data and 100 minutes of intra-network calls free every month for three months' period, Tandon said.

Read more »

LulzSec Hacks Arizona State Police, Posts Officer Info - t3ch.in

Lulz Security's hacking continues to get political: on Friday the group attacked the Arizona Department of Public Safety in retaliation for immigration laws.

"We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement," LulzSec said in a statement. "We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona."

Senate Bill 1070 is the law that requires aliens to carry registration documents with them at all times.

Arizona officials have confirmed that the documents leaked by LulzSec are authentic. The attack appears to be part of Operation Anti-Security, a push by LulzSec and Anonymous, another hacking group, to attack government agencies and post confidential or embarrassing information. Previous efforts have been limited to denial of service attacks on Websites, including those of the Brazilian and Chinese governments. Unlike those attacks, this hack has resulted in the sharing of confidential information.

This isn't the first time LulzSec has hacked a government agency. The group's previous exploits include an attack on the U.S. Senate, a denial of service attack on the CIA's Website, and a hack on an FBI-affialiated organization, Infragard. Earlier attacks focused on game companies and news organizations.

But this seems to be the first case in which LulzSec has pointed out a specific political policy as the motivation for hacking a government agency. The attack will surely increase the pressure on law enforcement to find and arrest LulzSec members. So far, U.K. police have arrested one teen, who the group says was only loosely-affiliated.

The U.S. government has said that cyber-attacks may be considered acts of war, a declaration that seems to have only encouraged LulzSec to continue its operations. Indeed, the group says it will release more documents on Monday.

Read more »