Awesome Hackers: 2015

Tuesday 22 December 2015

How to Turn Any Non-Touch Screen PC Into a Touch Screen

Want to buy a touch-screen laptop but couldn’t afford it?

But what if I told you that you can turn your existing non-touch-screen laptop into a Touch Screen laptop?

Yes, it’s possible. You can now convert your laptop or PC into a touch screen with the help of a new device called AirBar.

Touch screen has become a popular feature on laptops these days, and many laptops are moving toward having touch screens, but not every laptop or desktop model comes with the feature.

Swedish company Neonode has brought to you a new device, AirBar, that would bring the touch technology to virtually any computer from your non-touch laptops to notebooks.

What is AirBar and How does it Work?

AirBar is a small plug-and-touch bar that attaches magnetically to the bottom of your machine’s display.

When connected to your laptop via an available USB port, AirBar starts emitting a beam of invisible light across your screen that is used to track touchscreen movements and gestures.

The movements and gestures are then translated into corresponding inputs, making you able to use all the gestures including poking, pinching, swiping, zooming and scrolling around with your hand, in the same way, like on a touchscreen PC.

Video Demonstration

AirBar turns any laptop, computer, or notebook into a touchscreen machine, without making any changes to its hardware.

You can watch the video below to know how really AirBar works.

And What’s Great about AirBar is that…

…it even works if you have worn gloves, and with any other object.

AirBar works well with any device running Windows 8 or Windows 10 or even with a Chromebook, but it still needs to have proper OS X support.

The AirBar is going to retail for $49 next month with its public launch in January 2016 at the CES event in Las Vegas. 15.6-inch screens size at present. Currently, the only size that AirBar accommodates is 15.6-inch screens.

How to Crash Your Friends’ WhatsApp Just By Sending Crazy Smileys

What would require crashing the wildly popular WhatsApp messaging application?

Nearly 4000 Smileys.

Yes, you can crash your friends’ WhatsApp, both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys.

Indrajeet Bhuyan, an independent researcher, has reported a new bug in WhatsApp that could allow anyone to remotely crash most popular messaging app just by sending nearly 4000 emojis to the target user, thereby affecting up to 1 Billion users.

Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words (2kb in size) message in the special character set to remotely crash Whatsapp messenger app.

After this discovery, the company patched the bug by setting up the limits of characters in WhatsApp text messages, but unfortunately, it failed to set up limits for smileys send via WhatsApp.

“In WhatsApp Web, Whatsapp allows 65500-6600 characters, but after typing about 4200-4400 smiley browser starts to slow down,” Bhuyan wrote in his blog post. “But since the limit is not yet reached so WhatsApp allows to go on inserting…when it receives it overflows the buffer and it crashes.”

The recent bug tested on Android devices by multiple brands and successfully crashed:

WhatsApp for Android devices including Marshmallow, Lollipop and Kitkat
WhatsApp Web for Chrome, Opera and Firefox web browsers.

It is sure that the latest version of WhatsApp is affected by this bug

Video Demonstration

You can also watch the Proof-of-Concept (PoC) video that shows the attack in work.

How to Protect Yourself

Bhuyan told hat he had reported the WhatsApp crash bug to Facebook. However, before the company patches the issue, there is a simple way out.

If you become a victim of such message on WhatsApp, just open your messenger and delete the whole conversation with the sender.However, remember, if you have kept some records of your chat with that particular friend, you’ll end up losing them all.

At the beginning of this year, Bhuyan also reported two separate bugs — WhatsApp Photo Privacy bug andWhatsApp Web Photo Sync Bug — in the WhatsApp web client that in some way exposes its users’ privacy.

Thursday 17 December 2015

Hacker Confirms PlayStation 4 Jailbreak! Exploit Could Open Doors for Pirated Games

Sony’s PlayStation 4 – the hottest-selling gaming console in the United States – has been in the market for a while now, and since its release, hackers have been tinkering with it to find a way to run unauthorized software.

Though breaking the protection on PlayStation 4 is a huge deal, a hacker who calls himself CTurt has claimed to develop a fully jailbroken version of the PlayStation 4 with the help of a kernel exploit that he previously created.

The current jailbreak allows dumping of the system RAM from other processes and installing custom firmware that can be used to run homebrew applications that aren’t approved by Sony.

Of course, there is still a few other security issues to get by, but it is a foot in the door for game piracy, which can affect the gaming market as a whole.

The Twitter account of CTurt seems to indicate that currently the exploit only works for PlayStation 4 firmware version 1.76, but apparently it can be tweaked to work for more recent firmware.

CTurt successfully managed to take advantage of an exploit in PlayStation 4 v1.76 to inject an external code in the system, thereby taking control of the hardware.

Sony would certainly be unhappy with the launch of PlayStation 4 jailbreak and would be trying hard to eliminate any vulnerabilities for the most recent version of PS4 firmware.

British Intelligence Open-Sources its Large-Scale Graph Database Software

UK’s Secretive Spy Agency Government Communications Headquarters (GCHQ) has open-sourced one of its tools on code-sharing website GitHub for free…

A graph database called ‘Gaffer.’

Gaffer, written in Java, is a kind of database that makes it “easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms and sketches.”

Github is a popular coding website that allows software developers to build their project on a single platform equipped with all the requirements that are gone in the making of a software.

Gaffer and its Functionalities

In short, Gaffer is a framework for creating mass-scale databases, to store and represent data, and is said to be useful for tasks including:

Allow the creation of graphs with summarised properties within Accumulo with a very less amount of coding.
Allow flexibility of stats that describe the entities and edges.
Allow easy addition of nodes and edges.
Allow quicker retrieval of data on nodes of interest.
Deal with data of different security levels – all data has a visibility, which is used to restrict who can access data based on their authorizations.
Support automatic age-off of data.

