amicki com Explainer video

How to stop wimdows 10 from stealing your bandwidth

 Windows 10 steals your internet bandwidth without your knowledge to share updates with others. This option is enabled by default in Windows 10 Home and Windows 10 Pro. You can turn this feature off in your update settings. Read more to know detailed instructions.

Long back, fossBytes reported that Windows 10 will be downloading and distributing updates to others using peer-to-peer (P2P) protocol. Now that Windows 10 is released, and you can grab with even without any upgrade icon, Windows 10 is busy using your internet connection to distribute updates to other people on the Internet. Actually, Microsoft has done this to reduce the stress on its servers.  Earlier, it was expected that this feature will only work for PCs on your local networks.

Windows 10 steals your internet bandwidth due to a feature called Windows Update Delivery Optimization. It is enabled in Windows 10 Home and Windows 10 Pro versions. Windows 10 Enterprise and Education have this feature enabled, but it works only for the PCs on your own local network.

Just like torrents, everyone having Windows 10 on their PCs, by default distributes some updates to the people who need it. This makes the update process for other fast and less troublesome for Microsoft. Using your data connection to share updates may seem like a good gesture, but what if your data connection isn’t unlimited?

Also read: How to Regain Up To 20GB Disk Space After Windows 10 Upgrade

For those who are having a limited data connection, this feature will use lots of your allotted data and you won’t even realize it. Microsoft has said that this feature will only share updates and it won’t download or send any personal data.

Windows 10 steals your Internet Bandwidth, How to Stop It?

Follow these simple steps to turn off the Windows Update Delivery Optimization feature in Windows 10 to save your data:

• Search for “Windows update settings” in the Start menu and click on the desktop app.

• Under the “Windows Update”, find and click on “Advanced options.”

• Now under “Choose how updates are installed” click “Choose how updates are delivered.”

• Disable the toggle under “Updated from more than one place.”

This looks a great feature for getting updates quickly and sharing updates with your local network PCs if you are running Windows 10 Enterprise and Windows 10 Education. But knowing that Windows 10 steals your Internet bandwidth on Windows 10 Home and Windows 10 Pro versions, and spends your data without your knowledge, it doesn’t feel that great.

Second Bank hit by Malware attack similar to $81 Million Bangladesh Heist

2016-05-12T22:22:00-11:00 

SWIFT, the global Society for Worldwide Interbank Financial Telecommunications, warned on Thursday of a second malware attack similar to the Bangladesh central bank hack one that led to $81 million cyber heist.

In February, $81 Million cyberheist at the Bangladesh central bank was carried out by hacking into SWIFT, the global financial messaging system that thousands of banks and companies around the world use to transfer billions of dollars every day.

However, the hackers behind the cyber heist appear to be part of a comprehensive online attack on global banking and financial infrastructure.

The second attack involving SWIFT targeted a commercial bank, which the company declined to identify. SWIFT also did not immediately clear how much money, if any, was stolen in the attack.

However, SWIFT spokeswoman Natasha de Teran said that the second attack and the Bangladesh bank heist contained numerous similarities and were very likely part of a "wider and highly adaptive campaign targeting banks," the NY Times reported.

The malware involved in the Bangladesh cyber heist was used to manipulate logs and erase the history of the fraudulent transactions, and even prevented printers from printing the fraudulent transactions.

The malware used in the attack also has the capability to intercept and destroy incoming messages confirming the money transfers, preventing hackers to remain undetected.

SWIFT said in a statement that the attackers clearly exhibited "a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both."

News of a second attack involving SWIFT comes as law enforcement authorities in Bangladesh and elsewhere investigate the February's $81 Million cyberheist at the Bangladesh central bank account at the New York Federal Reserve Bank.

The hackers had attempted to steal $951 Million in total from Bangladesh central bank account using fraudulent transactions, but a simple typo by hackers halted the further transfers of the $850 Million funds.

SWIFT has acknowledged that the scheme involved Bangladesh cyberheist did not harm its core messaging system.

However in both the cases, insiders or hackers had successfully penetrated the targeted banks' systems, pilfering user credentials and submitting fraudulent messages that correspond with money transfers.

Facebook Open Sources its Capture the Flag (CTF) Platform

Hacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment?

Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices.

Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks.

The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised.

Facebook  CTF Video Demo:

Since 2013, Facebook has itself hosted CTF competitions at events across the world and now, it is opening the platform to masses by releasing its source code on GitHub.

"We built a free platform for everyone to use that takes care of the backend requirements of running a CTF, including the game map, team registration, and scoring," said Gulshan Singh, Software Engineer at Facebook Threat Infrastructure.

In general, Capture The Flag competition hosts a series of security challenges, where participants have to hack into defined targets and then defending them from other skilled hackers.

"The current set of challenges include problems in reverse-engineering, forensics, web application security, cryptography, and binary exploitation. You can also build your own challenges to use with the Facebook platform for a customized competition," Mr. Singh said.

Many institutions and organizations now have realized that gamification of cyber security and hacking is beyond the traditional ways to train your mental muscles and keep sharp your skills that otherwise only come up when doomsday scenarios happen.

Courtesy: THN

Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet

Did you install the latest update OS X 10.11.4?

If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time.

Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a privilege escalation vulnerability that could affect 130 Million Apple customers.

Just last week, we reported about a critical privilege escalation vulnerability in Apple's popular System Integrity Protection (SIP) security mechanism, affecting all versions of OS X operating system.

Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines.

SIP Bypass Exploit Code Fits in a Tweet

Interestingly, Stefan Esser, a security researcher from Germany, has released a new exploit code to bypass latest patched version of SIP application, which just fits in a Tweet.

Here's the exploit code -- It can be used to modify a crucial OS X configuration file that not even root user is allowed to touch, reported The Register.

ln -s /S*/*/E*/A*Li*/*/I* /dev/diskX;fsck_cs /dev/diskX 1>&-;touch /Li*/Ex*/;reboot

The above code actually expands to:

ln -s /System/Library/Extensions/AppleKextExcludeList.kext/Contents/Info.plist /dev/diskX

fsck_cs /dev/diskX 1>&-

touch /Library/Extensions/

Reboot

The above exploit code successfully bypasses Apple's SIP technology, allowing one to run processes as it is pleased.

What is System Integrity Protection (SIP)?

Apple introduced SIP, a security protection feature to the OS X kernel, with the release of OS X El Capitan, which is designed to restrict the root account of OS X machines and limit the actions a root user can perform on protected parts of the system.

Besides this, System Integrity Protection (SIP) also helps prevent software from changing your startup volume, blocks certain kernel extensions from being loaded and limits the debugging of certain apps.

System Integrity Protection or SIP, by default, protects these folders: /System, /usr, /bin, /sbin, along with applications that come pre-installed with OS X.

This is really a bad time for Apple and its users. Now, let's hope that the company would be more vigilant with its upcoming patch update.