Flickr gets a redesign, offers 1TB of free space to everyone, updates Android app

Flickr has gone through a major redesign that completely changes the look of the homepage and your photostream. Your homepage now has large photos from your friends as well as from other Flickr users that you can like and share without even having to open the image.

Your photostream also has received a major upgrade. You now have a large cover image up top and your photos span the entire width of the screen in a tiled pattern. Open an image and it takes up a major portion of the screen and the image information is placed below while giving more prominence to the image, the way it should be. There is also a beautiful new slideshow mode.

The new Flickr really comes to life with large, high resolution images. Which is why you will be glad to know that Flickr is now providing 1TB of free space to everyone so you don’t have to worry about running out of space and can upload your images in full resolution. The previous concept of regular and pro accounts doesn’t exist anymore. Everybody gets all the features but if you want to get rid of the ads you have to pay $49.99 per year. If you want to double your storage space to 2TB, then it is $499.99 per year.

Lastly, Flickr has also released a new app for Android. The app has also undergone a major redesign and now looks even better than the iOS app that was released last year. Unlike the iOS app, the Android app hides all the buttons in a neat drawer on the left side of the screen letting the photos take over the majority of your screen. You can choose to display photos from your contacts, groups or explore photos from other users. The app does a wonderful job of spreading images across the screen with minimal space in between.

Thanks to the new UI redesign and increased storage, Flickr has once again become a viable option for new users to upload their images. The beautiful new app also makes accessing and uploading photos on the move feel a lot better.

Large-scale Indian Cyber Attack on Pakistan for Intelligence Gathering Gets Uncovered

Part of a PDF decoy from one of the malicious installers (md5 06e80767048f3edefc2dea301924346c).

In a shocking development, a large scale cyber attack at Pakistan – aimed at gathering military scale, government and corporate data – emanating from India has been uncovered by Norman, a global security leader in malware analysis for enterprises.

Norman Securities, based out of Oslo, Norway, in its report titled “Unveiling an Indian Cyber-attack Infrastructure”, said that Indian cyber attack aimed at Pakistan and other countries could be as old as three years or close to four years.

Report said that this large and sophisticated cyber-attack infrastructure, dubbed as Operation Hangover, originated from India and is aimed at collecting military-scale data, government information and corporate data.

Norman said that primary purpose of the global command-and-control network – used in the attack – appears to be intelligence gathering from a combination of national security targets and private sector companies.

“The data we have appears to indicate that a group of attackers based in India may have employed multiple developers tasked with delivering specific malware,” commented Snorre Fagerland, head of research for Norman Shark labs in Oslo, Norway.

“The organization appears to have the resources and the relationships in India to make surveillance attacks possible anywhere in the world. What is surprising is the extreme diversity of the sectors targeted, including natural resources, telecommunications, law, food and restaurants, and manufacturing. It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes—which makes this of considerable concern.”

The investigation revealed evidence of professional project management practices used to design frameworks, modules, and subcomponents. It seems that individual malware authors were assigned certain tasks, and components were “outsourced” to what appear to be freelance programmers. “Something like this has never been documented before,” Fagerland added.

The discovery is currently under investigation by national and international authorities.

Norman said that tips on discovery of Indian Cyber Attack were first hinted when Telenor registered a complaint with Norwegian police for illegal computer intrusion into its computers.

Report said that major method for infecting computers included injecting a word file embedded with malware code. Upon opening the file, the malware code gets executed and infects the computer.

It merits mentioning here that China and USA have been using such techniques in past to gather intelligence from various countries. STUXNET and Flame were two such American-developed viruses to infect Iranian nuclear program and to gather intelligence from Middle Eastern countries.

More details on Indian cyber attack are given below:

Cyberattack Objectives

The primary purpose of this long-running, global command-and-control net-work appears to be surveillance against national security interests, said Norman. Private-sector industrial espionage in fields as diverse as natural resources, telecommunications, law, food & restaurants, and manufacturing is likely a secondary purpose of this network.

Target Selection

Based on analysis of IP addresses collected from criminal data stores discovered during the investigation, it appears that potential victims have been targeted in over a dozen countries, most heavily represented by Pakistan, Iran, and the United States. Targets include government, military, and civilian organizations

Highly-Targeted Social Engineering Tactics

Spear phishing to carefully-selected target individuals was the primary attack vector identified in the investigation. The attackers went to great lengths to make the social engineering aspects of the attack appear as credible and applicable as possible.

In many cases, decoy files and websites were used, specifically geared to the particular sensibilities of regional targets including cultural and religious subject matter. Victims would click on what appeared to be an interesting document, and begin the long-running infection cycle.

Exploit Tools and Techniques

Despite all of the recent media attention on so-called “zero-day” exploits en-compassing brand new, never-before-seen attack methods, Operation Hangover appears to have relied exclusively upon well-known, previously identified vul-nerabilities in Java, Word documents, and web browsers.

Major methods include documents infected with malicious code, along with direction to malicious websites with names deliberately similar to legitimate government, entertainment, security related, and commercial sites. Often the user would be presented with a legitimate document or software download they were expecting to see, along with an unseen malicious download.

Infrastructure Development

Operation Hangover utilizes a very extensive and sophisticated command-and-control infrastructure, likely developed over many months or years by numerous developers. Norman said that its investigation revealed evidence of professional project management practices used to design frameworks, modules, and sub-components. Individual malware authors were assigned certain tasks, and components were “outsourced” to what appear to be freelance programmers.

Attribution of Responsibility

In recent months, much focus has been on China – including both state-sponsored and individual actors – but Operation Hangover contains notable hallmarks of originating exclusively in India. Norman said that it is naming India with very high degree of confidence based on extensive analysis of IP addresses, web-site domain registrations, and text-based identifiers contained within the malicious code itself.

All indications point to private syndicates of threat actors following their own motivations, with no direct evidence of state-sponsorship by the Indian government or by any other nation.

Complete report by Norman uncovering Indian Cyber Attacks can be viewed here.