Latest News

Suicide on Live TV: Fox News Suicide | Man Carjacked People, Shot at Cops Before Shooting Himself on Live TV

The man whose suicide was broadcast live across the country on Fox News this afternoon had stolen a car in Phoenix and shot at police officers this morning, according to Phoenix police.

Phoenix police Sergeant Tommy Thompson tells New Times that police have not figured out who this man is yet, but police were after him for quite some time.


See also:
-Fox News Just Showed a Man Shoot Himself in the Head Outside of Phoenix on Live TV

Someone called police this morning, reporting that a man walking near 72nd Avenue and McDowell Road this morning had hit a car, although it's not clear exactly what he did to that car.

While officers were responding to that, the man somehow managed to rob people of their car -- not the same vehicle he damaged.

Police spotted him shortly after he stole the car, and after chasing the man for a while, police dropped back into "surveillance," Thompson says. Undercover vehicles and helicopters were following him at this point.

Near 44th Avenue and Roosevelt, two officers -- one inside an undercover vehicle, the other standing outside a second undercover vehicle -- were parked off to the side of the road. Thompson says the man drove to the other side of the road and shot at the officers before driving his car onto Interstate 10.

At least one car was hit with a bullet, but the officers themselves were not hit.

By the time the man drove out to around 500th Avenue, he exited the interstate, drove south, and started heading back east.

Fox News anchor Shepard Smith had to apologize on-air Friday afternoon after Fox aired a suicide live on national television. Smith explained there was an error in the network's delay system, which should have given a five-second buffer between any inappropriate footage and the viewing public.

In those five seconds, producers should have been able to turn the feed off and prevent it from reaching viewers. Unfortunately, that delay failed just as a man involved in a high-speed police chase in Arizona shot himself in the head after exiting his vehicle. At the time the unidentified man shot himself, the camera was trained squarely on him and nothing was censored.

Fox News executive VP Michael Clemente issued the following statement to the news media:
We took every precaution to avoid any such live incident by putting the helicopter pictures on a five second delay. Unfortunately, this mistake was the result of a severe human error and we apologize for what viewers ultimately saw on the screen.


Revenge For Mohammed Film: Islamic Hacker Group Hacked Websites Of U.S. Banks


A hacker group based in the Middle East has flaunted its online muscle against several of America’s largest financial firms, temporarily keeping customers from accessing their information on banking websites and promising similar shut downs again next week.

But while cyberattacks are routinely done to glean private account information, this threat appears different — it’s political.

The group — identifying itself as the Izz ad-Din al-Qassam Cyber Fighters — claimed responsibility in a post on Pastebin, a site used by hackers, according to The New York Times.

The group said the attacks are linked to the anti-Islam film that sparked deadly protests this month across the Muslim world.

“Insult to a prophet is not acceptable especially when it is the Last prophet Muhammad,” the post said. “So as we promised before, the attack will be continued until the removal of that sacrilegious movie from the Internet.”

Websites of JPMorgan Chase, Citigroup and Bank of America were affected last week, while Wells Fargo’s website was hit Tuesday, U.S. Bank was affected Wednesday and PNC Financial Services was disrupted Thursday.

New version of Blackhole has added more obfuscation technologies to frustrate security professionals


The first Blackhole exploit kit was bad, but version 2.0 is starting to look even nastier. 

Websense Inc. recently reported they had sent a Russian-speaking undercover researcher to feel around for information on any updates to the kit. What he found in the code looked suspiciously like a new, improved version of the hacking tool. 

And now, according to Chris Astacio, manager of security research at Websense, they’re confident that Blackhole 2.0 has indeed arrived and is now going to be harder to detect.

Astacio said his company found two significant upgrades to Blackhole. The first is code that allows users to create their own custom URLs, rather than having to use a standard one. This makes it harder to identify the kit.

The second is the addition of IP blocking capabilities. Hackers can now keep an IP blacklist of anyone visiting the URL hosting the binary, rather than simply the people visiting the landing page.

This means that security professionals can more effectively be stymied in their efforts to download the binaries and examine them, he said.

The creator or creators of the Blackhole kit seem remarkably keen on changing the methods of obscuring it, he added. This doesn’t happen “anywhere near as often for other kits,” said Astacio. For example, the obfuscation for the Phoenix exploit kit is changed every time a new version emerges, roughly three to six times a year, whereas with Blackhole, “we’ve seen as often as one to two times a month,” he said.

If you’re a hacker selling exploit kits, this is simply good business sense. It allows campaigns to run longer by keeping them out of reach of security pros longer, he added.

Astacio would not discuss specifics of how members of his team get access to the underground sites where the kits can be downloaded, though he did say that some of the “more rich communities” with obscure types of kits have extensive vetting processes.

An undercover researcher would have to engage in a bit of “asset gathering” — finding someone who can vouch for them and get them in the door. After that, it’s just a matter of keeping your head down,” he said.

“Definitely you don’t want anybody within that forum to know that you’re a researcher, a security researcher at that,” Astacio said. If they do find out, retribution could come in the form of anything from simply kicking the person off the forum to “DDoSing their Web site that perhaps hosts a blog that releases information like this.”

But for the most part, researchers that do infiltrate these communities are protected well enough by the sheer number of people, hackers or not, viewing the site, Astacio said.