Gaffer actually uses the Apache Accumulo codebase that was originally open-sourced by the USNational Security Agency (NSA) and is released under the Apache 2.0 licence.

Why GCHQ Open Sourced its Code?

It’s pretty unusual for one of the most secretive intelligence agencies to release computer code online for anyone to use for free.

Because GCHQ is very well known for monitoring communications worldwide and is not at all expected to release its database types open source on GitHub.

However, maybe this GCHQ’s move is part of its effort toward becoming friendlier in the hacker community and to attract new talents.

The spy agency also says that it is already started working on Gaffer2, a project the agency aims to take“the best parts of Gaffer… to create a more general purpose graph database system.”

What do you think about this GCHQ’s move? Feel free to tell us by hitting the comments below.

कम्‍प्‍यूटर का माउस बताएगा आपके मूड का हाल

आप उदास मन से किसी वेबसाइट पर माउस घुमा रहे हैं कि अचानक उसका रंग बदलता है और पॉप अप के रूप में कुछ चुटकुले आकर आपको हंसा देते हैं। सुनने में भले ही ये किसी सुपर इंटेलीजेंट कंप्यूटर का कमाल लगता हो, लेकिन आने वाले दिनों में ऐसा आसानी से हो सकता है।

दरअसल, दिनोंदिन आपके करीबी दोस्त बनते जा रहे कंप्यूटर के माउस का कर्सर आपके मूड की आसानी से चुगली कर सकता है। शोधकर्ताओं ने ऐसा तरीका खोज निकाला है जिससे माउस के जरिये आपके मूड का पता लग सके।

अमेरिका की ब्रिघम यंग यूनिवर्सिटी के शोधकर्ता जेफरी जेनकिंस ने बताया कि लोग जब गुस्से, तनाव या दुख जैसी किसी भी नकारात्मक भावना से ग्रस्त होते हैं, तो माउस को हिलाने का उनका तरीका बदल जाता है। उन्होंने कहा कि इन स्थितियों में माउस को हिलाने की गति में भी बदलाव हो जाता है।

आधुनिक तकनीक की दुनिया में कुछ ऐसे तरीके आ चुके हैं, जिनकी मदद से माउस के कर्सर की गतिविधि से जुड़ा पर्याप्त डाटा आसानी से जुटाया जा सकता है। इनकी सहायता से आपके मूड का पता लगाना भी संभव है। जेनकिंस ने कहा, “आने वाले दिनों में वेबसाइटें सिर्फ आपको सूचना ही नहीं देंगी बल्कि वो आपकी भावना को महसूस भी कर सकती हैं।”

शोध में कहा गया कि मन अस्थिर होने पर लोग आमतौर पर माउस कर्सर को टेढ़ा-मेढ़ा और तेजी से घुमाते हैं। वहीं कुछ लोग निराश होने पर कर्सर को बहुत धीरे-धीरे चलाने लगते हैं। शोधकर्ताओं का कहना है कि अपने यूजर की भावनाओं को समझकर भविष्य में वेबसाइटें उन्हें कुछ खास अनुभव देने में भी सक्षम हो सकती हैं।

Wednesday 2 December 2015

Top 5 Skills for IoT Testers

Testing the Internet of Things presents unique challenges. For starters, the IoT itself is a vast system of networked devices, sensors and computing infrastructure, with potentially tens of billions of moving parts within it by the end of this decade. Cisco has estimated that 50 billion “things” could be connected to the IoT by 2020 – enough for each person on the planet to have six of them to his or her name.
In addition to its unprecedented scale, the IoT is also a complex realm of crisscrossing wireless connections and long device idle times. Everything from environmental sensors and motion detectors to networked refrigerators and thermostats will be counting upon available connectivity via Wi-Fi, Bluetooth, ZigBee, 4G LTE and other technologies. At the same time, these nodes within the IoT will behave differently than many traditional devices: They may consume data mostly through “bursty” transmissions rather than in a steady stream.
Software quality assurance members tasked with performing software testing of applications and services for the IoT must be prepared for a new frontier. They must be ready to take on fresh challenges with data security, connectivity, maintenance and embedded systems that they have may not encountered much in previous projects. Let’s look at five key skills that IoT testers will need for success:
1) Comfort with conducting gray-box testing
Testing something for the IoT will often put teams in a gray-box situation, meaning that they will need to not only verify the functionality of the application (as in white-box testing) but also dive into its internal structures (as in black-box testing). This is because developers may have limited control over how their creations will ultimately be used – a similar scenario to what already happens with services such as Netflix, which can be accessed from a multitude of interfaces – and as such won’t get the transparency of white-box testing.
Success with gray-box testing depends on gathering as much information as possible about relevant APIs, third-party services, connectivity protocols, etc. This data can then be used to craft effective test cases that can cover a wide range of events and circumstances.
2) Knowledge of embedded systems
As mobile applications entered the mainstream over the past decade, testers had to become accustomed to issues that had rarely, if ever, been relevant with desktop programs. For example, they had to address touch-based interfaces, mobile connectivity fluctuations and limited battery life. The IoT will force a similar shift, in part because of its many embedded systems.
Unlike platforms like Apple iOS or Google Android, these systems aren’t known for their well-maintained operating systems and support tools. More often, they are essentially kludged together. Testers may need to work more directly with end-user interfaces and tools such as code tracers to ensure proper coverage in their tests.
3) Ability to perform effective simulation
The scale and complexity of the IoT means that many of its environments cannot be recreated in full for testing purposes. Testers have to rely instead on simulation, often with many virtual networks complementing a single physical one. This is the most efficient way to recreate the feel of hundreds or even thousands of nodes operating in tandem.
Simulators provide advantages on top of their cost-effectiveness and scalability. For example, they can accelerate the testing process for systems with long idle times by only processing interesting events, rather than the long intervals between them. Idle execution is sped up, saving time and money for testers.
4) Dealing with data spikes and bursty usage patterns
In the virtual desktop infrastructure world, there’s a phenomenon called the “boot storm,” when everyone tries to sign into their VDI solutions at the same time (usually in the morning). The result is lag and an overall poor user experience. What does this have to do with the IoT, though?
IoT application and service testers may have to take a similar situation into account when working with any software that governs areas such as utilities or transportation. What could rush hour traffic due to highway systems? Can the network handle the data spike from all the lights coming on at once in a building after an outage? These scenarios are new territory for most QA teams.
5) Data security wherewithal
The IoT has been a fixture of cyber security conversations for years now. The potential issues are well-known. As Nicholas Evans noted for Computerworld, security is sometimes an afterthought for IoT vendors. Moreover, the sheer diversity of devices, applications and services in play makes it hard to implement an effective catch-all defense strategy.
IoT testing teams must be attentive to everything from transit encryption to API integrity and use of test management add-ons for Atlassian and utilities as needed. The stakes for protecting connected cars, homes and businesses from intrusion are higher than ever with the IoT.
Thanks K Shilpa Sutar

