Nepali youth discovered Instagram's 'bug'

A 21-year-old Nepali youth discovered Instagram's 'bug' and won a $ 6,000 prize

Cyber ​​security researcher Saugat Pokharel has discovered a bug (security vulnerability) on Instagram. The 21-year-old discovered on Instagram that the user's deleted photo and direct message had long been on the company's server.

According to Europe's new data policy, in 2018, Instagram provided users with the facility to download their data. Taking advantage of the facility, Saugat downloaded his data. The downloaded data also included a photo he had deleted a year earlier and a direct message.

According to Instagram's policy, if a user deletes a photo or direct message, the deleted message and photo must be removed within 90 days. This means that the company's servers do not have such data.

However, in the data downloaded by Saugat, a photo older than 90 days is still on the server and that photo was also downloaded.

"The data that I deleted a long time ago has not been deleted by Instagram from its servers," he told TechCrunch. The bug was fixed last month. '

"Investigators have long reported that even deleted data stays on the server and that the information is downloaded when the data is downloaded," an Instagram spokesperson said. "The problem has now been resolved." There is no misuse of such data. '

Following the discovery of the bug, Instagram offered a reward of 6,000 US dollars, or 720,000 Nepali rupees.

child addicted to the Internet

Is your child addicted to the Internet? Do this to get rid of it.

All schools and colleges are closed due to Kovid-19. As a result, many children and adolescents have become lazy, spending hours every day on mobile phones, tablets, laptops, and TVs. If your children have such a diary every day, it will definitely bring sad consequences to the family.

Of course, in the modern age, giving children access to technology cannot be considered otherwise. But with the extreme misuse of technology, young children are beginning to have a detrimental effect on the brain. So don't leave the internet open to make children happy. Remember how long your kids have been online?

Which sites do they open the most? How much time are you spending chatting on social networks including Facebook? What kind of people is coming in contact with them? Now is the time to be alert to these things.

On the other hand, are you sure that your children are looking for study materials on the Internet? Do you know if their eyes are on pornography? If we are not aware of this in time, children can get into trouble and even become addicted.

On the other hand, parents are relieved when children forget about gadgets. But such online games are becoming a kind of addiction in children. They keep thinking about the game at other times.

If they do not interact with family and society and do not get to play, they show unnatural activities that make them angry and irritable. It has been found to have a negative effect on reading and other personality development as watching the game makes one feel sad and frustrated that there has been a great loss. In such cases, parents can do the following to protect their children from Internet addiction.

View and monitor what children do online and what sites they use.

Make rules for using the Internet.

Use only when there are parents or set certain criteria.

Teach to maintain your privacy.

Make a place for children to use the internet around their eyes.

Child lock so that pornographic sites and any sites that affect children are not opened in search engines.

Provide training on the disadvantages of social media.

Prohibit posting and commenting on bad pictures.

Sitting together reading various messages etc.

Closer observation.

safe banking system

How to keep the banking system safe?

 The security of the banking and financial system has been debated from time to time. But the truth is that there is still a tendency to be sensitive to security only when big banking frauds occur and to ignore small incidents.

More cyber attacks or attempts are being made in the financial sector. But such incidents are rarely public. Banks do not disclose such incidents on the grounds that their reputation, prestige and distrust in the service recipients will decrease.

In some cases, even looting crores of rupees, banks consider 'hiding privacy' as a solution. Hackers have started targeting ATM switches or servers. Although they have come to the realm of investing in security in recent times, they do not seem to be ready to avoid the danger in time.

It is a fact that some banks and financial institutions are not even following the instructions given by the National Bank to adopt the security system. The concerned institutions need to be serious to keep the banking system safe.

How to keep the banking system safe?

The network and system related to the card should be supervised regularly.

Arrangements should be made to audit the information system related to the card annually.

Arrangements should be made to conduct Vulnerability Assessment and Penetration Testing (VAPT) of the card related system on a semi-annual basis.

Arrangements should be made to conduct quarterly risk assessment of the card related system and discuss it in the risk management committee of the concerned bank.

Arrangements should be made for regular centralized monitoring of ATMs connected to ATM amnesty. In addition, arrangements should be made to conduct such monitoring regularly even on Saturdays and other holidays.

Licensed financial service providers should arrange for cyber security insurance to minimize potential losses from cyber security risks.

In order to control the transaction limit through card, all banks and financial institutions should take the service of determining the transaction limit from Visa, MasterCard and other payment system operators.

Banks and financial institutions and PSO-PSPs should make arrangements to secure important infrastructure of information technology system using privilege access management.

Banks operating in compliance with Payment Card Industry and Data Security Standards (PCI-DSS) and operating ATM switches should make arrangements to audit PCI DSS annually.

'Master Mind' - hacking Twitter!

 17-year-old 'Master Mind' shocks the world by hacking Twitter!

U.S. prosecutors on Saturday charged three people with involvement in a recent Twitter hacking case. The timetable of the hack has also been made public in a court document issued by the Ministry of Justice.