As for protecting yourself, as an Internet user, from constantly changing exploit kits like Blackhole, Astacio advises being vigilant about updating and patching your system.

“The most important thing that people can do to keep themselves safe from these kits is absolutely keep… all of their plugins up to date — so your PDM [portable document management] viewer, your Flash viewer, as well as Java, of course, being the most important one.”

“As long as you keep all your Web-based software up to date on your computer you should be fine.”

But sometimes, with threats like the recently discovered zero-day vulnerability in Java, that isn’t enough, he said. Those kinds of dangers can only be identified by security firms, like his own, which are constantly examining the content of malicious sites, he said.

SOURCE:  Canadian IT News

SCADA: Telvent's Corporate Network Hacked | China to blame?


SCADA software maker, Telvent Canada, Ltd, a subsidiary of Schneider-Electric, confirms that its corporate network was compromised and files used by customers were also accessed.

Telvent Canada (www.telvent.com), a provider of SCADA software and other real-time tools for the utility and oil and gas industries, revealed in a recent letter to customers that a recent intrusion to its netowork had been executed by a Chinese group, called the Comment Group.Telvent Canada has contacted customers to warn them that a hacker or hackers breached its system, installed malware and stole files relating to OASysS SCADA. Brian Krebs, who made the story public, notes that this is an industrial control system designed for “smart grids” that track and respond to changes in demand.

Telvent itself says the system” ensures reliability by managing the distribution network and maintaining its operational integrity. It plays a central role in Smart Grid self-healing network architecture and improves overall grid safety and security.

Telvent's parent company, Schneider Electric (www.schneider-electric.com) released a statement. Martin Hanna, a spokesman for Schneider Electric, said, "that the company had alerted customers to the attack and that there was no evidence the attackers ever had the ability to access customers' networks. Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained,"

The recent attack coincided with the Telvent announcement of a partnership with Industrial Defender on Sept 12. Industrial Defender offers a product called Automation Systems Manager (ASM), which collects and analyzes data from software applicaitons that provide a clear view of critical control applications.

Indian Naval Critical Data Transmitted to China


Every officer of the Indian Air Force (IAF) will now have to sign a declaration that they will not save or view any official document on personal computers. Failure to adhere to this directive will lead to a court marshal and prosecution.

The recent directive from the IAF headquarters to all its formations across the country comes after repeated leaks of sensitive documents - some of which are of operational and sensitive in nature - from personal computers of officers and men.

In a recent case, operational documents were found on the personal computer of a young pilot posted at an airbase in Tamil Nadu. A court of inquiry has been initiated.

In another incident this July, it was found that classified data regarding Indian Naval operations were transmitted to IP addresses in China. Later, inquiries revealed that a few naval officers had, against the rules, taken copies of the plans in pen drives from a naval computer, to study. The Chinese-made pen drives allegedly had malwares which transmitted the data back to IP addresses in China once they were used on computers connected to the internet.

Earlier last year, a major with the Indian Army posted in the crucial Andaman and Nicobar Command was investigated by the Intelligence Bureau (IB) and the National Investigative Agency (NIA) when classified Army plans and other sensitive operational data stored in his personal computer reached Pakistan's Inter-Services Intelligence Agency (ISI). The inquiry revealed that the Major was preparing for a course, and had taken copies of presentations and plans in his personal computer, which was subsequently hacked by malware originating from Pakistan.

In almost every case of cyber leak, subsequent inquiries have revealed that officers wanting to study the documents at leisure copied the data from the official systems into their personal computers, and the data later found its way into the cyberspace.

Over the years, cyberspace has emerged as a critical frontier for espionage as the use of computers and dependence on the internet has grown. Thus, document security has emerged as one of critical areas of concern for the government. It is perhaps alluding to these increasing instances of the cyberspace being used by foreign agencies to collect critical information. Prime Minister Manmohan Singh, while addressing top cops of the country at the annual security conference hosted by the Intelligence Bureau earlier this month, said, "Our country's vulnerability to cybercrime is escalating... Large-scale computer attacks on our critical infrastructure and economy can have potentially devastating results. The government is working on a robust cyber security structure."

The Indian armed forces are considering a joint cyber command to deal with document security and hackers, many of whom are funded and used by foreign governments searching for sensitive and strategic information. The Indian Navy has come up with an exclusive Information Technology brigade to be deployed on warships and various sensitive establishments on shore to manage and secure the network and data.

As a general rule, computers in which sensitive information are stored or prepared are never connected to the internet. "The IAF internal communication network, for instance, is not only a stand-alone network with no connection to the net, but also has the system configured in such a way that it doesn't allow external storage devices like pen drives or CDs," a senior MoD official told NDTV. Nonetheless, some officers have been found "keeping copies or preparing documents using critical information in their personal computers, which have subsequently passed out by malwares in the system or hacked," the officer added.

3 Best Gmail Tips: How to Use Custom Gmail Addresses | How to Use Gmail as a Hard Drive | How to access GMAIL without Internet

Use Custom Gmail Addresses

You can make up an unlimited number of arbitrary email addresses to use. You can use all these addresses when making a purchase online or want to track a conversation or anything else.These email addresses you can create using plus-addressing.

