FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid Atom 1.0 feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 1, column 118: Use of unknown namespace: http://schemas.google.com/blogger/2008 [help]

... r.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2 ...
                                             ^

line 1, column 118: Unable to validate namespace: http://schemas.google.com/g/2005. See the Google Data specification at https://developers.google.com/gdata/docs/1.0/elements [help]

... r.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2 ...
                                             ^

line 1, column 1389: Self reference doesn't match document location [help]

... 03441346095986/posts/default?alt=atom'/><link rel='alternate' type='text ...
                                             ^

Source: http://tutorial-hemlet.blogspot.com/atom.xml

<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blogger.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2005/Atom' xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/' xmlns:blogger='http://schemas.google.com/blogger/2008' xmlns:georss='http://www.georss.org/georss' xmlns:gd="http://schemas.google.com/g/2005" xmlns:thr='http://purl.org/syndication/thread/1.0'><id>tag:blogger.com,1999:blog-4701803441346095986</id><updated>2024-03-13T17:13:48.398+07:00</updated><category term="Ubuntu"/><category term="Linux"/><category term="Tutorial"/><category term="Vacancy"/><category term="Download"/><category term="AntiVirus"/><category term="Programming"/><category term="SEO"/><category term="Anonymouse"/><category term="Hacking Security"/><category term="VB / . Net"/><category term="ASP"/><category term="Food and Beverages"/><category term="HTML5"/><category term="Information"/><category term="Infosec"/><category term="Internet"/><category term="Software"/><category term="Wordpress"/><title type='text'>IT Tutorial</title><subtitle type='html'>IT Tutorial</subtitle><link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://tutorial-hemlet.blogspot.com/feeds/posts/default'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default?alt=atom'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/'/><link rel='hub' href='http://pubsubhubbub.appspot.com/'/><link rel='next' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default?alt=atom&start-index=26&max-results=25'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><generator version='7.00' uri='http://www.blogger.com'>Blogger</generator><openSearch:totalResults>147</openSearch:totalResults><openSearch:startIndex>1</openSearch:startIndex><openSearch:itemsPerPage>25</openSearch:itemsPerPage><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-2159744804250190789</id><published>2016-05-01T17:01:00.000+07:00</published><updated>2016-05-01T17:01:00.158+07:00</updated><title type='text'>aceVoip - Kali Linux Tutorial</title><content type='html'>ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the "corporate directory" feature of VoIP hard phones enables users to easily dial by name via their VoIP handsets,
<a href="http://tutorial-hemlet.blogspot.com/2016/04/acevoip-kali-linux-tutorial.html" rel="nofollow">ace-VoIP</a> 
 
ACE was developed as a research idea born from "VoIP Hopper" to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools. ACE is a standalone utility, but its functions are integrated into UCSniff.
 
ACE currently supports the VoIP corporate directory used in Cisco Unified IP Phones. It works in the following way: 
 
1)Spoofs CDP to get VVID 
2)Adds Voice VLAN Interface (VLAN Hop) - subsequent traffic is tagged with VVID 
3)Sends DHCP request tagged with VVID 
4)Decodes TFTP Server IP Address via DHCP Option 150 
5)Sends a TFTP request for IP Phone configuration file 
6)Parses file, learning Corporate Directory URL 
7)Sends an HTTP GET request for Directory 
8)Parses XML Data, writing directory users to a formatted text file 
 
 
What is VoIP ? 
Voice over IP (VoIP) is an exciting technology which provides many benefits and cost effective solutions for communication. 
it is is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks 
More and more small and enterprise businesses are replacing their old traditional telephony systems with an IP based ones. A VoIP based PBX can provide many features such as: Multiple Extensions, Caller ID, Voice mail, IVR capabilities, Recording of conversations, Logging, Usage with hardware based telephones or software based (aka soft phones). Now days there are many vendors for PBX, IP telephones, VoIP services and equipment such as: CISCO, AVAYA and ASTERISK, SNOM, THOMSON… With new technology comes a new challenge for both the defensive and offensive side of security, One of the “great” dangers of traditional phone lines was that it was susceptible to eavesdropping. The “old school” way to eavesdrop on somebody’s phone line was to physically connect a small transmitter which was connected inside or outside their premises somewhere along the phone cord.
 
IP telephony systems are also susceptible to eavesdropping, doing so in an IP environment is a little bit more difficult to execute, detect and require more the knowledge and the right set of tools. 
 
 
Usage 
ACE can be used in one of two ways. First, it can auto-discover the TFTP Server IP Address via DHCP, or (second) the user can specify the TFTP Server IP address as a command line parameter of the tool. In either case, you must supply the MAC Address of the IP Phone with the -m option in order for the tool to correctly download the configuration file via TFTP. 
 
root@kali:~# ace 
ACE v1.10: Automated Corporate (Data) Enumerator 
Usage: ace [-i interface] [ -m mac address ] [ -t tftp server ip address | -c cdp mode | -v voice vlan id | -r vlan interface | -d verbose mode ] 
 
-i (Mandatory) Interface for sniffing/sending packets 
-m (Mandatory) MAC address of the victim IP phone 
-t (Optional) tftp server ip address 
-c (Optional) 0 CDP sniff mode, 1 CDP spoof mode 
-v (Optional) Enter the voice vlan ID 
-r (Optional) Removes the VLAN interface 
-d (Optional) Verbose | debug mode 
 
Example Usages: 
Usage requires MAC Address of IP Phone supplied with -m option 
Usage: 
 
ace -t -m 
 
Mode to automatically discover TFTP Server IP via DHCP Option 150 (-m) 
Example: 
 
ace -i eth0 -m 00:1E:F7:28:9C:8e 
 
Mode to specify IP Address of TFTP Server 
Example: 
 
ace -i eth0 -t 192.168.10.150 -m 00:1E:F7:28:9C:8e 
 
Mode to specify the Voice VLAN ID 
Example: 
 
ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E 
 
Verbose mode 
Example: 
 
ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E -d 
 
Mode to remove vlan interface 
Example: 
 
ace -r eth0.96 
 
Mode to auto-discover voice vlan ID in the listening mode for CDP 
Example: 
 
ace -i eth0 -c 0 -m 00:1E:F7:28:9C:8E 
 
Mode to auto-discover voice vlan ID in the spoofing mode for CDP 
Example: 
 
ace -i eth0 -c 1 -m 00:1E:F7:28:9C:8E 
 
<a href="http://kalitut.blogspot.com/" rel="nofollow" target="_blank">Source</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2159744804250190789'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2159744804250190789'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2016/05/acevoip-kali-linux-tutorial.html' title='aceVoip - Kali Linux Tutorial'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-2543516159492078821</id><published>2015-07-27T15:11:00.000+07:00</published><updated>2015-07-27T15:11:00.353+07:00</updated><title type='text'>Free Encryption Project</title><content type='html'>Let's Encrypt, a project aimed to provide free-of-charge and easier-to-implement way to obtain and use a digital cryptographic certificates (SSL/TLS) to secure HTTPS website, is looking forward to issue its first digital certificates next month.
 
