iOS 7 Untethered Jailbreak released for iPhone, iPad, and iPod devices :)

If you love iPhone you are surely going to love this news. iOS 7 was released in 3 months before and today finally the evad3rs team has released untethered jailbreak for iPhone, iPad, and iPod devices running iOS 7.0 through iOS 7.0.4.

The evasi0n installer is compatible with Windows, Mac OS X and Linux so no matter what operating system you’re on, you should be able to jailbreak your device.

"Jailbreaking is the procedure of modifying the iOS of your iPhone to remove the limitations imposed by Apple. This allows a user to access and install a lot of new applications, software and other similar content which otherwise are not made available to iPhone users through the Apple Store."

The process is very simple, and within five minutes you can jailbreak your device. According to the instructions, iTunes must be installed if you’re running Windows and the only prerequisite is that the device should be running iOS 7.0.4.

Team advice user to backup device data before using evasi0n tool. If something breaks, you'll always be able to recover your data.

FAQ :- "Jailbreak is legal or not ?", - Yes is legal, at least in the US, a rule was passed in July 2010 by the US government made it legal so whatever you are doing with your iPhone is completely legal.

Once the installation will complete, the Cydia will appear on the home screen.

 Download Evasi0n forWindows 
 Download Evasi0n for Mac 


 

Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

According to David Vieira-Kurz discovered Remote code execution flaw "due to a type-cast issue in combination with complex curly syntax", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo() PHP function on the web page, just by modifying the URL and injecting code in that.

According to an explanation on his blog, he noticed a legitimate URL on EBay:

"https://sea.ebay.com/search/?q=david&catidd=1" 

..and modified the URL to pass any array values including a payload:

"https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1"

But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array values?

According to me, it is possible only if the 'search' page is receiving "q" parameter value using some LOOP function like "foreach()". Most probably code at the server end should be something like:

"foreach($_GET['q'] as $data)
{
        If $data is successfully able to bypass some input filter functions
    {
        eval("execute thing here with $data");
    }
 }

David has already reported the flaw responsibly to the Ebay Security Team and they have patched it early this week.

Rogue Android Gaming app that steals WhatsApp conversations

Google has recently removed a Rogue Android gaming app called "Balloon Pop 2" from its official Play store that was actually stealing user's private Whatsapp app conversations.

Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware represents an excellent solution to the request.

In the past I already posted an article on the implementation of encryption mechanisms for WhatsApp application explaining that improper design could allow attackers to snoop on the conversation. Spreading the malware through an official channel the attacker could improve the efficiency of the attack, and it is exactly what is happening, an Android game has been published on the official Google Play store to stealthy steal users’ WhatsApp conversation databases and to resell the collection of messages on an internet website.

The games titled “Balloon Pop 2” has been fortunately identified and removed from the official Google Play store, it was able to spy on conversations made via WhatsApp and upload them to the WhatsAppCopy website.

On the WhatsAppCopy website is advertised the Android game BalloonPop2 as a way of “backing up” a device’s WhatsApp conversation, it's very curious, what do think about?

The website managers sustain that their app is a legitimate game that could be used to back up WhatsApp messages, they aren't responsible for its abuse for spying purposes. The attacker paying a fee could view the stolen WhatsApp conversations from the WhatsAppCopy website, it is necessary to provide the phone number of the targeted Android device to read the private messages exchanged by the victims.

The message posted on the website states: 
"Execute our game on a mobile, whatsapp conversations are sent to this website, an hour later looking for the phone, and you can read the conversations ."

Despite the application has been immediately removed from the Google Play store there is the concrete risk that ill-intentioned will continue to distribute it through unofficial stores.

The rapid diffusion of mobile platforms and lack of defense mechanisms on almost every device make them a privileged target, the number of malicious code designed for Android and iOS is literally exploded in the next years.

Cyber criminals have also exploited official channel to spread malicious code, it is happening to the mobile version of the popular Carberp banking trojan.

The fact that an app has been published on official store it isn't sufficient to consider it reliable and secure, same consideration is valid for other mobile platforms.



Take care of your privacy, be smart!