Patent Troll — 66 Big Companies Sued For Using HTTPS Encryption

Are you Using HTTPS on your Website to securely encrypt traffic?

Well, we’ll see you in the court.

At least, that’s what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers.

BIG Brands Sued for Using HTTPS: ‘Patent Troll’

Texas-based company CryptoPeak Solutions LLC has filed 66 lawsuits against many big businesses in the US, claiming they have illegally used its patented encryption method – Elliptic Curve Cryptography (ECC)– on their HTTPS websites.

Elliptic Curve Cryptography (ECC) is a key exchange algorithm that is most widely used on websites secured with Transport Layer Security (TLS) to determine what symmetric keys are used during a session.

Encryption is on the rise after Edward Snowden made the world aware of government’s global surveillance programs. Today, many big tech and online services are using encryption to:

Protect the data transmitted to/from visitor to domain
Lessen the risk of hacking

However, websites using the ECC key are now at risk of being forced to court for using the protocol. As CryptoPeak snapped up the Patent (US Patent 6,202,150) that describes “Auto-Escrowable and Auto-Certifiable Cryptosystems,” which the firm argues covers elliptic curve cryptography (ECC).

Either Pay or Don’t Use HTTPS

The abstract of the US Patent 6,202,150 describes the invention, which was granted in 2001:

Companies Targeted by CryptoPeak

Some of the biggest names CryptoPeak Solutions sued include:

Yahoo
Netflix
Pinterest
AT&T
Sony
Groupon
GoPro
Etsy
Petco
Target
Costco
Home Depot
Expedia
Barnes & Noble
Multiple financial institutions and hotel chains

You can see the full list of lawsuits, which is available online here.

“Defendant has committed direct infringement by its actions that comprise using one or more sites that utilize Elliptic Curve Cryptography Cipher Suites for the Transport Layer Security (TLS) protocol (the Accused Instrumentalities),” according to the lawsuits.

CryptoPeak can easily be categorized as a “Patent Troll,” as it is still unclear if the cases will be successful or not. Since the patent describes some of the key tenets of ECC, which includes generating and publishing of public keys, not obvious corresponds directly to its implementation in HTTPS connections.

Some companies targeted by the firm are fighting the lawsuit that seeks damages and royalties, and other like Scottrade are doing out of court settlements, saying “all matters in controversy between CryptoPeak and Scottrade have been settled, in principle.”

Netflix, one of over 60 companies being dragged to court, called CryptoKey’s lawsuit “invalid” from the outset and filed a case to be dismissed under FED. R. CIV. P. 12(B)(6).

“The defect in these claims is so glaring that CryptoPeak’s only choice is to request that the court overlooks the express words of the claims, construe the claims to read out certain language, or even correct the claims,” Netflix said (PDF) in a court filing.

Adobe to Kill ‘FLASH’, but by Just Renaming it as ‘Adobe Animate CC’

Adobe to kill 'FLASH', but by Renaming it as 'Adobe Animate CC'

Adobe is Finally Killing FLASH, but not actually.

Adobe Flash made the Internet a better place with slick graphics, animation, games and applications, but it never stood a chance of surviving in the same world as HTML5.

Of course, Flash has plagued with various stability and security issues, which is why developers had hated the technology for years.

So, now it’s time to say GoodBye to Adobe Flash Professional CC, and Welcome Adobe Animate CC.

Meet the new Flash, Adobe Animate CC, same as the old Flash, and still insecure mess.

Adobe Animate CC Embraces HTML5

Adobe has officially announced that “over a third of all content created in Flash Professional today uses HTML5,” so the company is acknowledging the shift with the new name.

Adobe Animate CC — Adobe’s Premier Web animation tool for developing HTML5 content.

Yes, that’s what the company has the focus on.

The application – mostly looks like an update to the Flash Professional software – will still support Adobe Flash (SWF) and AIR formats ‘as first-class citizens,’ along with other animation and video formats, including HTML5 canvas, 4K and WebGL output.

Adobe Animate CC is the Same Old Flash

When Adobe Animate CC launches in January 2016, it will bring features like easy access to high-quality stock art, new vector art brushes, as well as the ability to rotate the canvas 360° from any pivot point. Sounds exciting!

What it won’t bring is:

Fix for the number of security issues that have plagued Adobe Flash for years

The platform has a new name, but the development tool lives on.

So, Flash isn’t actually dead; it’s just renamed.

“Adobe’s strategy is to make money regardless of what happens in the market,” says Jeffrey Hammonds, principal analyst at Forrester Research. “They understand that there is a slow transition to HTML5 going on.”
“At some point you have to embrace the change,” Hammond adds. “The rebranding is the visible sign of that, but the internal focus on supporting the technologies like HTML5 has been going on a while.”