With Let's Encrypt, any webmaster interested in implementing HTTPS for their services can get the certificates for free, which is a great move for encouraging people to encrypt their users’ connections to their websites. 
 
Let's <a href="http://tutorial-hemlet.blogspot.com/2015/07/free-encryption-project.html" rel="nofollow">Encrypt </a>is a combined effort of digital-era rights advocate Electronic Frontier Foundation (EFF), Mozilla Foundation, Cisco Systems, Internet content distributor Akamai Technologies, certificate provider IdenTrust and researchers from the University of Michigan. 
 
Generally, the process of implementation of an SSL certificate, including the need to obtain and install a certificate, is complicated for most web developers as it sounds. 
 
In most cases, the cost related issues force web administrators to give up on using encrypted connections. <a href="http://www.virthreat.com/2015/07/free-encryption-project-to-issue-first.html" rel="nofollow">Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2543516159492078821'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2543516159492078821'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/free-encryption-project.html' title='Free Encryption Project'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-8290082866036728739</id><published>2015-07-23T15:08:00.000+07:00</published><updated>2015-07-23T15:08:00.121+07:00</updated><title type='text'>WordPress Vulnerability </title><content type='html'>WordPress Vulnerability Puts Millions of Websites At Risk.
<div>
 </div>
<div>
Millions of WordPress websites are at risks of being completely hijacked by the hackers due to a critical cross-site scripting (XSS) vulnerability present in the default installation of the widely used content management system.</div>
<div>
 </div>
<div>
The cross-site scripting (XSS) vulnerability, uncovered by the security researcher reported by Robert Abela of Security firm Netsparker.</div>
<div>
 </div>
<div>
<a href="http://tutorial-hemlet.blogspot.com/2015/07/wordpress-vulnerability.html" rel="nofollow">Wordpress</a> vulnerability resides in Genericons webfont package that is part of default WordPress Twenty Fifteen Theme.</div>
<div>
 </div>
<div>
Here comes the threat:</div>
<div>
 </div>
<div>
The XSS vulnerability has been identified as a "DOM-based," which means the flaw resides in the document object model (DOM) that is responsible for text, images, headers, and links representation in a web browser.</div>
<div>
 </div>
<div>
The easy-to-exploit DOM-based Cross-Site Scripting (XSS) vulnerability occurred due to an insecure file included with Genericons that allowed the Document Object Model Environment in the victim’s browser to be modified. <a href="http://www.virthreat.com/2015/07/wordpress-vulnerability-puts-millions.html" rel="nofollow">Read Full Article</a></div>
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8290082866036728739'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8290082866036728739'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/wordpress-vulnerability.html' title='WordPress Vulnerability '/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-1876595649032949964</id><published>2015-07-19T15:05:00.000+07:00</published><updated>2015-07-19T15:05:00.070+07:00</updated><title type='text'>Android Brillo</title><content type='html'>Internet of Things is the future, and every big tech companies are trying to become an integral part of this upcoming trend. Keeping this in mind, Google is developing an operating system for connecting all devices via the Internet.
 
Google is expected to launch a new Android-based operating system that would be lightweight enough to run on low-power devices connected to the "Internet of Things" (IoT), reported The Information. 
 
Google's Brillo OS for Internet Of Things 
 
The OS is dubbed "<a href="http://tutorial-hemlet.blogspot.com/2015/07/android-brillo.html" rel="nofollow">Brillo,</a>" and the news outlet claims the company is likely to release the new operating system under the Android brand next weekend at Google I/O, the company's annual conference for software developers. 
 
The connected OS, which may require as little as 32 or 64 MB of RAM to run, could be used on everything from major smart home appliances such as refrigerators, TVs to smaller tech such as garden monitors, light bulbs, door locks and sensors. 
 
According to The Information, the search engine giant wants to design their own IoT communications schemes instead relying on the hardware vendors for IoT operating systems. Google will also offer Brillo for free to OEMs. <a href="http://www.virthreat.com/2015/07/google-brillo-os-new-android-based-os.html" rel="nofollow">Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1876595649032949964'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1876595649032949964'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/android-brillo.html' title='Android Brillo'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-3612050055349681387</id><published>2015-07-15T15:02:00.000+07:00</published><updated>2015-07-15T15:02:00.545+07:00</updated><title type='text'>Yoast Plugin Vulnerability</title><content type='html'>A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers.
 
The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO). 
 
The vulnerability in WordPress SEO by <a href="http://tutorial-hemlet.blogspot.com/2015/07/yoast-plugin-vulnerability.html" rel="nofollow">Yoast</a> has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’. 
 
All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today. 
 
SQL injection (SQLi) vulnerabilities are ranked as critical one because it could cause a database breach and lead to confidential information leakage. Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input. <a href="http://www.virthreat.com/2015/05/yoast-plugin-vulnerability.html" rel="nofollow">Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3612050055349681387'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3612050055349681387'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/yoast-plugin-vulnerability.html' title='Yoast Plugin Vulnerability'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-4705842284119918440</id><published>2015-07-11T14:59:00.000+07:00</published><updated>2015-07-11T14:59:00.033+07:00</updated><title type='text'>Windows 10 Reviews</title><content type='html'>Microsoft just announced in its Ignite 2015 conference in Chicago that Windows 10 is set to be "the last version of Windows."
 
"Right now [we are] releasing Windows 10, and because Windows 10 is the last version of Windows, [we are] all still working on Windows 10," said Microsoft's developer evangelist Jerry Nixon while speaking at the conference this week. 
 
What exactly does it mean? Will Microsoft not launch Windows 11 next? Is <a href="http://tutorial-hemlet.blogspot.com/2015/07/windows-10-reviews.html" rel="nofollow">Windows 10</a> actually the end of Microsoft’s Windows operating system? 
 