Simply append a plus sign (+) and any string of letters or numbers (meaningful to you). For e.g. my mail id is amarjitsingh1984@gmail.com. Now I can create as many custom emails as I can. For all my online shopping’s, I am using amarjitsingh1984+shopping@gmail.com and to follow any comments stream online I am using amarjitsingh1984+comments@gmail.com. I can further create subtags such as amarjitsingh1984+News+hacking@gmail.com & amarjitsingh+News+cricket@gmail.com.

The magic of these email address is that all plus-addressed emails I am receiving to my mail id amarjitsingh1984@gmail.com itself only. Here I can use filters and labels in Gmail inbox as per my convenience.

Some of my favorite uses of plus-addressing are:

· Informing my mates for biking trip: I am inviting all my Venturous Bikers Team usingamarjitsingh1984+bikers@gmail.com and copying myself a copy to keep track. To finalize a trip, it takes around 20-30 days, so I can easily keep track all emails.

· Subscribing News Letters: All my newsletters I subscribed using unique mail ID. For e.g. useamarjitsingh1984+quickonlinetips@gmail.com to subscribe www.quickonlinetips.com newsletter & using amarjitsingh1984+hacking@gmail.com to subscribe hacking sites news letter.

Use Gmail as a Hard Drive

GMail Drive (http://www.viksoe.dk/code/gmail.htm) provides 2+ gigabytes of storage allotted to your Gmail account right onto your desktop. It looks and feels just like a regular hard drive, and it’s not available locally of course. This drive is networked.

Open http://www.viksoe.dk/code/gmail.htm and in download section, you will see Gmail Drive. Download it and install.


Enter your Gmail username and password and click the OK button to log in. Your drive will be ready to use. Simply drag and drop the data and files to and fro between your local drive and GMail Drive.

NOTE: Mac OS X (10.3 or above) users should check out the freely available gDisk (http://gdisk.sourceforge.net) that adds a Gmail-powered drive to your desktop.

TIP: Using this Gdrive, no need to stick with pendrive or any other external drive. Go to your friend’s place, open Grive and copy paste the required data. Now come back to you system and open it. SO SIMPLE.

How to access GMAIL without Internet

Using this gmail tool, you can access all you gmail mails even when you are not connected with internet also. Similarly like we are using outlook for or official purpose, you can use gmail. All you mail you send while offline will be placed in you outbox and automatically send when you connected to internet.

Once you turn on this feature, you need to download gmail gears on your system. As long as you stay connected with internet, this gear will continuously synchronize the cache on local system with gmail server .

Just follow these steps to get started:

· Click Settings and click the offline tab in your gmail inbox.

· Select Enable next to Offline Gmail.

· Click Save Changes.

· A POP up window will open asking to install gmail gears on your system. Click install

· After your browser reloads, you'll see a new "Offline" link in green in the upper righth corner of your account, next to your username. Click this link to start the offline set up process and download Gears if you don't already have it.



Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

3 Best Tips before you do Google Searching again

Google queries are not case sensitive: Google doesn’t care if you type your query in lowercase letters (hackers), uppercase (HACKERS), camel case (hAcKeR), or psycho-case (haCKeR)—the word is always regarded the same way.This is especially important when you’researching things like source code listings, when the case of the term carries a great deal of meaning for the programmer.The one notable exception is the word or. When used as the Boolean operator, or must be written in uppercase, as OR.

Google wildcards: Google’s concept of wildcards is not the same as a programmer’s concept of wildcards. Most consider wildcards to be either a symbolic representation of any single letter (UNIX fans may think of the question mark) or any series of letters represented by an asterisk. This type of technique is called stemming. Google’s wildcard, the asterisk
(*), represents nothing more than a single word in a search phrase. Using an asterisk at the beginning or end of a word will not provide you any more hits than using the word by itself.

Google reserves the right to ignore you: Google ignores certain common words, characters, and single digits in a search.These are sometimes called stop words. When Google ignores any of your search terms, you will be notified on the results page, just below the query box. Some common stop words include who, where, what, the, a, or an. Curiously enough, the logic for word exclusion can vary from search to search.

Learn How to Create your own SMS channel on Google to update your latest posts through SMS

I have created 3 channels for my 3 blogs as cited below:





Step 1:
Open this link on your browser http://labs.google.co.in/smschannels/browse

Step 2: Before subscribing to or creating an SMS Channel, you need to select a nickname and verify your mobile number.
Step 3: Give you nick name and mobile number and click on "send verification code". You will receive an SMS with verification code. Enter verification code and click on finish setup.

Step 4: To subscribe available channels, click on subscribe button.
Step 5: To Create your own channel and to alert your friends in real time through SMS CLICK HERE. You can create your own channel(s) to receive regular alerts over SMS on specific topics that interest you. You can also invite others to subscribe to your channel(s). You can use your channel(s) as a discussion group as well, allowing other people to post messages.