So, hiding Flash behind a different name doesn’t solve the stability and security issues. In fact, a recently uncovered flaw in the software was so nasty that the only way to get rid of it was to completely uninstall Flash Player.

Toymaker VTech Hack Exposes 4.8 Million Customers, including Photos of Children

Earlier this month, a massive data breach at VTech – the maker of tablets and gadgets aimed at children – exposed the personal details of about 4.8 Million parents and photos of more than 200,000 Children.

If that was not bad enough…

…it turns out that the massive cyber attack against the toymaker company also left hundreds of thousands of snaps of parents and children, as well as a year worth of chat logs kept online in a way easily accessible to hackers.

VTech Data Breach

In a statement released Monday, the toymaker company VTech said the hacked database included victim’s profile information including:

Customers’ names
Email addresses
Passwords (One-way encrypted using MD5 hash that can be cracked in no time)
Secret questions and answers for password retrieval
IP addresses
Residential addresses
Download history

The database also included information on children including names, genders and date of births.

However, the Hong Kong-based company noted the database didn’t contain any credit card or personal identification information like social security numbers (SSNs) and driver license IDs.

Hack Leaks Photos and Chat Logs of Children & Parents

What’s even more worrisome is that…

In addition to the above information, data from Kid Connect – a service VTech offered to let parents communicate with their kids – was also hacked. Kid Connect information included:

Pictures of Children and parents
Chat logs between parents and children

How did VTech Data Breach Happen?

The massive data breach actually occurred on Nov. 14 and impacted VTech’s Learning Lodge app store database, which features learning game apps and other educational tools for kids to download on their VTech devices.

The kiddie toymaker company had alerted Learning Lodge customers of the recent hack, and had “temporarily suspended” the Learning Lodge site along with 13 of its associated websites as a precautionary measure, VTech said on its website Monday.

The hacker that discovered the data breach told Motherboard that he has no plans to misuse the leaked information he gathered.

However, now, when the information – including snaps and chat logs – is available online, it could be even harder for VTech to try to pretend that everything is all right.

VTech says it is still investigating the matter, and will look into new ways to strengthen its security. It also alerted customers of potential exposure, encouraging them to follow up with the company via email (vtechkids@vtechkids.com in the U.S.).

Experts Warn of More Cyber Attacks

Now that the massive database from VTech is available online, security experts are warning that hackers and cyber criminals are likely to use this information in order target similar IoT (Internet of Things) companies that handle customer data.

Breaches like VTech are not unusual, but since it involves services aimed at children that generally do not get much of the attention when it comes to the security of data.

Affected? How to Check and What to Do?

If you are a parent holding a Learning Lodge account, you are advised to check Have I Been Pwned?website, which compiles all the data from breaches and now includes users accounts stolen from VTech.

If you found your Learning Lodge account affected, you should:

Change your password immediately
Also, change your password retrieval information

You are also advised to change the passwords on any other online accounts for which you are using the same password as for Learning Lodge account.

Monday 30 November 2015

Wi-Fi से 100 गुना तेज Li-Fi, 1 सेकंड में 3 घंटे की फिल्‍म करें डाउनलोड

फिलहाल 3जी और वाई-फाई की जिंदगी जी रहा भारत अब 4जी के दरवाजे पर खड़ा है। लेकिन क्‍या आपको पता है कि जिस वाई-फाई और 4जी को आप सबसे तेज मानते हैं उससे 100 गुना तेज इंटरनेट भी उपलब्‍ध है। वैज्ञानिकों ने अब इंटरनेट की 224 जीबी प्रति सेकंड की रफ्तर हासिल कर ली है।

यह रफ्तार पलक झपकते ही 18 फिल्‍में डाउनलोड करने के बाराबर है। अब तक लैब में रहा यह प्रयोग अब अलस जिंदगी में आ गया है और फिलहाल इसे फ्रांस के एक अस्‍पताल में लगाया जा रहा है। किसी बल्‍ब या टॉर्च की रोशनी की तर्ज पर काम करने वाली इस तकनीक में बल्‍ब ऑन होते ही इसकी रोशनी बायनरी कोड में परिवर्तित होती है।

यह है लाई-फाई

इसकी खोज 2011 में स्कॉटलैंड एडिनबर्ग यूनिवर्सिटी के साइंटिस्ट हेराल्ड हैस ने की थी। यह विजिबल लाइट कम्युंनिकेशन पर आधारित है, इसमे रोशनी को बाइनरी कोड में ट्रांस्मिट किया जाता है। हाल ही में लाई-फाई पर लैब से बाहर प्रयोग किया गया जो काफी सफल रहा।

ऐसे करता है काम

लाई-फाई तकनीक में लेड बल्ब के जरिए इंटरनेट एक्सेस किया जाता है, इसके लिए एलईडी बल्ब में एक माईक्रोचिप लगाई जाती है। ये वाई-फाई की तुलना में ज्यादा सुरक्षित है क्योंकि लाईट दीवार को पार नहीं कर सकती। जैसे ही बल्‍ब को चालू किया जाता है तो इसमें से निकलने वाली रोशनी बायनरी कोड में बदलकर यूजर तक पहुंचती है।

Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys

Millions of embedded devices, including home routers, modems, IP cameras, VoIP phones, are shareing the same hard-coded SSH (Secure Shell) cryptographic keys or HTTPS (HTTP Secure) server certificates that expose them to various types of malicious attacks.

A new analysis by IT security consultancy SEC Consult shows that the lazy manufacturers of the Internet of Things (IoTs) and Home Routers are reusing the same set of hard-coded cryptographic keys, leaving devices open to Hijacking.