These are some questions that were ongoing in the mind of the audience when Nixon gave this statement during his speech. 
 
&nbsp;The reaction from Microsoft was really alarming though you do not have to panic, as Windows OS is not dying. 
 
Windows 10 — Brand Name of Microsoft's OS 
 
For the moment, Microsoft will stick with Windows 10 and focus on smaller and faster updates to its Windows 10 platform, instead of launching new stand-alone versions of the operating system every few years. 
 
This Microsoft's new approach is something similar to Apple's OS X, the Mac operating system that gets smaller updates on a yearly basis and has been known as OS X for over 15 years. Every new release of OS X gets a unique name with some major updates, but Apple didn't change the name of its OS. 
 
Oh! Give me a break. If I take you back when it was decided by Microsoft that its next Windows version will be Windows 10 and not Windows 9. This could be a reason that Microsoft wants to stick with Windows 10 brand name for the near future. <a href="http://sources-code-hemlet.blogspot.com/2015/06/windows-10-is-last-version-of-windows.html" rel="nofollow">Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/4705842284119918440'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/4705842284119918440'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/windows-10-reviews.html' title='Windows 10 Reviews'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-2762170297395427125</id><published>2015-07-07T14:56:00.000+07:00</published><updated>2015-07-07T14:56:00.111+07:00</updated><title type='text'>WebAssembly New Standard for Web Apps</title><content type='html'>Google, Apple, Microsoft, and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance.
 
Dubbed <a href="http://tutorial-hemlet.blogspot.com/2015/07/webassembly-new-standard-for-web-apps.html" rel="nofollow">WebAssembly</a> (or wasm for short), a project to create a new portable bytecode for the Web that will be more efficient for both desktop as well as mobile web browsers to parse than the complete source code of a Web page or an application. 
 
Bytecode is actually a machine-readable instruction set that is faster for web browsers to load than high-level languages. 
 
WebAssembly — A New File Format to Compile Code 
 
At the moment, browsers use JavaScript to interpret the code and allow functionality on websites such as dynamic content and forms. By default, JavaScript files are downloaded from the server and then compiled by the JavaScript engine in the web browser. 
 
However, improvements have been made to load times via Asm.js — the stripped-down JavaScript dialect described as an "assembly language for the web" — but bytecode-based systems such as .NET are faster and enable efficient compilation. 
 
WebAssembly will introduce a new file format that will allow developers to compile their code to a binary notation, which will then be executed inside each browser's (e.g. Chrome, Firefox, IE/Edge, Safari) JavaScript engine. 
 
If introduced as a standard implemented in all web browsers, WebAssembly could surely bring app-like performance to Web content as well as applications. 
 
Over 20% Faster Performance 
 
Preliminary tests already show that the binary representation is 23 times faster to parse than similar JavaScript applications optimized through Mozilla's widely supported asm.js for browsers, and 20 to 30 percent smaller than its actual file size. 
 
&nbsp; &nbsp; "I'm happy to report that we at Mozilla have started working with Chromium, Edge and WebKit engineers on creating a new standard, WebAssembly," said Mozilla developer Luke Wagner, "that defines a portable, size- and load-time-efficient format and execution model specifically designed to serve as a compilation target for the Web." 
 
Currently, only C and C++ code can be compiled into a WebAssembly (a.k.a wasm) file. 
 
Moreover, the developers of wasm know that JavaScript is supported everywhere so for older web browsers, they are providing a polyfill — a JavaScript script that will convert WebAssembly bytecode into asm.js for those browsers that don't support wasm. 
 
<a href="http://tutorial-hemlet.blogspot.com/2015/07/webassembly-new-standard-for-web-apps.html" rel="nofollow">WebAssembly</a> is still in its early days of development with no formal standards as of now. The specifications and the high-level design has also not decided yet, but with all four major browser developers working together, wasm should appear soon. 
 
The future possibilities for <a href="http://tutorial-hemlet.blogspot.com/2015/07/webassembly-new-standard-for-web-apps.html" rel="nofollow">WebAssembly</a> file format are being explored on GitHub page. However, a new WebAssembly Community Group has already been formed by the World Wide Web Consortium (W3C), which is open for anyone to join. These are FAQs that will give you more details on the group plans. 
 
<a href="http://thehackernews.com/" rel="nofollow" target="_blank">Source</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2762170297395427125'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2762170297395427125'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/webassembly-new-standard-for-web-apps.html' title='WebAssembly New Standard for Web Apps'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-8885592784019631978</id><published>2015-07-03T14:53:00.000+07:00</published><updated>2015-07-03T14:53:00.384+07:00</updated><title type='text'>Android Apps To Make You Smarter!</title><content type='html'>Duolingo
 
Duolingo is a free app that can help you learn languages. The app can teach you Spanish, French, German, Italian, Portuguese, Dutch, Irish, Danish, Swedish, and English in a totally entertaining manner. The best part is that the app is totally free and ad-free. Duolingo has 34 hours of tutorial for each language. These tutorials are equivalent to the semester of a university-level education. 
 
Kindle 
 
Kindle app for <a href="http://tutorial-hemlet.blogspot.com/2015/07/android-apps-to-make-you-smarter.html" rel="nofollow">Android </a>gives you access to the entire library of Kindle. Kindle store has over a million books. The app is must for book lovers. You can also enjoy popular magazines through this app. The app lets you sync your eBooks too. The app is full of rich features like built-in dictionary, Google search and Wikipedia. Kindle store also offers decent number of free books to its users.
 
Today in History 
 
<a href="https://tutorial-hemlet.blogspot.com/2015/07/android-apps-to-make-you-smarter.html#more">Read more »</a></content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8885592784019631978'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8885592784019631978'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/07/android-apps-to-make-you-smarter.html' title='Android Apps To Make You Smarter!'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-1467531994673488201</id><published>2015-06-27T15:12:00.000+07:00</published><updated>2015-06-27T15:12:00.201+07:00</updated><title type='text'>Rombertik Malware Payload</title><content type='html'>Security researchers have discovered a new strain of malware that makes use of extraordinary measures to evade detection and analysis, making the computer it infects unusable.
 
Dubbed Rombertik, which is "unique" among other self-destructing malware samples due to its unique evasion techniques. As soon as any analysis tool is detected, Rombertik attempts to delete the device's Master Boot Record (MBR) and home directories, making the machine constantly restart. 
 