Unpatched vulnerability in Android 4.3 allows apps to Remove Device Locks

In September, Google added the remote Device locking Capability to its Android Device Manager, allowing users to lock their phone if it’s stolen or lost.
The mechanism allows user to override the existing device lock scheme and set password scheme for better security.

But Recently, Curesec Research Team from Germany has discovered an interesting vulnerability (CVE-2013-6271) in  Android 4.3 that allows a rogue app to remove all existing device locks activated by a user.

'The bug exists on the “com.android.settings.ChooseLockGeneric class”. This class is used to allow the user to modify the type of lock mechanism the device should have.' CRT team says in a blog post.

Android OS has several device lock mechanisms like PIN, Password, Gesture and even faces recognition to lock and unlock a device. For modification in password settings, the device asks the user for confirmation of the previous lock.

But if some malicious application is installed on the device, it could exploit the flaw to unlock the device without the knowledge of previous password. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

Curesec Team has already reported the vulnerability to Google Android Security Team three times, but unfortulatly Google is not responding them about this issue.

Danish Bitcoin exchange BIPS hacked and 1,295 Bitcoins worth $1 Million Stolen

The breaking news is that, another Bitcoin exchange company gets hacked i.e. BIPS (bips.me), one of the largest European Danish Bitcoin payment processors.

On Friday evening, a bunch of cyber criminals just broke into BIPs -Bitcoin payment processor servers and wiped out around 1,295 Bitcoin from people’s wallets, currently worth $1 Million. More than 22,000 consumer wallets have been compromised and BIPS will be contacting the affected users.
Initially on 15th November, Hackers launched Distributed Denial of Service (DDoS) attack on BIPS, originate from Russia and neighboring countries and then hackers attacked again on 17th November. This time somehow they got access to several online Bitcoin wallets, which allowed them to steal the 1,295 BTC.

"As a consequence Bips will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins." company says.

"All existing users will be asked to transfer bitcoins to other wallet solutions" said Mr. Henriksen, BIPs founder. Even after the robbery, he told his customers, "Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in".

 One of his customer replied to Henrickson's post, "In fact, your website said: 'Your data is secure at BIPS.' So yeah, I felt pretty goddamn secure leaving my BTC balance there."

Saving thousands of dollars in a Bitcoin wallet that's highly susceptible to hackers, so don't store your Bitcoin on the internet.

The Future of Technology: Year 2020 and Beyond

Technology moves rather fast, that we are sure of. You buy a brand new computer, cell phone or tablet, and that lasts you approximately a year (minimum) and  around 3 years (maximum) before being outdated, old technology. However, as fast as technology moves now, it will move significantly quicker in the future. Today’s post will be a fun post that examines how far we could go in the next 8 years and beyond.

The reason why technology will advance even more rapidly in the future mainly revolves around the upcoming of the technology generation. Many of today’s children and youth simply grow up being exposed to technology. Thus, these kids learn a lot about technology as they grow, during their developmental stages where they can learn rather rapidly.

With technology now, more than ever being a part of everyday life, much of the youth actually take to it quite quickly. Today’s kids are growing up learning things on iPads and Android tablets. Additionally, many of these children can tell you the best Linux distro to use for a certain application, where I definitely could not make a quality recommendation.

That being noted, the future of technology is bound to be both bright and impressive. Here are some things we could see in the distant, but not too distant future. Time goes by quickly.

Touchscreen World:

This concept video by MyOffice365 offers a unique perspective of what many consumer devices such as tablets and smartphones could be like in 2020. However, for these kind of advancements, it may be closer to 2025. Still, a very interesting concept video.

Tech in Everyday Life:

Here’s another interesting concept of what technology may be like in the future. This video demonstrates several possibilities for 2020 and beyond, and is more focused on how technology could assist in everyday life. Many of the ultra wealthy can likely afford slightly similar technologies now, but this video demonstrates not just a smartphone, but a smarthome.

 

Microsoft Vision Future Concept:

The Microsoft Vision Future Concept video is a project by Microsoft that demonstrates some business technology concepts that we may be able to reach within the next 10 years.