In simple words, this means that if you are able to access one device remotely, you can possibly log into hundreds of thousands of other devices – including the devices from different manufacturers.

Re-Using Same Encryption Keys

In its survey of IoT devices, the company studied 4,000 embedded devices from 70 different hardware vendors, ranging from simple home routers to Internet gateway servers, and discovered that…

…over 580 unique private cryptographic keys for SSH and HTTPS are re-shared between multiple devices from the same vendor and even from the different vendors.

The most common use of these static keys are:

SSH host keys
X.509 HTTPS certificates

SSH host keys verify the identity of a device that runs an SSH server using a public-private key pair. If an attacker steals the device’s SSH host private key, he/she can impersonate the device and trick the victim’s computer to talk to his computer instead.

The same happens in the case of websites if an attacker gains access to the device’s HTTPS private certificate, which is actually used to encrypt traffic between users and its Web-based management interface.

The attacker can then decrypt the traffic to extract usernames, passwords and other sensitive data with the help of device’s HTTPS private key.

MILLLLLIONS of Devices Open to Attacks

When scanned the Internet for those 580 keys, the researchers found that at least 230 crypto keys are actively being used by more than 4 Million IoT devices.

Moreover, the researchers recovered around 150 HTTPS server certificates that are used by 3.2 Million devices, along with 80 SSH host keys that are used by at least 900,000 devices.

The remaining crypto keys might be used by various other devices that are not connected to the Internet, but could still be vulnerable to man-in-the-middle (MITM) attacks within their respective local area networks.

As a result, potentially Millions of Internet-connected devices can be logged into by attackers, or their HTTPS web server connections can silently be decrypted by MitM attackers, using these crypto keys and certs once they’re extracted from their firmware.

Where Does the actual Problem Reside?

The issue lies in the way vendors build and deploy their products. Typically, the vendors built their device’s firmware based on software development kits (SDKs) received from chipmakers…

…without even bothering to change the source code or even the keys or certificates that are already present in those SDKs.

There are many reasons why this large number of devices are accessible from the Internet via HTTPS and SSH. These include:

Insecure default configurations by vendors
Automatic port forwarding via UPnP
Provisioning by ISPs that configure their subscribers’ devices for remote management

“The source of the keys is an interesting aspect. Some keys are only found in one product or several products in the same product line. In other cases we found the same keys in products from various vendors,” Sec Consult wrote in its blog post.

List of Vendors that are Re-Using Encryption Keys

Although SEC Consult identified more than 900 vulnerable products from roughly 50 manufacturers, the actual number could be even higher considering that its study only targeted firmware the company had access to.

According to SEC Consult, these are the companies that were found reusing encryption keys:

ADB, AMX, Actiontec, Adtran, Alcatel-Lucent, Alpha Networks, Aruba Networks, Aztech, Bewan, Busch-Jaeger, CTC Union, Cisco, Clear, Comtrend, D-Link, Deutsche Telekom, DrayTek, Edimax, General Electric (GE), Green Packet, Huawei, Infomark, Innatech, Linksys, Motorola, Moxa, NETGEAR, NetComm Wireless, ONT, Observa Telecom, Opengear, Pace, Philips, Pirelli , Robustel, Sagemcom, Seagate, Seowon Intech, Sierra Wireless, Smart RG, TP-LINK, TRENDnet, Technicolor, Tenda, Totolink, unify, UPVEL, Ubee Interactive, Ubiquiti Networks, Vodafone, Western Digital, ZTE, Zhone and ZyXEL.

Most Affected Countries

Here’s the list of Top 10 countries that are affected by SSH/HTTPS encryption key reuse:

United States
Mexico
Brazil
Spain
Colombia
Canada
China
Russian Federation
Taiwan
United Kingdom

SEC Consult has “worked together with CERT/CC to address this issue since early August 2015.” and it recommends vendors to use securely random cryptographic keys for each IoT-capable device.

Moreover, ISPs are advised to make sure that there is no possibility to remotely access CPE (customer premises equipment) devices via WAN port. In case they need access for remote support purposes,“setting up a dedicated management VLAN with strict ACLs is recommended.”

Swedish Court — ‘We Can’t Ban The Pirate Bay’

The controversial file-sharing website The Pirate Bay will still be running in Sweden as the District Court of Stockholm on Friday ruled that they be unable to force the internet service providers (ISPs) to block the website from operating.

The Pirate Bay is an infamous Swedish search engine predominantly used worldwide for pirating material, such as software, movies, music files and TV shows, entirely free of charge.

Numerous ISPs around Europe block the Pirate Bay, but the notorious site will not be inaccessible in its home country Sweden, at least for now, according to the local media.

Last year, a lawsuit was filed by Warner Music, Sony Music, Universal Music, Nordisk Film and the Swedish Film Industry in order to force Swedish ISP broadband companies to block the Pirate Bay, claiming them liable for the infringements of its customers.

However, the Broadband companies refused to comply, stating that their only role is to provide their clients with access to the Internet while facilitating the free flow of information.

Sweden – We can’t Ban The Pirate Bay

Now, a Stockholm District Court has handed down its decision in favor of ISPs, ruling that Sweden can not make them block the access to the Pirate Bay website, as those broadband companies are not responsible for what their customers do.

“A unanimous district court considers, therefore, that it is not in a position to authorize such a ban as the rights holders want, and, therefore, rejects their requests,” presiding Chief Magistrate Anders Dereborg said.

In other words, the ISP networks are not participating in any crimes, according to the court ruling, as they are just the delivery medium.

While it is possible that the group representing the copyright holders could appeal a higher court, in the meantime, the group will still have to pay the ISPs legal costs thus far, which amounts to more than $150,000.

So, before the group appeals a higher authority, this is something it might want to reconsider.