Step 6: After filling all the information, click on create channel

Adobe Announced Security Breach: Code-Signing Server Hacked | Hacking News & Cyber Updates: 28th Sept 10 PM


City of Lumberton's website hacked
Sacramento Bee
LUMBERTON, N.C. -- The city of Lumberton's website has been hacked for more
than two hours by someone who said he was a Turkish Muslim. Lumberton
information management director Travis Branch says someone embedded a message
on the city's ...
See all stories on this topic »
US Bank, PNC hacked, report website problems
WZZM
(AP) - Two more major American banks, U.S. Bank and PNC, reported problems with
their customer websites Wednesday after a financial services security group warned 
about possible cyberattacks. U.S. Bank spokesman Tom Joyce said some customers ...
See all stories on this topic »
Philippine websites hacked over cybercrime law
Phys.Org
The group calling itself "Anonymous Philippines" hacked websites for the central
bank, the Manila water service and other agencies to say the bill, which was signed 
into law earlier this month, violated people's rights. "The Philippine government has ...
See all stories on this topic »
Sarasota employees hacked police network, consultant says
Sarasota Herald-Tribune
The report of a secret electronic link between City Hall and the law enforcement network
— where confidential records and security databases are supposed to be guarded — 
adds a new wrinkle to an investigation that has already triggered the city ...
See all stories on this topic »
Facebook and Gates Foundation host education hackathon
CNET
"At Facebook, we believe that a more open and connected world can have a big impact in addressing some of society's biggest issues," the social network wrote in a blog post about "HackEd" today. "Nowhere is that opportunity more clear than education."...
See all stories on this topic »

Lumberton website hacked, person claiming to be Turkish Muslim posts message
Fayetteville Observer
LUMBERTON - The city of Lumberton's website was hacked Wednesday night by
someone who says he is a Turkish Muslim and goes by the name SlyHacker. A
message was embedded over the city's site about 10:30 p.m., said Travis Branch,
director of the ...
See all stories on this topic »
Prison CCTV System has been Hacked by a Worm Named Conficker
SPAMfighter News
The famous conficker worm have hacked all the computers that control closed circuit
television (CCTV) system of an unknown prison, as published by softpedia.com on
September 19, 2012. Representatives from the correctional institutions were adamant
that ...
See all stories on this topic »
Cybercrime: Islamist group claims it hacked Wells Fargo site
Equities.com
Cybercrime: Islamist group claims it hacked Wells Fargo site. Dominic Rushe in New
York Guardian. US banking company Wells Fargo is believed to have become the latest
victim of a cyber attack launched by a group pledging retaliation for the Innocence ...
See all stories on this topic »
Zynga Games Lose A Couple Hundred Thousand Fans In The Facebook Fake ...
Kotaku Australia
Facebook has implemented countermeasures to purge fake, forged, hacked or otherwise
unsavory 'Likes' from its pages, resulting in the sudden departure of several hundred 
thousand of Zynga's several hundred million fans. The 'Like' is a powerful unit of ...
See all stories on this topic »
Cops: Hampton Bays Man Stole $9600 With Computer
Patch.com
19, saying he hacked into a someone's personal bank account and helped himself to
$9,600. Police said 28-year-old Matthew Rewinski was charged with grand larceny in the 
third degree and two counts of computer tampering in the first degree, both ...
See all stories on this topic »
Adobe finds a code-signing server has been hacked - The Next Web
By Emil Protalinski
Adobe today announced it has been subject to a significant security breach, including a compromised build server resulting in at least one valid Adobe code signing certificate
being used maliciously. As a result, the software company will be ...
The Next Web

Blogger Blogs Being Hijacked By Instagram Gadgets

We're seeing a noticeable amount of noise today, from blog owners reporting that their blogs appear to be susceptible to antivirus detection - and others reporting that their readers are complaining of mysterious misdirection, when viewing their blogs.
My blog is struggling to fully load, and hangs saying "Waiting for platotv . com" and "Waiting for directagain . net"
and
I'm getting warnings from Avast when I try to view my blog!


Upon examination of the blogs affected, we see a large number which contain the "I'm An Instagram Addict!", or similar, gadget. Most blog owners who admit to having an Instagram gadget have reported relief, having removed the gadget in question. We're still looking, to see where these dodgy gadgets are coming from.

(Update 2012/10/08): We are now seeing suggestions from various people, representing themselves as employees of "BadgePLZ", suggesting that the problems with their code has been fixed.

If your blog is generating antivirus alerts - or if your readers report misdirection - you may wish to remove any Instagram accessories, recently installed. You may wish to clear cache and restart the browser, after removal. You may need direct access to various dashboard wizards, in some extreme cases.

Right now, the majority of the problems reported seem to involve an "IFrame", targeting "badgeplz . com".
<iframe src='http : // badgeplz . com / instagram / ?u=mun_mun90&t=c&bgclr=f2f2f2&brclr=cccccc&px=1&py=5&pb=5&brds=5&incls=n&svc=instagram&pbclr=ffffff&sze=75' allowtransparency='true' frameborder='0' scrolling='no' style='border:none; overflow:hidden; width:118px; height: 482px'></iframe>
We're currently unsure whether this is an intentional hijacking, or simply bad coding. Until the owners of "badgeplz . com" state their intentions, we'll simply advise you to remove this gadget, if you have added it to your blog.

As usual, I'll caution you against indiscriminate installation of third party gadgets, in general.

>> Top

You Do Have To Add A Second "CNAME"

We're seeing evidence of confusion, in Blogger Help Forums, from blog owners who read the out of date instructions, about using "Buy a domain".

We see considerable confusion, where people using that feature insist that they don't have to add a "CNAME". In other cases, people using the Blogger / GoDaddy DNS Configuration wizard will think that the second "CNAME" is being added for them.