Rombertik is a complex piece of spyware designed to "indiscriminately" collect everything a user does online in order to obtain victim’s login credentials and other confidential information. 
 
Infects users via Phishing campaign: 
 
<a href="http://tutorial-hemlet.blogspot.com/2015/06/rombertik-malware-payload.html" rel="nofollow">Rombertik</a> typically gets installed on vulnerable machines when users click on malicious attachments included in phishing emails, Cisco security researchers Ben Baker and Alex Chiu said in a blog post Monday. 
 
Once loaded into the system, <a href="http://tutorial-hemlet.blogspot.com/2015/06/rombertik-malware-payload.html" rel="nofollow">Rombertik</a> first runs a series of anti-analysis checks to determine if it is running within a sandbox. 
 
In case it isn’t running within the sandbox, <a href="http://tutorial-hemlet.blogspot.com/2015/06/rombertik-malware-payload.html" rel="nofollow">Rombertik</a> decrypts and installs itself on the victim's machine, which then allows the malware to launch a second copy of itself and overwrite the second copy with the malware's core spying functionality.&nbsp; 
 
<a href="http://silent-consultant.blogspot.com/2015/06/rombertik-malware-destroy-hard-drive.html" rel="nofollow">Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1467531994673488201'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1467531994673488201'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/rombertik-malware-payload.html' title='Rombertik Malware Payload'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-781346972102816678</id><published>2015-06-23T15:09:00.000+07:00</published><updated>2015-06-23T15:09:00.446+07:00</updated><title type='text'>New GPU-based Linux Rootkit </title><content type='html'>The world of hacking has become more organized and reliable over recent years and so the techniques of hackers.
 
Nowadays, attackers use highly sophisticated tactics and often go to extraordinary lengths in order to mount an attack. 
 
And there is something new to the list: 
 
A team of developers has created not one, but two pieces of malware that run on an infected computer’s graphics processor unit (GPU) instead of its central processor unit (CPU), in order to enhance their stealthiness and computational efficiency. 
 
The two pieces of malware: 
 
&nbsp; &nbsp; Jellyfish <a href="http://tutorial-hemlet.blogspot.com/2015/06/new-gpu-based-linux-rootkit.htm" rel="nofollow">Rootkit </a>for Linux operating system 
&nbsp; &nbsp; Demon Keylogger 
 
<a href="http://silent-consultant.blogspot.com/2015/06/new-gpu-based-linux-rootkit-and.html" rel="nofollow">Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/781346972102816678'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/781346972102816678'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/new-gpu-based-linux-rootkit.html' title='New GPU-based Linux Rootkit '/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-3392787123426155262</id><published>2015-06-19T14:59:00.000+07:00</published><updated>2015-06-19T14:59:00.242+07:00</updated><title type='text'>Hacker Bypass Extension Password Alert </title><content type='html'>Less than 24 hours after Google launched the new Phishing alert extension Password Alert, a security researcher was able to bypass the feature using deadly simple exploits.
 
On Wednesday, the search engine giant launched a new Password Alert Chrome extension to alert its users whenever they accidentally enter their Google password on a carefully crafted phishing website that aimed at hijacking users’ account. 
 
However, security expert Paul Moore easily circumvented the technology using just seven lines of simple JavaScript code that kills phishing alerts as soon as they started to appear, defeating Google’s new Password Alert extension. 
 
Google shortly fixed the issue and released a new update to <a href="http://tutorial-hemlet.blogspot.com/2015/06/hacker-bypass-extension-password-alert.html" rel="nofollow">Password Alert extension</a> that blocked the Moore’s exploit. However, Moore discovered another way to block the new version of Password Alert, as well. 
 
The first proof of concept exploit by Moore relied on a JavaScript that looks for instances of warning screen every five milliseconds and simply removes anything it detects. Generally, the warning screen is still there, but the exploit prevented the user from ever seeing it. 
 
Moore (@Paul_Reviews) posted the proof-of-concept JavaScript exploit yesterday, explaining that Google’s Password Alert can be bypassed by anyone using just seven lines of code. 
 
Here’s the Kicker: 
 
However, Google assured its users that the company has now fixed the issue, releasing Password Alert version 1.4. "To update quickly, go to Chrome://extensions/ , enable developer mode, click update extensions now," Google engineer Drew Hintz said. 
 
But Moore didn’t want to stop here. He began analyzing the code for the extension more closely and figured out another way to bypass Password Alert, effectively killing phishing alerts as soon as they generated. 
 
No simple this time baby: 
 
And according to Moore, the second exploit developed by him will be more difficult for Google to repair. 
 
Moore also provided a proof-of-concept video on YouTube showing the attack in action. You can watch the video below: 
 
Now, let’s see how much time the search engine giant would take to fix this issue in its all new <a href="http://tutorial-hemlet.blogspot.com/2015/06/hacker-bypass-extension-password-alert.html" rel="nofollow">Password Alert Chrome Extension</a>. 
 
The technology was just launched by Google on Wednesday, so you can expect some flaws at its early stage. Password Alert extension has been installed by nearly 30,000 Chrome users, who are advised to update version 1.4, the latest version available at the moment, to fix the first issue. 
 
In order to fix another problem, you may have to wait until Google releases the next update. Till then, you are advised to turn on two-factor authentication and use a good password manager to protect yourself against phishing attacks. 
 
<a href="http://thehackernews.com/" rel="nofollow" target="_blank">Source</a> 
 
 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3392787123426155262'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3392787123426155262'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/hacker-bypass-extension-password-alert.html' title='Hacker Bypass Extension Password Alert '/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-8926676656758178963</id><published>2015-06-15T14:57:00.000+07:00</published><updated>2015-06-15T14:57:00.458+07:00</updated><title type='text'>Quantum Operating System</title><content type='html'>So far, we just have heard about Quantum computing that could make even complex calculations trivial, but there are no practical Quantum computers exist.
 
However, the dream of <a href="http://tutorial-hemlet.blogspot.com/2015/06/quantum-operating-system.html" rel="nofollow">Quantum</a> computers could become a reality in coming future. 
 
Cambridge Quantum Computing Limited (CQCL) has build a new Fastest Operating System aimed at running the futuristic superfast quantum computers. 
 