A few month back, The Pirate Bay co-founders Gottfrid Svartholm, Fredrik Neij, Peter Sunde and Carl Lundström cleared all the charges alleging criminal copyright infringement and abuse of electronic communications in a Belgian court.

Sunday 29 November 2015

ZARP A Network Attacking Tool

ZARP A Network Attacking Tool

Zarp is a network attack tool centered around the exploitation of local networks.

This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.

Current version: 1.5 Current dev version: 1.6

Installation

zarp is intended to be as dependency-free as possible. When available, zarp has opted to use pure or native Python implementations over requiring or importing huge libraries. Even as such, zarp requires the following to run:

Linux
Python 2.7.x
Scapy (packaged with zarp)

It is also recommended that user's have the following installed for access to specific modules:

airmon-ng suite (for all your wireless cracking needs)
tcpdump
libmproxy (packaged with zarp)
paramiko (SSH service)
nfqueue-bindings (packet modifier)

The recommended installation process is to run:

git clone git://github.com/hatRiot/zarp.git

pip install -r requirements.txt

You can then run:

sudo python zarp.py --update

to update zarp. The update flag will not work if you download the tarball from the Git page.

Scapy comes packaged with Zarp and no installation is required. Wifite is used for wireless AP cracking; a specific version (ballast-dev branch) is required. This comes packaged with zarp. There are some dependencies required for Scapy, but most should be pretty easy to install or already be installed.

Tool Overview

Broad categories are (see wiki for more information on these):

Poisoners
Denial of Service
Sniffers
Scanners
Services
Parameter
Attacks

CLI Usage and Shortcuts

> help

zarp options:
    help            - This menu
    opts            - Dump zarp current settings
    exit            - Exit immediately
    bg          - Put zarp to background
    set [key] [value]   - Set key to value

zarp module options:
    [int] [value]       - Set option [int] to value [value]
    [int] o         - View options for setting
    run (r)         - Run the selected module
    info            - Display module information

Modules can be navigated to by nesting entries:

bryan@debdev:~/tools/zarp$ sudo ./zarp.py
[!] Loaded 34 modules.
     ____   __   ____ ____
    (__ ) / _\ ( _ \( _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__) [Version: 0.1.5]

    [1] Poisoners       [5] Parameter
    [2] DoS Attacks     [6] Services
    [3] Sniffers        [7] Attacks
    [4] Scanners        [8] Sessions

0) Back
> 6 2

    +-----+----------------+----------------------------+------+----------+-
    |     | Option         | Value                      | Type | Required | 
    +-----+----------------+----------------------------+------+----------+-
    | [1] | Displayed MOTD | b4ll4stS3c FTP Server v1.4 | str  | False    | 
    +-----+----------------+----------------------------+------+----------+-
    | [2] | Listen port    | 21                         | int  | False    | 
    +-----+----------------+----------------------------+------+----------+-

0) Back
FTP Server >

Nested entries go as far as modules will. Note that right now it's 'dumb' in that, if you enter in a ton of numbers, it's going to continue dumping that out as module selection!

Usage Examples

List of modules accessible from the command line:

bryan@debdev:~/tools/zarp$ sudo ./zarp.py --help
[!] Loaded 34 modules.
     ____   __   ____ ____
    (__ ) / _\ ( _ \( _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__) [Version: 0.1.5]

usage: zarp.py [-h] [-q FILTER] [--update] [--wap] [--ftp] [--http] [--smb]
               [--ssh] [--telnet] [-w] [-s] [--service-scan]

optional arguments:
-h, --help      show this help message and exit
-q FILTER       Generic network sniff
--update        Update Zarp

Services:
--wap           Wireless access point
--ftp           FTP server
--http          HTTP Server
--smb           SMB Service
--ssh           SSH Server
--telnet        Telnet server

Scanners:
-w              Wireless AP Scan
-s              Network scanner
--service-scan Service scanner
bryan@debdev:~/tools/zarp$

Main menu when launched with the command line GUI:

bryan@devbox:~/zarp$ sudo ./zarp.py
[!] Loaded 33 modules.
     ____   __   ____ ____
    (__ ) / _\ ( _ \( _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__)
        [Version 0.1.4]
    [1] Poisoners       [5] Parameter
    [2] DoS Attacks     [6] Services
    [3] Sniffers        [7] Attacks
    [4] Scanners        [8] Sessions

0) Back
>

Navigating a module is pretty simple, and there are really only a few commands to know. When in the context of a module, the command 'info' can be used to dump a help or informational string:

ARP Spoof > info
---------------------------------------------------------
The heart and soul of zarp. This module exploits the ARP
protocol to redirect all traffic through the attacker's
chosen system.

http://en.wikipedia.org/wiki/ARP_poison
    +-----+------------------------------------+-------+------+----------+-
    |     | Option                             | Value | Type | Required |
    +-----+------------------------------------+-------+------+----------+-
    | [1] | Interval to send respoofed packets | 2     | int | False    |
    +-----+------------------------------------+-------+------+----------+-
    | [2] | Address to spoof from target       | None | ip   | True     |
    +-----+------------------------------------+-------+------+----------+-
    | [3] | Target to poison                   | None | ip   | True     |
    +-----+------------------------------------+-------+------+----------+-
0) Back
ARP Spoof >

To set an option, give it the option number followed by the value:

ARP Spoof > 2 192.168.1.219

If an option supports a choice list, give it the option number followed by the lowercase letter o:

HTTP Sniffer > 2 o
[!] Options: ['Site Only', 'Request String', 'Request and Payload', 'Session IDs', 'Custom Regex']
    +-----+-----------------------------+--------------+-------+----------+-
    |     | Option                      | Value        | Type | Required |
    +-----+-----------------------------+--------------+-------+----------+-
    | [1] | Regex for level 5 verbosity | None         | regex | False    |
    +-----+-----------------------------+--------------+-------+----------+-
    | [2] | Output verbosity            | 1            | int   | False    |
    +-----+-----------------------------+--------------+-------+----------+-
    | [3] | Address to sniff from       | 192.168.1.97 | ip    | False    |
    +-----+-----------------------------+--------------+-------+----------+-0) Back
HTTP Sniffer >

Modules, once all required options are set, can be run by specifying a lowercase '''r'''.