(Update 2013/09): The second "CNAME" won't be required, in all cases. If you don't see instructions for adding a second "CNAME", focus your efforts on getting the domain working, with righteous base DNS addresses,

Right now, everybody has to add their own domain ownership verification token - aka the second "CNAME".

We're hoping that the (currently offline) "Buy a domain" wizard will automatically add the domain ownership verification - just as it adds the other DNS addresses - but we'll see that, when we see it. The Blogger / GoDaddy wizard should, likewise, take care of this, on your behalf - but right now, it doesn't. The bottom line? If you go to the Publishing wizard, and see
Error 12
or a variant, after typing the domain URL into "Advanced settings", better get busy.

What not all blog owners realise is that the new "CNAME" must be just that. Blogger is not being arbitrary, or pedantic, in requiring precision.
  • It must be a "CNAME". A "TXT" will not work.
  • The "Name" value must be specified precisely as supplied (Plus or minus the trailing period!).
  • The "Destination" value must be specified precisely as supplied (Plus or minus the trailing period!).
You cannot fly by the seat of your pants, and try what seems like it might work, as a "substitute". Webmaster Tools provides a blog ownership verification process - which may, or may not help.

If the registrar for your domain does not allow the addition of this "CNAME", you will need to setup a third party DNS host for your domain. You do have to add this second "CNAME" - even if this may conflict with older Blogger Help instructions.

>> Top

The New "CNAME" Needs To Be Added, And Used, Promptly

One oddity, observed by a few blog owners, is that even after adding the "CNAME" to verify domain ownership, not every blog owner is able to see theirs successfully verified.
I added both "CNAME"s - and I'm still getting "Error 12" when I try to publish.
There are several "common sense" rules, that not everybody observes.
  1. The new "CNAME" can't use the example values.
  2. The new "CNAME" has to be a "CNAME". Don't let your registrar add a "TXT" instead.
  3. The new "CNAME" has to be specific to the URL in question. Enter your published URL precisely, into "Advanced settings".
  4. The new "CNAME" has to be added with attention to domain manager address entry convention.
Even with these rules observed, there are still a small handful of unsuccessful blog owners, seeing "Error 12" - or "Error 32".

One of the possible reasons for these last few hold outs, I believe, relates to timing.

Let's consider the "CNAME" setup process.
  1. Get the "Name" / "Label" / "Host" and "Destination" / "Target" / "Points To" values, for your unique blog / domain.
  2. Add the new "CNAME" to your domain.
  3. Publish the blog to the domain URL.


In the "settings instructions" document, How do I use a custom domain name for my blog?, we are instructed to
wait about an hour for your DNS settings to activate
In various other instructions, you will typically see
Wait for up to a day, for settings to be updated
or similar miscellaneous waiting instructions.

Besides the waiting factor, there's a "negative waiting" factor. Several blog owners have observed that the "Name" / "Label" / "Host" and "Destination" / "Target" / "Points To" values, for their unique blog / domain, seems to change, from day to day. This tells me that the ownership verification "certificate" (which is what the "Name" / "Label" / "Host" and "Destination" / "Target" / "Points To" values provide), like most security certificates, has a limited use period.

If you get the certificate in Step #1 above, you have to use the certificate in Step #3 reasonably promptly after doing so. If the certificate for your domain expires within a 24 hour period, then you have, at most, 24 hours between Steps #1 and #3. In other words, you get 24 hours to re publish your domain - after you add the new "CNAME" - and that's including the period that you
wait about an hour for your DNS settings to activate
It's alternatively possible that the expiry is based on an arbitrary time of day - not 24 hours after being issued.

Whatever the nature of the expiry (absolute and arbitrary - or relative to time of issuance) the existence of an expiry time is normal, for a well designed security certificate. By giving the certificate a temporary lifetime, it becomes less useful to would be hijackers and similar miscreants.

So, you may not really benefit from waiting a day to re publish your domain - unless you like seeing "Error 12" (possibly "Error 32"), repeatedly, when you try to publish. Personally, I would wait an hour at the most, after Step #2, before trying Step #3. I would then retry Step #3 hourly, until successful. If you have more patience than I, fine.

>> Top

What Is This New "CNAME", Anyway?

Ever since Blogger finally restored the custom domain publishing feature, blog owners have been asking about the addition to the domain setup process - the new "CNAME".
Do I really need this? My old blogs don't have it, and they are fine.
and
My registrar won't let me add a second "CNAME" - they allow one "CNAME" / domain (my "www").
and
My registrar won't allow long addresses, such as what you have for "Destination" / "Target" / "Points To".
And we are learning that this requirement is going to be a problem for blog owners using some registrars, who can't provide this "CNAME" in their customers domains.

In technical terms, the new "CNAME" is an ownership certificate, provided in a one way encryption.

If you have WiFi in your home (likely) - and are using encryption (hopefully), you have a similar one way encrypted certificate - the WPA / WPA2 key / passphrase. For an allegorical (easy to read) discussion about certificate encryption, see Designing an Authentication System.

Only the blog / domain owner know the values and can install the certificate.

Only you, the blog owner (and anybody who you trust, on your behalf), are able to install the certificate for your domain, into your domain DNS addresses. Only you have access to both

  • The Blogger dashboard Publishing wizard.
  • The zone editor wizard provided by the registrar.

This helps Blogger help you keep your domain under your control - as long as you pay the yearly registration fee for your domain.

The certificate contains 3 unique values.