Productivity Future Vision 2021:

The productivity future vision video gives a prediction simulation of how simple, core technological concepts of today, such as cloud storage, could evolve to by 2021. Another very interesting video and rendition on what the future may hold.

 

Apple Products in 2020 and Beyond:

Here’s an interesting concept video based on the progression that one device, the MacBook Pro, could make over the next 10 years.

Additionally, if we are able to move beyond the smartphone, the future may be a place of holographic, wearable devices such as this Apple Black Hole concept. Now, that is multi-touch!

Of course, companies like Microsoft, Apple and Google may not even be around in 2020, as that is still quite far away. Thank you for stopping by the site for today’s post which is more of a fun post that is focused on concepts and the future of technology. Enjoy!

Top Creative Uses of Cloud Storage

Introduction:

Cloud computing is the new fad on the technology circuit and several sites like Dropbox, Sugar Sync and Team Drive offer a lot of online storage space. However few people are aware that cloud storage goes way beyond just a simple platform to store files and documents online.

  

Unify all documents: 

Cloud offers the superb option of syncing documents across multiple platforms. Just a few years back this used to be a very frustrating experience for most and pen drives were the inconvenient solution with its manual mode of working. Cloud gets rid of all this with a completely automated fix which is easily accessible over the internet.
 

Seamless storage of multimedia files: 

Video files typically take up a lot of storage space. Cloud offers the option to store huge amounts of high definition videos running into several Gigabytes. Music lovers can benefit by placing their mp3’s and mp4 files in the cloud and easily accessing them via a customized playlist on the go with the help of software’s like iTunes and Amazon Cloud Drive.
 

Photo Storage: 

Picture sharing is a breeze with cloud computing. Users can easily edit image files online and create customized photo albums and slideshows. All these can be easily shared via a URL with friends and family members and get rid of the cumbersome process of attaching pictures over email. .
 

Collaboration: 

Many cloud storage software’s offer the option of web-based collaboration. This can be of great help to people working in projects since it provides an easily accessible centralized storage space wherein all relevant project material can be easily stored, accessed and edited. Even if a file is accidentally deleted it can be easily retrieved by restoring its previous version.
 

Utilize cloud hosting: 

Cloud hosting is a way of web hosting that pools together the storage space of several servers to provide a seamless way of hosting a web site. This can be especially beneficial to web sites that have run out of their allocated storage space on standard web servers. Cloud provides a much cheaper easily scalable solution to host web sites compared to the model of dedicated web hosting.
 

File backup and data restoration: 

Traditional hard drives often crash resulting in the loss of valuable data. Storing important files in the cloud offers a much more reliable way to protect the integrity of important files. In the event of a system crash they can be easily accessed and restored from the cloud.
 

File versioning: 

It can be fiendishly difficult and confusing to keep track of various versions of the same file. Once again cloud comes to the rescue with its ability to create a virtual paper trail of different file versions.
 

Easy file sharing: 

Cloud storage is much faster way to share files with other users compared to normal FTP services.
 

Conclusion:The power of cloud computing can be easily leveraged in several ways to deliver the benefits of reliable data storage, faster access and reduced storage costs to millions of net users worldwide. The biggest plus is the easy accessibility of data via the World Wide Web.

20 Funny Commands of Linux or Linux is Fun in Terminal

Linux is fun! Huhhh. OK so you don’t believe me. Mind me at the end of this article you will have to believe that Linux is actually a fun box.

1. Command: sl (Steam Locomotive)

You might be aware of command ‘ls‘ the list command and use it frequently to view the contents of a folder but because of miss-typing sometimes you would result in ‘sl‘, how about getting a little fun in terminal and not “command not found“.

Install sl

Output

 This command works even when you type ‘LS‘ and not ‘ls‘.

2. Command: telnet

No! No!! it is not as much complex as it seems. You would be familiar with telnet. Telnet is a text-oriented bidirectional network protocol over network. Here is nothing to be installed. What you should have is a Linux box and a working Internet.

3. Command: fortune

what about getting your random fortune, sometimes funny in terminal.