The new <a href="http://tutorial-hemlet.blogspot.com/2015/06/quantum-operating-system.html" rel="nofollow">operating system</a>, dubbed t|kit&gt;, has been featured by CQCL's very own proprietary custom designed high-speed super mechanism, allowing the company to accurately impersonate the working of a quantum processor. <a href="http://www.virthreat.com/2015/06/fastest-operating-system-for-quantum.html" rel="nofollow">Read Full Article</a>
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8926676656758178963'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/8926676656758178963'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/quantum-operating-system.html' title='Quantum Operating System'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-5052925623878505898</id><published>2015-06-11T14:52:00.000+07:00</published><updated>2015-06-11T14:52:00.998+07:00</updated><title type='text'>Android M</title><content type='html'>While majority of smartphone users are waiting for Android 5.0 Lollipop update for their devices, Google is soon going to launch the next version of Android at its official Google I/O 2015 developer event May 28 in San Francisco.
 
Android M — The name of the latest version of Android mobile operating system was spotted at the Google I/O 2015 schedule under the "Android for Work Update" Session, which says… 
 
&nbsp; &nbsp; "Android M is bringing the power of Android to all kinds of workplaces." 
 
According to the company, this will open up "huge new markets for hundreds of Millions of devices to workers at small businesses, logistics, deskless workers, and warehousing jobs." 
 
However, Google appears to have since removed any mention of <a href="http://tutorial-hemlet.blogspot.com/2015/06/android-m.html" rel="nofollow">Android M</a> from Google's I/O website, most probably the company wants to keep it as a surprise for Android users. 
 
Considering the full Android releases with starting letters in alphabetical order, — Android M — strongly believes to be the next version of the Android operating system. 
 
When the Google launched Android 5.0 at its developer conference last year, it was known by the name "Android L" before the company revealed its final name "Lollipop" months later. 
<a href="http://silent-consultant.blogspot.com/2015/06/android-m-latest-android-operating.html" rel="nofollow">Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5052925623878505898'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5052925623878505898'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/android-m.html' title='Android M'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-251741565219071914</id><published>2015-06-07T14:47:00.000+07:00</published><updated>2015-06-07T14:47:00.245+07:00</updated><title type='text'>PayPal Wants To Integrate Password with Human Body</title><content type='html'>You would have been holding a number of online accounts for different services, but how many of you hold a different and unique password for every single account?
 
Probably a very few of you. The majority of people have one or two passwords that are quite simple and easy to remember and comfortably manage on their own. 
 
However, you need not worry as the Future of identification would not rely on Passwords, according to <a href="http://tutorial-hemlet.blogspot.com/2015/05/paypal-wants-to-integrate-password-with.html" rel="nofollow">PayPal’s</a> global head of developer evangelism Jonathan Leblanc. 
 
<a href="http://sources-code-hemlet.blogspot.com/2015/05/hacking-paypal.html" rel="nofollow">Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/251741565219071914'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/251741565219071914'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/paypal-wants-to-integrate-password-with.html' title='PayPal Wants To Integrate Password with Human Body'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-5425001963408995999</id><published>2015-06-03T14:42:00.000+07:00</published><updated>2015-06-03T14:42:00.854+07:00</updated><title type='text'>Magento E Commerce Phishing Attacks</title><content type='html'>The <a href="http://tutorial-hemlet.blogspot.com/2015/06/magento-e-commerce-phishing-attacks.html" rel="nofollow">Magento</a> Market of <a href="http://tutorial-hemlet.blogspot.com/2015/06/magento-e-commerce-phishing-attacks.html" rel="nofollow">E-commerce </a>websites is at its peak, as today people love to shop online to save their time. However, E-commerce and financial sites stand first in the rundown of potential victims as they manage financial exchanges.
 
The traditional way to target victims of e-commerce sites is to use targeted "<a href="http://tutorial-hemlet.blogspot.com/2015/06/magento-e-commerce-phishing-attacks.html" rel="nofollow">phishing</a>" attacks via social media and emails. But… 
 
…due to increased awareness among the people about the threat of phishing attacks, hackers have now discovered new way — by malvertising legitimate websites where people assume to be safe and secure. <a href="http://silent-consultant.blogspot.com/2015/05/how-to-protecting-magento-ecommerce.html" rel="nofollow">Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5425001963408995999'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5425001963408995999'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/06/magento-e-commerce-phishing-attacks.html' title='Magento E Commerce Phishing Attacks'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-1349476938958223318</id><published>2015-05-27T14:39:00.000+07:00</published><updated>2015-05-27T14:39:00.613+07:00</updated><title type='text'>OpenSSL Patch</title><content type='html'>The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity.
 
In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team announced that OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf will be released Thursday. 
 
&nbsp; &nbsp; "These releases will be made available on 19th March," Caswell wrote. "They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity." 
 
<a href="http://tutorial-hemlet.blogspot.com/2015/05/openssl-patch_27.html" rel="nofollow">OpenSSL</a> is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. 
 
Further details on the mystery security vulnerabilities (CVE-2015-0209, CVE-2015-0285, CVE-2015-0288) are unavailable at this time, although some industry experts have speculated that this high severity flaw could be another POODLE or Heartbleed bug, worst TLS/SSL flaws that are still believed to be affecting websites on Internet today. 
 
Heartbleed was discovered in April last year in an earlier version of OpenSSL, which allowed hackers to read the sensitive contents of users' encrypted data, such as credit card transactions and even steal SSL keys from Internet servers or client software. <a href="http://www.virthreat.com/2015/05/openssl-to-patch-high-severity.html" rel="nofollow">Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1349476938958223318'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1349476938958223318'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/openssl-patch_27.html' title='OpenSSL Patch'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-6766233510671344990</id><published>2015-05-23T21:37:00.000+07:00</published><updated>2015-05-23T21:37:00.670+07:00</updated><title type='text'>Yoast Plugin Vulnerability</title><content type='html'>A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers.
 
The vulnerability actually resides in most versions of a WordPress plugin known as ‘<a href="http://tutorial-hemlet.blogspot.com/2015/05/yoast-plugin-vulnerability.html" rel="nofollow">WordPress SEO by Yoast,</a>’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO). 
 
The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’. 
 
All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today. 
 
SQL injection (SQLi) vulnerabilities are ranked as critical one because it could cause a database breach and lead to confidential information leakage. Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input.<a href="http://www.virthreat.com/2015/05/yoast-plugin-vulnerability.html" rel="nofollow" target="_blank"> Read Full Article</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6766233510671344990'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6766233510671344990'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/yoast-plugin-vulnerability.html' title='Yoast Plugin Vulnerability'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-2699394495387182927</id><published>2015-05-19T21:36:00.000+07:00</published><updated>2015-05-19T21:36:00.329+07:00</updated><title type='text'>OpenSSL Patch</title><content type='html'>he OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity.
 