The domain ownership certificate has 3 keys.

  1. A private key, which Blogger appears to change regularly (some say daily) - and one which they control.
  2. The BlogSpot URL.
  3. The domain URL (entered in "Advanced settings").


It has two significant values.

  1. "Name" / "Label" / "Host". This is now known as the "short token".
  2. "Destination" / "Target" / "Points To". This is now known as the "long token".

Note the three labels used to identify each "value" - which reflect the diversity of the registrars which may provide DNS hosting for our domains (when they are able to fulfill our specific needs). When you look at the Domain Manager wizard for your domain, you may see any of the three (possibly, others) used - as there is no authoritative label for these two DNS address components.

Compare the two "CNAME"s, in structure and value.

Let's look at the two "CNAME"s, together, so you can compare the similar structure. Note the need to get the syntax, which can vary by registrar, absolutely correct.

This is the first "CNAME" - the "www" alias DNS address. This "CNAME" is identical for all Blogger blogs, using the asymmetrical DNS address convention.

  1. "Name" / "Label" / "Host". www
  2. "Destination" / "Target" / "Points To". ghs.google.com

This is the second "CNAME" - the domain ownership certificate. This "CNAME" will vary, for each different domain. Here we see the original example (which has since changed).

  1. The "short token". vptre6sub6jm
  2. The "long token". gv-g47p6dir6kfenz.dv.googlehosted.com


See the final period, at the end of the "Destination" / "Target" / "Points To" address, below? It's not in the example, above. Be very careful here, some registrar's will automatically insert the "." for you - and if you insert it also, you'll have a problem. Other registrars will need you to add it - and if omitted, you'll have a problem. Regardless, its presence, in the final product, is essential.

gv-g47p6dir6kfenz.dv.googlehosted.com.

You can verify specific certificate values.

If you know the value for the short token, you can Dig and extract the long token - when the second "CNAME" is properly setup.

Once you provide the above examples to the Domain Manager, the following two DNS addresses are generated and added to the domain server. The "3600" represents the TTL, a setting provided by the registrar. The "IN" is part of the Dig log extract syntax.

www.mydomain.com. 3600 IN CNAME ghs.google.com.
and
vptre6sub6jm.mydomain.com. 3600 IN CNAME gv-g47p6dir6kfenz.dv.googlehosted.com.
Both "CNAME"s point to specific Google servers. The second "CNAME" is only slightly obscure. Both "CNAME"s are essential (when required - but only when required).

  1. The first lets you, and your readers, view your blog.
  2. The second lets Google verify that you own the domain, and you should be allowed to publish your blog to the domain URL.

Nobody but you, the blog owner, will ever know the values of the tokens. Nobody but you, the domain owner, can install that "CNAME" into the domain DNS addresses. If DNS resolution of the short token address points back to the right Google server, then you, the owner of the blog, and the owner of the domain are verified as the same person. And the ownership certificate is "decrypted", using DNS name resolution.

  • Short token. vptre6sub6jm
  • Long token. gv-g47p6dir6kfenz.dv.googlehosted.com

Some certificate values are temporary.

Since the private Blogger key changes regularly, if anybody learns what tokens you used, in the short 3 step domain verification process, the values will have likely changed, and their time will have been wasted. Your blog and domain remain your blog and domain.

So, do the necessary. Blogger provides instructions, specific for 7 known registrars - and a general purpose instruction for others, in Google Help: Create a CNAME record for my custom domain. If their instructions conflict too much with your reality, try setting up third party DNS hosting.

  1. Get the short token and long token values, for your unique blog / domain.
  2. Add the new "CNAME" to your domain.
  3. Publish the blog to the domain URL.

That's it (subject to observed timing issues). You are now done with the domain ownership verification process, and with these encrypted values. Start planning the migration - this will happen faster than you think. And it is your responsibility, to get this done.

Custom Domain Setup Now Lacks The "Buy a Domain" Wizard

As we sift through the wreckage of the blogs damaged by the recent Blogger custom domain security issue, we note a significant omission. The "Buy a Domain For Your Blog" wizard is conspicuous in its absence.
When I click on the Settings - Publishing options, I don't even have the option to check availability or purchase a domain name. Where is the "Buy a domain" display?
Right now, it appears that "Buy a domain" was sacrificed, so that the general custom domain publishing feature could be restored more promptly (though not promptly enough, for many blog owners). There are several tasks that must be completed by "Buy a domain", which are complex - and the necessary coding simply could not be completed by Tuesday of this week. I saw one message of hope.
We will be restoring the ability to purchase a custom domain from Blogger soon.
We'll simply have to have faith, that they are working on this feature as we lament its current absence - and that its absence is brief..

In the mean time, some wanta be domain owners have found a domain purchase wizard provided by Google Apps - though that's not "Buy a domain". Google Apps has two different wizards providing domain purchase options, each with a widely different address and Top Level Domain menus.

(Update 2012/10/09): "Buy a domain for your blog" is once again part of the Publishing wizard.

>> Top

Hacking News & Cyber Updates: 20th Sept 7 PM

Cybercrime on the rise in Bangladesh
Khabar South Asia
In February of this year, a cyber war broke out between hackers
in Bangladesh and India, resulting in the temporary disruption of
some important websites in both countries including the prime
minister's office in Bangladesh. The logo of the Bangladesh ...
See all stories on this topic »
Computer programmer charged with hacking Toyota website,
causing crash of ...