Note : All information only for education purpose , don't try it on real host , otherwise you will caught by police , I am not responsible for any missuses .

रोजना स्‍मार्टफोन चार्ज करने की झंझट खत्‍म करेगा नया टचस्‍क्रीन मटेरियल

ब्रिटिश वैज्ञानिकों ने नई तरह के टचस्‍क्रीन मटेरियल को खोजा है जो सूर्य की सीधी रोशनी में उच्‍च दृश्‍यता वाली है और इसे चलने के लिए काफी कम पावर की आवश्‍यकता है।

नये मटेरियल की क्षमता देखने के लिए कंज्‍यूमर इलेक्‍ट्रॉनिक्‍स में कुछ बड़े प्‍लेयर्स के साथ टीम अभी भी बात-चीत कर रही है कि यह नया मटीरियल अगले कुछ सालों में वर्तमान के एलसीडी टचस्‍क्रीन की जगह ले सकता है या नहीं। बॉडी टेक्‍नोलॉजीज द्वारा विकसित, नयी टेक्‍नोलॉजी कंज्‍यूमर्स को उनके स्‍मार्टफोन के प्रतिदिन के चार्जिंग की समस्‍या से निजात दिला सकती है।

एक रिसर्चर पिमैन होसैनी ने कहा, ‘हम नए बाजार का निर्माण कर सकते हैं। आपको प्रत्‍येक रात को स्‍मार्टवॉच को चार्ज करना पड़ता है लेकिन अब आपके पास ऐसा स्‍मार्टवॉच या स्‍मार्ट ग्‍लास होगा जिसे अधिक पावर की जरूरत न हो, आप इसे हफ्ते में एक बार चार्ज करेंगे।‘

शोधकर्ताओं का कहना है कि उनका अल्‍ट्रा-थिन डिस्‍प्‍ले मटेरियल सीधी सूर्य की रोशनी में भी काफी अच्‍छे रेज्‍योलूशन के साथ बेहतर रंग दिखाता है।

Basic Malware Analysis Tools

In the upcoming posts we will be talking about basic malware analysis and we will start with discussing the many different Basic Malware Analysis Tools which are available. A Malware Analyst is someone highly skilled in reverse engineering malware to get a deep understanding about what a certain piece of malware does and how it does it. To become a malware analyst it is important to have a good understanding of operating systems, software, networking, programming in general, malware in general and assembly language. Assembly language is the low level programming code between the high level programming code and the machine instructions. In other words: it translates the high level language into machine instructions which will be processed by your computers hardware.

In this tutorial we will be looking at simple but popular tools for basic static malware analysis like: PEiD to detect packers, Dependency Walker to view dynamically linked functions, Resource Hacker to view the malware’s resources and PEview and FileAlyzer to examine the PE file headers and sections. These tools are used for basic static malware analysis to try to determine the kind of malware and it’s function without actually running the malware. Running and analysing the malware will be covered in laters tutorials. After this we will be looking at the malware analysis advanced tools available for advanced static analysis and advanced dynamic malware analysis in the next article: Dynamic Malware Analysis Tools. Note that we will be discussing the tools in general first and get into detailed tutorials later. In the upcoming tutorials we will be using them on sample malware in detailed step-by-step hacking tutorials.

Basic Malware Analysis Tools

As promised we’ll be looking at the following basic malware analysis tool: PEiD, Dependency Walker, Resource Hacker, PEview and FileAlyzer. For your convenience we will supply a download link for the tools as well so you can get your malware analysis toolbox ready for the upcoming tutorials. Be sure to subscribe to our newsletter as we will be updating this list and our toolbox along the upcoming tutorials.

PEiD

PEiD is a small application which is used to detect common packers, cryptors and compilers. Malware writers often attempt to pack or obfuscate their malware to make it harder to detect and to analyse. The current version of PEiD can detect over 470 different signatures in PE files which are loaded from a txt file called userdb. The official PEiD website is not active anymore but you can download PEiD-0.95-20081103 from Hacking Tutorials using the following download link: PEiD-0.95-20081103.zip (222 downloads)

You need to replace the userdb.txt file with the following file to add the signatures; PEiD Userdb (236 downloads)

Dependency Walker

Another great basic malware analysis tool is Dependency Walker. Dependency Walter is a free application which can be used to scan 32 and 64 bit Windows modules (.exe, .dll, .ocx, etc.) and is used to list all the imported and exported functions of a module. Dependency Walker also displays the dependencies of the file which will result in a minimum set of required files. Depency Walker also displays detailed information about those files including the filepath, version number, machine type, debug information etc.

Dependency Walker can be downloaded here.

Resource Hacker

Resource Hacker, or sometimes called ResHackers, is a free application used to extract resources from Windows binaries. Resource Hacker can extract, add and modify most resources like strings, images, menus, dialogs, VersionInfo, Manifest resources etc. The latest version of Resource Hacker, which is version 4.2.4, was release in July 2015.

Resource Hacker can be downloaded using the following link: Resource Hacker

PEview

PEview is a free and easy to use application to browse through the information stored in Portable Executable (PE) file headers and the different sections of the file. In the following tutorials we will be learning how to read those headers when we’re examining real malware.

PEview can be downloaded using the following link: PEview.