In a mailing list note published last night, Matt Caswell of the <a href="http://tutorial-hemlet.blogspot.com/2015/05/openssl-patch.html" rel="nofollow">OpenSSL</a> Project Team announced that OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf will be released Thursday. 
 
&nbsp; &nbsp; "These releases will be made available on 19th March," Caswell wrote. "They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity." 
 
OpenSSL is an open-source implementation of the SSL and TLS protocols. It's a technology that's widely used by almost every websites to encrypt web sessions, even the Apache web server that powers almost half of the websites over the Internet utilizes OpenSSL. 
 
Further details on the mystery security vulnerabilities (CVE-2015-0209, CVE-2015-0285, CVE-2015-0288) are unavailable at this time, although some industry experts have speculated that this high severity flaw could be another POODLE or Heartbleed bug, worst TLS/SSL flaws that are still believed to be affecting websites on Internet today. <a href="http://www.virthreat.com/2015/05/openssl-to-patch-high-severity.html" rel="nofollow" target="_blank">Read Full Article</a>
 
 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2699394495387182927'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/2699394495387182927'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/openssl-patch.html' title='OpenSSL Patch'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-790795919933850530</id><published>2015-05-15T21:33:00.000+07:00</published><updated>2015-05-15T21:33:00.452+07:00</updated><title type='text'>Forensic Analysis</title><content type='html'>An often overlooked feature of log management software is the ability to conduct <a href="http://tutorial-hemlet.blogspot.com/2015/05/forensic-analysis.html" rel="nofollow">forensic</a> <a href="http://tutorial-hemlet.blogspot.com/2015/05/forensic-analysis.html" rel="nofollow">analysis</a> of historical events. If your network goes down, your network monitoring tool can tell you what happened, but knowing why it happened is even more valuable.
 
SolarWinds Log &amp; Event Manager has cutting-edge IT search for fast and easy forensic analysis. Here are six ways that the forensic analysis feature of Log &amp; Event Manager can help you piece together what really happened. 
 
You can download a free, fully functional 30-day trial of Log &amp; Event Manager from here. 
 
ID file changes 
 
When collecting logs, you’re going to see millions of file changes. How do you know which ones to isolate? It’s best to isolate file changes against critical files (protected docs, financial information, personal documents, HR records, etc.). 
 
Look at file changes from a forensic approach to determine if suspicious activity has occurred. Often times, a virus will affect file attribute changes such as permissions changes. This could allow the retrieval of information like a password, resulting in unauthorized file or network access. 
 
Forensic analysis can help you identify if files have been changed, when they were changed, and who made the changes. 
 
Identify user activity 
 
You can map user activity using historical data to link together event logs. You can see the activity of one user, a group of accounts, or a specific type of account. 
 
Using Log &amp; Event Manager to collect logs from hundreds devices makes it easy to summarize the log data to surface events, privilege changes, etc. The forensic analysis feature allows you to quickly identify anything that looks unusual in the accounts you are investigating. <a href="http://www.virthreat.com/2015/05/how-to-perform-forensic-analysis.html" rel="nofollow" target="_blank">Read Full Article&nbsp;</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/790795919933850530'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/790795919933850530'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/forensic-analysis.html' title='Forensic Analysis'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-6794710654179940886</id><published>2015-05-11T21:31:00.000+07:00</published><updated>2015-05-11T21:31:00.146+07:00</updated><title type='text'>BEEBONE Botnet</title><content type='html'>U.S. and European law enforcement agencies have shut down a highly sophisticated piece of the botnet that had infected more than 12,000 computers worldwide, allowing hackers to steal victims’ banking information and other sensitive data.
 
The law enforcement agencies from the United States, United Kingdom and the European Union conducted a joint operation to get rid of the botnet across the globe and seized the command-and-control server that had been used to operate the nasty <a href="http://tutorial-hemlet.blogspot.com/2015/05/beebone-botnet.html" rel="nofollow">Beebone </a>(also known as AAEH) botnet. 
 
What’s a Botnet? 
 
A botnet is a network of large number of computers compromised with malicious software and controlled surreptitiously by hackers without the knowledge of victims. 
 
Basically, a "botnet" is a hacker’s "robot" that does the malicious work directed by hackers. 
 
Hackers and Cyber Criminals have brushed up their hacking skills and started using Botnets as a cyber weapon to carry out multiple crimes such as DDoS attacks (distributed denial of service), mass spamming, advertising revenue manipulation, cyber espionage, mining bitcoins, surveillance etc. 
 
However, this is not first time we hear about a sophisticated botnet took down by law enforcement agencies. 
 
Just two months ago, law Enforcement took down Ramnit botnet, which infected over 3.2 Million computers worldwide, and last year the FBI and Europol torn down the GameOver Zeus botnet, although it came back a month after its took down.<a href="http://sources-code-hemlet.blogspot.com/2015/05/beebone-botnet.html" rel="nofollow" target="_blank"> Read Full Article</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6794710654179940886'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6794710654179940886'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/beebone-botnet.html' title='BEEBONE Botnet'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-1922875518995561797</id><published>2015-05-07T21:27:00.000+07:00</published><updated>2015-05-07T21:27:00.058+07:00</updated><title type='text'>Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities</title><content type='html'>Yahoo! has offered $24,000 to a security researcher for finding out and reporting three critical security vulnerabilities in its products including <a href="http://tutorial-hemlet.blogspot.com/2015/05/yahoo-pays-24000-to-hacker-for-finding.htm" rel="nofollow">Yahoo</a>! Stores and Yahoo!-hosted websites.
 
While testing all the company's application, Mark Litchfield, a bug bounty hunter who often works with different companies, discovered three critical vulnerabilities in Yahoo!'s products. All the three vulnerabilities have now been fixed by Yahoo!. 
 
THREE CRITICAL SECURITY VULNERABILITIES 
The first and most critical vulnerability gives hackers full administrator access to Yahoo!'s e-commerce platform, Yahoo! Small Business, a portal that allows small business owners to create their own web stores through Yahoo! and sell merchandise. 
 
According to the researcher, the flaw in the service allowed him to fully administrator any Yahoo store and thereby gain access to customers' personally identifiable information, including names, email addresses, telephone numbers. 
 