The Republic
A computer programmer from central Kentucky who once did
contract work for Toyota has been charged with hacking into
and damaging computers used by the automobile maker. The
FBI filed a federal criminal complaint against Ibrahimshah
Shahulhameed ...
See all stories on this topic »
POS Hacking Exposes Security Holes
NACS Online
PRINCETON, NJ – Details revealed in court following the
apprehension of two hackers who hit point-of-sale devices at
100 shops and retailers expose POS security vulnerabilities,
Bank Info Security reports. The attacks compromised
Internet-connected POS ...
See all stories on this topic »
Beware: Tony Baez's e-mail hacked
Milwaukee Journal Sentinel (blog)
But he's in Puerto Rico and his e mail was hacked, said Aldira
Aldape, his executive assistant. She said he's sending out
messages to ignore the bogus e mail. In the fake e mail the
writer claims "we were attacked by four armed robbers on our way back ...
See all stories on this topic »
Japanese government sites allegedly hacked by the Chinese
The Next Web
The Chinese-Japanese islands clash has taken a new turn;
an online war may have just erupted. Japan appears to be the
 victim, but that's just assuming the country's Internet elite
doesn't decide to hit back. At least 19 Japanese websites, including ...
See all stories on this topic »
Windows Secrets Newsletter website hacked
Ghacks Technology News
It recently became known that the Windows Secrets Newsletter
website got hacked. The attacker managed to brute force an
administrator account to gain access to the site. Using the
account, the hacker planted malicious code on the site to get access to...
See all stories on this topic »

Hackers leak passwords from popular private torrent
\tracker

Afterdawn.com
"RevTT is hacked by Afghanistan Hackers!!!" The torrent tracker
 was founded 6 years ago and is one of the larger private trackers.
Private trackers require registration for access, usually via invites
from other established users. Site staff as less ...
See all stories on this topic »

We need 400000 skilled people to address cyber security:
Gulshan Rai

Business Standard
We track sites that are hacked and try to get in touch with all
the parties that report to us. According to our mandate we try to
 help them, study the logs, look into the vulnerabilities that have
been exploited and consider what needs to be done. We ...
See all stories on this topic »Android Hacked via NFC on the Samsung Galaxy S 3
By Emil Protalinski
Security researchers participating in the Mobile Pwn2Own contest
at the EuSecWest Conference in Amsterdam today demonstrated
how to hack Android through Near Field Communication (NFC).
The 0day exploit was developed by four ...
The Next Web
iPhone 4S hacked to gain unauthorized access to photos
and ...

By Jake Smith
Two clever minds during a Pwn2Own contest were able to hack
a fully patched iPhone 4S to gain a slew of information from the
device, reported ZdNet. The hackers, Joost Pol and Daan Keuper,
 were able to find vulnerability in WebKit that ...
9to5Mac
iPhone 4S hacked at Pwn2Own thanks to Safari flaw –
Cell Phones ...

By Ryan Whitwam
Even the iPhone is not invulnerable to security flaws.
Geek.com
2NE1′s CL hacked Dara's Twitter?
By elliefilet
Fans and netizens commented, “I was shocked because I thought
Dara's Twitter was hacked only two days after she made it”, “I was
worried you were really hacked”, “It's so cute that Park Bom looked
at all the mentions”, and “It's funny ...
allkpop

The New GUI Is Here

Several people are reporting seeing the New Blogger GUI in their dashboard - even when they did not intentionally upgrade. Possibly, this was forced by the necessary Custom Domain Authentication Feature, which is now operational - on the New GUI only.

I am expecting my Blogger account to change, soon. Let's see if I get a "Your blog post published successfully!" display. So far, I am in Virginia - though I am thinking of a procedural workaround for that shortcoming. I realise that everybody won't have a workaround for their dislikes - though we have to be contemplative, and accept the changes.

If you wish to make your feelings known, please post in the latest Problem Rollup: V4 I do not like the New Blogger Interface because ...

>> Top

How To Hide Your Digital Identity Online - The Last Hope


Eat yourself up before someone else eats you. Proving this adage right we have done this rough research on being anonymous online. I doubt anyone can be more silent than this. Read out to find out. If you still get knocked then hard luck.
Feedback Appreciated!!!






How To Be Anonymous Online

Download Link [SLIDES] :
How To Hide Your Digital Identity Online

Download Link [PAPER] :

http://www.docstoc.com/docs/130377721/How-To-Hide-Your-Digital-Identity-Onlin

Contact :
Facebook - https://www.facebook.com/h4nDs0m3.dEviL
Twitter - @chintan_gurjar



Custom Domain Publishing Is Back - And With A New Detail

After a very stressful week, Blogger Engineering has restored the custom domain publishing option.
Last week we encountered an issue that could affect Blogger users in the process of configuring a custom domain, during the verification of ownership of domains between the provider and Blogger. Blogs with previously configured custom domains were not affected.

With the reason for disabling custom domain publishing being security, Blogger Engineering has added a step in the publishing process, to add a random token as a "CNAME", and verify your right to publish to your domain, from Blogger. You get the random token from the "settings instructions" document, "How do I use a custom domain name for my blog?".