Install fortune

4. Command: rev (Reverse)

It reverse every string given to it, is not it funny.

 5. Command: factor
Time for some Mathematics, this command output all the possible factors of a given number.

6. Command: script
OK fine this is not a command and a script but it is nice.

7. Command: Cowsay
An ASCII cow in terminal that will say what ever you want.

Install Cowsay 

Output

How about pipelineing ‘fortune command‘, described above with cowsay?

 Note: ‘|‘ is called pipeline instruction and it is used where the output of one command needs to be the input of another command. In the above example the output of ‘fortune‘ command acts as an input of ‘cowsay‘ command. This pipeline instruction is frequently used in scripting and programming.

xcowsay is a graphical program which response similar to cowsay but in a graphical manner, hence it is X of cowsay.

 Output

 cowthink is another command just run “cowthink Linux is sooo funny” and see the difference in output of cowsay and cowthink.

Output

8. Command: yes

It is funny but useful as well, specially in scripts and for System Administrators where an automated predefined response can be passed to terminal or generated.

Note: (Till you interrupt i.e ctrl+c).

9. Command: toilet

what? Are u kidding, huhh no! Definitely not, but for sure this command name itself is too funny, and I don’t know from where this command gets it’s name.

Install toilet

Output

It even offers some kind of color and fonts style.

Note: Figlet is another command that more or less provide such kind of effect in terminal.

10. Command: cmatrix
You might have seen Hollywood movie ‘matrix‘ and would be fascinated with power, Neo was provided with, to see anything and everything in matrix or you might think of an animation that looks alike Hacker‘s desktop.
Install cmatrix

Output

11.Command: oneko
OK so you believe that mouse pointer of Linux is the same silly black/white pointer where no animation lies then I fear you could be wrong. “oneko“ is a package that will attach a “Jerry“ with you mouse pointer and moves along with you pointer.

Install cmatrix 

 Output

Note: Once you close the terminal from which oneko was run, jerry will disappear, nor will start at start-up. You can add the application to start up and continue enjoying.

12. Fork Bomb
This is a very nasty piece of code. Run this at your own risk. This actually is a fork bomb which exponentially multiplies itself till all the system resource is utilized and the system hangs. (To check the power of above code you should try it once, but all at your own risk, close and save all other programs and file before running fork bomb).

13. Command: while
The below “while” command is a script which provides you with colored date and file till you interrupt (ctrl + c). Just copy and paste the below code in terminal.

Note: The above script when modified with following command, will gives similar output but with a little difference, check it in your terminal.

14. Command: espeak
Just Turn the Knob of your multimedia speaker to full before pasting this command in your terminal and let us know how you felt listening the god’s voice.

Install espeak


Output

15. Command: aafire
How about fire in your terminal. Just type “aafire” in the terminal, without quotes and see the magic. Press any key to interrupt the program.
Install aafire

Output

16. Command: bb
First install “apt-get insatll bb” and then, type “bb” in terminal and see what happens.

17. Command: url
Won’t it be an awesome feeling for you if you can update you twitter status from command line in front of your friend and they seems impressed. OK just replace username, password andyour status message with your’s username, password and “your status message“.

18. ASCIIquarium
How it will be to get an aquarium in terminal.

Install ASCIIquarium
Now Download and Install ASCIIquarium.

And finally run “asciiquarium” or “/usr/local/bin/asciiquarium“ in terminal without quotes and be a part of magic that will be taking place in front of your eyes.

root@tecmint:~# asciiquarium

19. Command: funny manpages
First install “apt-get install funny-manpages” and then run man pages for the commands below. Some of them may be 18+, run at your own risk, they all are too funny.

20. Linux Tweaks
It is time for you to have some one liner tweaks.

Linux is sexy: who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep (If you know what i mean)
There are certain other but these don’t work on all the system and hence not included in this article. Some of them are man dog , filter, banner, etc.
Have fun, you can say me thanks later  
yup your comment is highly appreciated which encourages us write more. Tell us which command you liked the most. Stay tuned i will be back soon with another article worth reading.