FileAlyzer

FileAlyzer is also a free tool to read information stored in PE file headers and sections but offers slightly more features and functionality than PEview. Nice features are the VirusTotal tab which can be used to submit malware to VirusTotal for analysis and the functionality to unpack UPX and PECompact packed files. And yes, Filealyzer is a typo but the developer decided to stick with the name which is kinda cool in our opinion.

FileAlyzer can be downloaded using the following link: FileAlyzer.

Dynamic Malware Analysis Tools

In this tutorial we will be covering Dynamic Malware Analysis Tools which are used to analyse activity after the execution of malware in virtual machines. We will be looking at tools like Procmon, Process Explorer, Regshot, ApateDNS, Netcat, Wireshark and INetSim to analyse the malware. Dynamic Malware Analysis is typically performed after static malware analysis has reached a dead end. You will reach a dead end quickly when malware is packed or obfuscated for example. Dynamic Malware Analysis is also a great way to identify the type of malware quickly, if you are facing Ransomware you will notice the encrypted files and forced payment methods quickly after executing the malware.

Dynamics Malware Analysis Risks

Please be aware of the fact that Dynamic Malware Analysis can put your system and network at risk, you will be executing real malware to analyse it’s behaviour. We advise you to only execute malware on virtual machines or dedicated systems in isolated networks which are not connected to the internet. We do not need an internet connection on our malware analysis machine since there are serveral tools available for simulating an internet connection. We will be covering a few of these tools in this article. Even though we’re executing the malware in virtual machines, it is not guaranteed that the host or your network is perfectly safe because malware developers always find surprising new ways for infection and make malware analysis harder to perfom.

Dynamic Malware Analysis Tools

As already mentioned we’ll be looking at the following tools for dynamic malware analysis: Procmon, Process Explorer, Regshot, ApateDNS, Netcat, Wireshark and INetSim. For your convenience we will supply a download link for the tools. We will be updating this list along the way so be sure to subscribe to our newsletter.

Procmon

Procmon, or Process Monitor, is a free tool developed by Windows SysInternals and is used to monitor the Windows filesystem, registry and process activity real-time. The tool is a combination of 2 legacy tools; FileMon and RegMon. Procmon has some great features added on top of FileMon and Procmon like non-destructive filtering of data and boottime logging. Non-destructive filtering means that all data is captured but only filtered data is displayed to the user.

The latest version of Process Monitor is version 3.2 which can be downloaded here.

Process Explorer

Process Explorer is also a free tool available from Microsoft which should be running when performing Dynamic Malware Analysis. Process Explorer is used to monitor the running processes and shows you which handles and DLL’s are running and loaded for each process.

The latest version of Process Explorer can be downloaded here.

Regshot

Regshot is a great open source utility to monitor your registry for changes by taking a snapshot which can be compared to the current state of your registry. This allows you to see the changes made to your registry after the malware has been executed on your system.

The latest version of Regshot is available for download here.

ApateDNS

Another great tool for performing Dynamic Malware Analysis is ApateDNS. ApateDNS is a tool for controlling DNS responses and acts as a DNS server on your local system. ApateDNS will spoof DNS responses to DNS requests generated by the malware to a specified IP address on UDP port 53. The IP address or hostname is often retrieved from the malware by performing static malware analysis, for example by examining the resources sections, or by using sandboxes. ApateDNS is also capable of recovering multiple domains using the NXDOMAIN parameter since malware often tries multiple hosts to connect to.

ApateDNS is available from FireEye and can be downloaded using the following link: ApateDNS.

Netcat

Netcat, ncat or just simply nc is a tool used to read and write to network connections using TCP and UDP. Netcat is also called the Swiss Army Knife because of the many features it offers like: port scanning, port forwarding, tunneling, proxying and a lot more. Netcat is a great tool to perform Dynamic Malware Analysis because it can make almost any network connection a malware analyst might ever need. Netcat can be used to make inbound and outbound connections on any port and can be used in client mode for connecting and in server mode for listening.

A lot of malware communicates over port 80 (HTTP) and 443 (HTTPS) because on most systems these ports are not blocked by a firewall. When performing Dynamic Malware Analysis we could use ApateDNS to redirect a DNS request made by the malware to a host which is running Netcat in servermode listening to the specified IP address on the specified port. This way we can monitor the requests made by malware using ApateDNS for redirecting requests and Netcat for monitoring the requests. In the Dynamic Malware Analysis tutorials we will be covering the use of ApateDNS and Netcat in more detail.

Netcat can be downloaded from the Nmap website here and is also included in Kali Linux.

Wireshark

Wireshark is one of the best network protocol analyser tools available, if not the best. If you didn’t know Wireshark you probably wouldn’t be reading this article about Dynamic Malware Analysis. Wireshark is used to analyse a network to the greatest detail to see what is currently happening and capture packets to files. Wireshark can be used for live packet capturing, deep inspection of hundreds of protocols, browse and filter packets and is multiplatform. When performing Dynamic Malware Analysis Wireshark can be used to inspects packets and log network traffic to files.

Wireshark is included with Kali Linux but also available for Windows and Mac. Wireshark can be downloaded here.

INetSim

INetSim is a Linux based tool build for Malware Analysis to simulate the most common internet services like http, https, DNS, FTP and many more. When performing Dynamic Malware Analysis on a windows machine you can use a virtual machine in the same network as you malware analysis machine to run INetSim. INetSim fakes the common internet services which malware might use and answers the requests made accordingly. For example when malware requests a file, INetSim will return the file. When malware scans a webserver, INetSim will return a Microsoft IIS webserver banner in order to keep the malware running. INetSim will also log all incoming connections so you can analyse which services the malware is using and what requests it makes. INetSim is also highly configurable, when a malware uses a non-standard port for a service, you can change the listener port on a specific service in INetSim.

INetSim 1.2.5 is the current version which is included with Kali Linux 2.0 and can be downloaded here.