BUG ALLOWS FREE SHOPPING 
Beside allowing hackers full admin access to the web stores, the vulnerability could also leverage an attacker to rig a user-run eCommerce web store to let them shop for free, or at a huge discount, Litchfield claimed. 
 
&nbsp; &nbsp; "We could also shop for free by either changing the prices, or creating our own discount code," Litchfield said in an email describing the attack. "Also, we could place an order, then once received, go and refund our money." 
 
A separate but related vulnerability in Yahoo! Stores, second flaw discovered by Litchfield, allows an unauthorized user to edit Yahoo-hosted stores through the app, thereby creating a means for hackers to hijack an online website store. 
 
Last but not the least, Litchfield discovered a critical vulnerability in Yahoo’s Small Business portal that allows hackers to seize administrative access to Yahoo!-hosted websites and gain full, unauthorized access to them. 
 
The Internet giant patched all the three bugs two weeks ago after Litchfield publicly released details and proof of concepts for the exploits on Bug Bounty HQ, a community for Bug Bounties website, established by Litchfield last month for fellow hunters to share their findings. 
 
'ON DEMAND PASSWORD'&nbsp; 
At recent SXSW session, Yahoo! launched 'on-demand passwords,' which it says will eliminate the need for you to ever remember your email password. Whenever you need it, the company will send you a OTP (one time password) via SMS to your mobile phone. 
 
It's sort of two-factor authentication—without the first factor involved, as there is no need of any log-in password to enter by a user. In order to opt-in for the feature follow some simple steps: 
 
&nbsp; &nbsp; Sign in to your Yahoo email account. 
&nbsp; &nbsp; Click on your name at the top right corner to access your account information page. 
&nbsp; &nbsp; Choose Security in the sidebar. 
&nbsp; &nbsp; Click on the slider for on-demand passwords, in order to opt-in. 
&nbsp; &nbsp; Enter your phone number and Yahoo will send you a verification code. 
&nbsp; &nbsp; Enter the code. 
 
Now, next time whenever you will sign in into your email account, Yahoo will send a password via an SMS to your phone when you need it. 
 
Also, the end-to-end email encryption that Yahoo! promised will be available soon by the end of this year. The company gave its first demonstration of the locked down messaging system at SXSW session, and it is also delivering early source code for security researchers to analyze. 
 
<a href="http://thehackernews.com/" rel="nofollow" target="_blank">Source</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1922875518995561797'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/1922875518995561797'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/yahoo-pays-24000-to-hacker-for-finding.html' title='Yahoo! pays $24,000 to Hacker for finding Security Vulnerabilities'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-3546194007481822484</id><published>2015-05-03T21:24:00.000+07:00</published><updated>2015-05-03T21:24:00.345+07:00</updated><title type='text'>Play Store Android App Submissions</title><content type='html'>Google has changed the way it managed apps on the Google <a href="http://tutorial-hemlet.blogspot.com/2015/05/play-store-android-app-submissions.html" rel="nofollow">Play Store</a>. After years of depending on the automated app check process, the company just made some changes to its Play Store policies that will successfully weed out malicious and undesirable apps from <a href="http://tutorial-hemlet.blogspot.com/2015/05/play-store-android-app-submissions.html" rel="nofollow">Google Play store</a>.
 
Google has introduced an update for developers and users that's sure to make some parents happy and some developers sad. The new features are — 
 
&nbsp; &nbsp; Better App Review Process 
&nbsp; &nbsp; Age-Based Rating System 
 
BETTER APP REVIEW PROCESS 
 
The search engine giant announced on Tuesday that it has started employing humans to review apps before they go live on the Google Play Store, a move intended to "better protect the community" and "improve the app catalog." 
 
The new approach would definitely affect app developers, as they'll have to wait for their apps to be approved by Google after they submit them to the Play Store. But, it would keep users safe from harmful malware or offensive content. 
 
"This new process involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle," Google Play product manager Eunice Kim wrote in a blog post, and giving developers specific feedback on what they need to fix before their apps will be listed. 
 
According to the company, this new review process began "several months ago" and "there has been no noticeable change for developers during the rollout." Google simply made an official announcement of the new policy on Tuesday. 
 
The newly updated review status page will give developers "more insight into why apps were rejected or suspended" and will allow them to easily fix the issue and resubmit the apps for minor policy violations. 
 
The company also assured developers that new features wouldn't slowed down the app submission process. 
 
&nbsp; &nbsp; "We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks," Kim wrote. "In fact, there has been no noticeable change for developers during the roll-out." 
 
AGE-BASED RATINGS 
 
Besides the human review element, Google is also rolling out age ratings for apps, which will be based on data from the International Age Rating Coalition (IARC), Entertainment Software Rating Board (ESRB), Pan-European Game Information (PEGI) and more. 
 
&nbsp; &nbsp; "We know that people in different countries have different ideas about what content is appropriate for kids, teens and adults," Google said. "Today's announcement will help developers better label their apps for the right audience." 
 
Developers have to answer some special questionnaires about their apps – such as whether their app contains nudity or curse words – to help independent ratings organisations assign age-based ratings.In the United States, ratings will appear like – Everyone (E), Teen (T), Mature (M), etc. 
 
For now, Age-based rating feature is optional for app developers but will become mandatory for all new app and update submissions in May. "Unrated" apps "may be blocked in certain territories or for specific users." 
 
<a href="http://thehackernews.com/" rel="nofollow" target="_blank">Source</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3546194007481822484'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/3546194007481822484'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/05/play-store-android-app-submissions.html' title='Play Store Android App Submissions'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-6360180200826934133</id><published>2015-04-27T11:59:00.000+07:00</published><updated>2015-04-27T11:59:00.302+07:00</updated><title type='text'>How to use urlcrazy in kali linux </title><content type='html'><a href="http://tutorial-hemlet.blogspot.com/2015/04/how-to-use-urlcrazy-in-kali-linux.htm" rel="nofollow">URLCrazy</a> is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.
 
How to open 
GUI Method 
Application → kali Linux → information gathering → DNS analysis → UrlCrazy 
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
 
Open Terminal type <a href="http://tutorial-hemlet.blogspot.com/2015/04/how-to-use-urlcrazy-in-kali-linux.htm">urlcrazy</a> and hit enter. 
 