See the URL of this (hypothetical) settings instructions document?

http://www.blogger.com/custom-domain-instructions.g?cnameVerificationToken=VPTRE6SUB6JM+gv-G47P6DIR6KFENZUFIFYWSQJJPDYFZK4SQMUUIUFLYLCQD4OIGDFA.domainverify.googlehosted.com.&domain=www.hotspotshield.com

This is an example. If you're registering a domain other than "www.hotspotshield.com", you're going to have a different token - which should be a function of the BlogSpot and domain URLs. You'll also note another case sensitivity issue - "www.hotspotshield.com" and "www.HotSpotShield.com" will produce completely different tokens.
Now, it's an out of date example.
http://www.blogger.com/custom-domain-instructions.g?cnameVerificationToken=GKBPLXBRMT5M+gv-H5FFOYEKYNXE46EE4A3PLAK6HCDIELS27KQUR5OBKHFKXRKMCTDA.domainverify.googlehosted.com.&domain=www.hotspotshield.com
That's what you get, for "www.hotspotshield.com", today. We'll check again, tomorrow. Also, we need to know when "today" ends.

If you buy a domain using "Buy a domain" after today, Google Apps should setup the domain for you - including the second "CNAME". If you bought the domain directly from a registrar, you're going to have to click on "settings instructions", and get the token for your domain. Note that a "CNAME" is required - a "TXT" won't provide the same verification. Also note the various registrar entry conventions, which will affect your use of their domain manager forms.

We are learning a lot of details about the domain verification process, some of which were known in custom domain setup in general - and which are absolutely critical to the process. You will want to read the [FAQ] Why is my domain still in "12" / "404" State?, to get all of the details. The FAQ has been updated several times, so re read it often..

This will, hopefully, provide a solution for the Abandoned Domains problem, and allow everybody to publish to their domain, regardless of whether the domain was previously used for Blogger / Google custom domain publishing by another blog.

On the other hand, if you purchased your domain using "Buy a domain", and you ever need to recycle the publishing settings, you're probably going to have to add this new "CNAME" to your domain, before you can re publish. This will possibly include everybody who purchased their domain, before the Publishing option was disabled - if the domain is not operational right now - and possibly, blog owners who need to un delete a domain published blog.

>> Top

Pocket TV Is a Mini Android Computer in an HDMI Dongle

Pocket TV Is a Mini Android Computer in an HDMI Dongle

Introduction

Over a billion people have access to the internet and use it on a regular basis. In such a scenario, it is inconceivable that any new technology or gadget could go unnoticed and not receive much attention. While it hasn’t gone unnoticed, the Pocket TV has surely not picked up as much heat as is expected of a major technological development. Developed by a startup company using crowdsourcing, Pocket TV has the potential to be the next breakthrough in modern consumer gadgetry.

It is quite surprising that the people paid nearly $100,000 of their own money to fund the creation and development of the gadget, yet many people are still unaware. The device is still in the testing phase and it will be some time before it is launched in the market for the general public. Till then, consumers have the option to buy the test version which is available for around $100. All of the features are included but the version still lacks the finishing touches of a completed product.

What’s It All About?

Surely the information available about Pocket TV is enough to arouse interest in the consumers. Yet, until the date it is launched, there is anticipation about how the makers plan to promote it. So, what does Pocket TV do?

By the looks of it, it sounds like it is a gadget that enables you to watch TV on pocket sized gadgets. Well it is not. If you were thinking it was, you couldn’t be more wrong. In fact, it is quite the contrary. The device has the ability to transform your ordinary TV into a smart TV, while enabling you to operate it like an Android device. Sounds too good to be true, doesn’t it? It may sound fantastical but it has been made and soon you will be hearing all about it.

You might still be apprehensive about installing the device in your television. After all, the Dish Latino Dos channel is very popular and people love watching their favorite shows on the big screen. That being said, regardless of the fact that the Dish Latino Dos channel is very popular, it does not enable you to use Smart TV on your television set.

Basically, Pocket TV is a dongle that connects to the HDMI port of your television set. All of the modern television sets have an HDMI port so that shouldn’t be much of a problem for you. Some people are put off by the fact that a mere dongle is offering them such great entertainment options. That is the reason why everyone who has used Pocket TV is so enthusiastic about its prospects. It is a great offer for you in a small package.

The dongle connects to your television and the Android environment begins loading on the screen. You can then begin accessing all the features and functions that have made Android devices a raging success over the past few years. But how is that possible?

Thanks to the geniuses working at Infinitec, the company that has developed Pocket TV, you get to use the Android operating system 4.0 out of a dongle. It isn’t a mere dongle. It is a full-fledged computer with a 1 GHz processor inside it. Ever heard of such a dongle? Bet you didn’t!

All of this adds to the fact that you can enjoy all of the features that people normally associate with smartphones and computers. You can browse the web, download content, stream videos, use social media websites and listen to music all on your television set. If you thought your TV was outdated and you need an upgrade, think again. All you need to do is buy the Pocket TV dongle and your TV will be transformed into a smart TV within minutes.

Conclusion

Without a doubt, the Pocket TV is the most exciting development in the tech industry over the past couple of years which hasn’t come from an industry giant. The mere fact that it has been designed, developed and created by a startup speaks volumes of the industry’s growth since the turn of the millennium. So, just wait patiently for the launch of the gadget and buy it as soon as you possibly can.

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code