The document also details how US investigators tracked down the suspected hackers. According to court documents, the entire hacking activity started on May 3.

A teenage clerk from Tampa, Florida (who had been living in California) gained access to a portion of Twitter's network on May 3.

But what happened between May 3 and July 15 is still unclear. However, Clark initially failed to gain access to the Twitter admin tool used to kill the account.

But on the second day of the Twitter hack, according to the New York Times, Clerk initially had access to Twitter's internal slack workspace, not Twitter.

New York Times reporters quoted a hacker community source as saying that the hacker had found the login details of a Twitter tech support tool. From there, he broke into a slack channel of the company.

On the day of the hack, a picture of the tool, which controls all Twitter accounts, was leaked online by Twitter employees. However, the login details of the tool were not enough to access the back end of Twitter.

According to Twitter's blog post, Twitter's administrative back-end is protected by two-factor authentication. How long it took the clerk to do all this work is still unclear.

But according to Twitter researchers, the hacker used a "phone spare phishing attack" to trick Twitter employees into accessing their accounts and break two-factor authentication.

All of this happened on July 15. It was the same day that the company that hacked Twitter made it public.

Shortly afterwards, the clerk, who reached out to OG Users' Discard Channel from Kirk # 5270 ID, talked to two people and asked for help in monetizing Twitter's access, according to an FBI chat.

OG Users Discard Channel is a special forum where hackers buy and sell social media accounts. Through the channel, the clerk claimed that Fazeli (22 years old) who used Rolex # 037 ID and Separd (19 years old) who used Angius # 0001 ID were Twitter employees.

He asserted that his confession had been obtained through torture, and that his confession had been obtained through torture.

The clerk also sold access to various short-form Twitter accounts to Separd. 

The clerk thus reassured both of them about their access level. The trio then agreed to post an ad to promote the clerk's ability to hack Twitter accounts on the OGUser Forum.

Many people are believed to have bought access to their Twitter accounts after the ads were posted. A record message posted on YouTube by a U.S. Attorney's Office official states that investigators are monitoring several users involved in the hack.

 One of the three parties had posted a cryptocurrency scam message on July 15 by purchasing access to the celebrity's authentic Twitter account.

Such messages were seen on the accounts of celebrities including Barack Obama, Joy Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, Floyd Mayweather.

In which users were requested to send Bitcoin to different addresses. According to court documents, 12.83 bitcoins, or about १७ 117,000, were found in the hacker's operating wallet in the scam.

In the course of the investigation, the cryptocurrency exchange company Coinbase intervened in the matter and stopped trading at the scam address on the day of the hack. In the end, the मर 280,000 that went into the scammers' accounts was saved.

By then, the subject was known to be hacked. Twitter staff blocked the clerk from tweeting on his official Twitter account.

According to the investigation, the clerk had access to Twitter's admin tool and communicated with 130 accounts. In 45 of them he had reset the password and in 36 he had access to secret messages.

On the second day of the hack, Twitter went to the administration and filed a criminal complaint against the hack. The FBI and the Secret Service then launched an investigation.

According to court documents, the FBI obtained users' details and chat logs from Discord using data and news shared on social media.

The FBI used a copy of the OG user's forum database, which was leaked last April, as some hacker ads were also posted on OG users. The database contained details of users registered in the forum, including email and IP addresses, as well as personal messages.

The FBI was collecting data from Coinbase with the help of the Internal Revenue Service and the address of Bitcoin where the hackers were involved. After studying the data from these sources, the FBI was able to track the identities of the hackers in all three directions. It was linked to email and IP address.

For example, the FBI tracked down Fazelli after he linked his discarded username to an OGUser. This was an operational security upset mistake of Fazeli.

Similarly, Fazeli also made many mistakes in hiding his identity. Initially, he used the address [email protected] to register on the OG Users Forum, but later he used the address [email protected] to hack a Twitter account called Foreign.

He used the same two email addresses in his Coinbase account. Which was later certified by his driver's license.

In addition, Fazeli used a home connection to access all three sites. The three services Discard, Coinbase and OG user's connection log showed his home IP address.

Another person, Separd, had a similar weakness. He had infiltrated the OG user with an ID named Cheiwan. According to investigators, on the day of the hack, Separd was able to access his discarded account with the help of an advertisement posted on the OG user's site.

After that, the researchers got the confirmation from the leaked database of OG user. There, Cheyenne was buying video games from a Bitcoin username, and fortunately on the day Twitter was hacked, Separd was connected to the same address.

Like Faizelli, Separd also uses the actual driver's license to manage the accounts at Coinbase to authenticate his various accounts. However, the FBI has not linked the clerk to the Kirk hashtag 5270 Discarded User.

But according to details released by various US government sources on Saturday, Clark appears to be the man. Hillsburg State Attorney Andrew Warren claimed that the 17-year-old Tampa teen clerk who was arrested on Saturday was the mastermind of the hack.

In a press release issued from the northern district of California, the administration told the state attorney that the clerk was a juvenile. The hacker, who was arrested by Florida, revealed his name was Graham Evan Clerk.