This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here. 
Syntax – urlcrazy domain 
Ex – urlcrazy www.google.com 
 
This command is used to check domain popularity. 
Syntax – urlcrazy –p domainname 
EX – urlcrazy –p www.mcdonalds.com 
 
This command is used to show invalid domain name 
Syntax – urlcrazy –I domainname 
EX – urlcrazy –I www.mcdonalds.com 
 
This command is used to do not resolve the DNS 
Syntax – urlcrazy –r domainname 
Ex- urlcrazy –r www.mcdonalds.com 
 
<a href="http://knoxd3.blogspot.com/" rel="nofollow" target="_blank">Source</a> 
<div>
 </div>
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6360180200826934133'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/6360180200826934133'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/04/how-to-use-urlcrazy-in-kali-linux.html' title='How to use urlcrazy in kali linux '/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-5059972166699561397</id><published>2015-04-23T11:57:00.000+07:00</published><updated>2015-04-23T11:57:00.612+07:00</updated><title type='text'>Google Chrome Data Server Extension</title><content type='html'>Google want to save its users&#39; bandwidth at home. The company has released a &quot;<a href="http://tutorial-hemlet.blogspot.com/2015/04/google-chrome-data-server-extension.html" rel="nofollow">Data Saver extension for Chrome</a>,&quot; bringing its data compression feature for its desktop users for the first time.
 
While tethering to a mobile Hotspot for Internet connection for your laptop, this new <a href="http://tutorial-hemlet.blogspot.com/2015/04/google-chrome-data-server-extension.html">Data Saver extension </a>for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. 
 
If you are unaware of it, the data compression proxy service by Google is designed to save users&#39; bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. 
 
REDUCE AS MUCH AS 50% OF DATA USAGE 
 
Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. 
 
 &quot;Reduces data usage [bandwidth] by using Google servers to optimize pages you visit,&quot; the extension&#39;s official description reads. &quot;Browse more for less! When this [Data Saver] extension is enabled, Chrome will use Google servers to compress [web] pages you visit before downloading them.&quot; 
 
When you visit a website, web server delivers the requested files to your browser. If enabled by the server, Gzip compresses web pages and style sheets before sending them over to the browser. 
 
Gzip compression drastically reduces transfer time since the files are much smaller. 
 
<a href="http://tutorial-hemlet.blogspot.com/2015/04/google-chrome-data-server-extension.html" rel="nofollow">Data Saver Extension</a> for Chrome checks if the website you visited has gzip enabled or not. If not, it compresses the requested web page via Google Data Compression proxy and makes it significantly smaller. 
 
&quot;The proxy performs intelligent compression and minification of HTML, JavaScript and CSS resources, which removes unnecessary whitespace, comments, and other metadata which is not essential to the rendering of the page. These optimizations, combined with mandatory gzip compression for all resources, can yield substantial bandwidth savings for the client.&quot; Google explains. 
 
AVAILABLE FOR CHROME 41 AND HIGHER 
 
<a href="https://tutorial-hemlet.blogspot.com/2015/04/google-chrome-data-server-extension.html#more">Read more »</a></content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5059972166699561397'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/5059972166699561397'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/04/google-chrome-data-server-extension.html' title='Google Chrome Data Server Extension'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-4701803441346095986.post-552610926847686202</id><published>2015-04-19T11:49:00.000+07:00</published><updated>2015-04-19T11:49:00.455+07:00</updated><title type='text'>GitHub hit by Massive DDoS Attack</title><content type='html'>Popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night.
 
It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu, the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. 
 
The code instructs browsers of visitors to those websites to rapidly connect to <a href="https://github.com/" rel="nofollow" target="_blank">GitHub.com</a> every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x. 
 
&nbsp; &nbsp; "A certain device at the border of China’s inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight Labs. 
&nbsp; &nbsp; "In other words, even people outside China are being weaponized to target things the Chinese government does not like, for example, freedom of speech." 
 
The attack specifically targets two popular <a href="http://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html" rel="nofollow">Github</a> projects – GreatFire and CN-NYTimes – anti-censorship tools used to help Chinese citizens circumvent The Great Firewall Of China, the government's censorship of Internet access in China. 
 
GreatFire – A well-known group on <a href="http://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html" rel="nofollow">Github</a> that fights against Chinese government censorship of the Internet. 
 
CN-NYTimes – A group that hosts New York Times mirrors to allow Chinese citizens to access the news website, which is normally blocked in China. 
 
Since Baidu search engine is extremely popular, the attack results in the massive flood of traffic on the Github website which begun around 2 AM UTC on Friday and last for more than 24 hours. 
 
GitHub said yesterday that the flood of traffic, a continuous string of distributed denial-of-service attacks, caused irregular outages and that their admins have been working to mitigate the attack with periodic success. 
However, the most recent status on the site says the company has deployed new defenses. 
 
"We're aware that GitHub.com is intermittently unavailable for some users during the ongoing DDoS," GitHub said in a message posted at 1549 UTC Friday. 
 
"Restoring service for all users while deflecting attack traffic is our number one priority. We've deployed our volumetric attack defenses against an extremely large amount of traffic. Performance is stabilizing," a message posted by <a href="http://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html" rel="nofollow">Github</a> at 15:04 UTC says. 
 
Later, the company noted, "We've been under continuous DDoS attack for 24+ hours. The attack is evolving, and we're all hands on deck mitigating." 
 
The researcher analyzed the attack and dug out the injected JavaScript that looks like this (pastebin), once unscrambled. 
 
Chinese search engine giant has denied any involvement in the current <a href="http://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html" rel="nofollow">DDoS </a><a href="http://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html" rel="nofollow">attack</a>, saying that Baidu was not intentionally involved in any traffic redirection. "We've notified other security organizations," the company said in a statement, "and are working together to get to the bottom of this."
 
<a href="http://thehackernews.com/" rel="nofollow" target="_blank">Source</a> 
</content><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/552610926847686202'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/4701803441346095986/posts/default/552610926847686202'/><link rel='alternate' type='text/html' href='https://tutorial-hemlet.blogspot.com/2015/04/github-hit-by-massive-ddos-attack.html' title='GitHub hit by Massive DDoS Attack'/><author><name>admin</name><uri>http://www.blogger.com/profile/02033149918343548108</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry></feed>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid Atom 1.0" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=http%3A//tutorial-hemlet.blogspot.com/atom.xml"><img src="valid-atom.png" alt="[Valid Atom 1.0]" title="Validate my Atom 1.0 feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//tutorial-hemlet.blogspot.com/atom.xml

Home · About · News · Docs · Terms