Ofer For You (1)

Friday 31 October 2014

New BBM update brings timed messages, message retraction, and much more


BBM
On most messaging platforms, what happens when you send someone the wrong message? Don’t you hate misspelling words, and not realizing it until after it’s already sent? In an effort to fix these common problems, BlackBerry Messenger is receiving a pretty huge update today, adding some great features that should be standard on all messaging apps. Among others, timed messages and the ability to retract messages are the most notable. Let’s take a look at the new features that are coming in the newest BBM update.
Timed Messages
Users now have the ability to set how long contacts have to view certain messages while in a chat. Think of this as a Snapchat-like feature, only you can use it with texts, as well as images. The recipient needs to press and hold on the chat in order to view the timed message. Then when the time is up, or the user lets go of the screen, the message is gone for good. If the recipient takes a screenshot of the message, BBM will notify you that it happened.
Message Retraction
Probably the coolest and most useful feature in the update is the ability to delete a message from the chat after it’s already been sent. If you’d like to erase one of your messages, simply click it and press the retract button. This can be done before or after the recipient gets the message. Take a look at the video below for a tutorial.
BlackBerry Messenger isn’t done yet… They’ve added a few other improvements that may make your life easier. Take a look at the full changelog below for all of the new enhancements.
  • Timed Messages: Set how long contacts have access to messages and pictures shared in a chat
  • Message Retraction: ‘Retract’ a message to remove it from your BBM chat
  • A quicker sticker picker: Adding stickers to your BBM chats is now even quicker with a new picker (say that ten times fast)
  • HD Picture Transfer: It’s easier than ever to get a high quality version of the pictures you receive in BBM
  • Discover Music: See what music your contacts are listening to in BBM Feeds
All of these new features are coming free to BBM for the next three months, and after that, the folks at BlackBerry explain that a new premium subscription service will be starting soon. At this time, information on the BBM subscription service is scarce, but we will be sure to update you once we get any new information.
Be sure to try out the awesome new features on BBM before the subscription service takes over. You can grab the update in the Play Store today!

By "Kunal Vohra", Director@H2K
Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

The Pirate Bay' Co-Founder Found Guilty in Denmark's Largest Hacking Case



The co-founder of The Pirate Bay torrent site Gottfrid Svartholm Warg (Anakata) and his 21-year-old Danish co-defendant have been found guilty by a Danish court of hacking into systems operated by American IT giant CSC and illegally downloading files. It was the biggest hacking case ever conducted in the history of Denmark.

By breaking into the servers maintained by CSC, Svartholm Warg illegally accessed police email accounts and stolen email addresses and passwords of over 10,000 policemen, explored the European border control database, and downloaded millions of social security numbers belonging to Danish citizens. The initial hack attack took place for about six months.
"This is the largest hacking case to date. The crime is very serious, and this must be reflected in the sentence," Prosecutor Maria Cingali said.
Gottfrid Svartholm allegedly committed the crime along with his his 21-year-old co-defendant between February and August 2012. His co-defendant is only known by the alias of "JKT" as the Judge Kari Sørensen, who presided over the case, ordered media outlets not to publish his name in order to protect the man’s privacy.

The defence team argued that although the hack attacks were carried out using a computer owned by Svartholm, but he was not the person that used it to steal the files as, they said, his entire group of developers had access to the computer. So, any one of them could be responsible for the hacking.
"My recommendation has always been that the investigation has focused on finding clues that point to my client, even though the tracks have also pointed in another direction," lawyer Louise Høj said, as cited by TorrentFreak. "It is clear that my client’s computer has been the subject of remote control, and therefore he is not responsible."
However, the court said the unauthorized access to CSC computer mainframes was a "systematic and organised" approach, dismissing the Swede’s claims that his computer system was used by someone else to carry out the hack as "unlikely," the Local reports.

Security expert Jacob Appelbaum, a well-known activist and leading member of the Tor project - an open source and free anonymous browser service, said that it would have been easy for an outsider to gain access to Warg’s computer. He pointed out that Danish authorities had found no forensic evidence and all of the evidence had been provided by CSC.
Appelbaum expressed his disappointment with the conviction on Twitter. "Gottfrid convicted. I'm sad to hear that only two of the jurors understand the technology involved," Appelbaum tweeted yesterday.
Gottfrid Svartholm was arrested in his Cambodian apartment in September 2012 and it took two years before he went on trial in Denmark. In September 2013, he was deported from Cambodia to Sweden where he served a jail term for copyright theft because of his involvement with the Pirate Bay file-sharing site.

In a separate trial in 2013, Warg was sentenced to one year in a Swedish jail for hacking into a bank's computers. Then in November 2013, he was finally extradited to Denmark to face charges in the CSC hacking cases.

Svartholm will be sentenced on 31 October and could face six years in jail. His accomplice walked free from the court on Thursday as he had served 17 months in pre-trial detention.
"The punishment should be close to the maximum punishment, which can be six years in prison," the senior prosecutor in the case, Maria Cingari, said according to local media. "It shouldn’t be under five years."
Since its launch in 2003, The Pirate Bay (TPB) becomes the world's largest torrent tracker site which handles requests from millions of users everyday and is in the top 100 most visited websites on the Internet. TPB is predominantly used to share copyrighted material such as films, TV shows and music files, free of charge. Generally, it is famous for potentially hosting illegal contents on the website.

By "Kunal Vohra", Director@H2K

Having Problem..?!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

Director@H2K


Many of us own a PayPal account for easy online transactions, but most of us don’t have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!!

A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on.
An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily.


According to TinKode a.k.a Razvan Cernaianu, who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback  Process which could be exploited to do fraud with PayPal.

Tinkode is a convicted former Romanian hacker, who was arrested in year 2012 for attacking NASA, Oracle, Pentagon, U.S. Army and many more high profile websites and that time he was ordered to pay damages totalling more than US$120,000.

“A Chargeback, also known as a reversal, occurs when a buyer asks a credit card company to reverse a transaction that has already cleared” and this could be done when the buyer's credit card number is stolen and used fraudulently or if seller tries to fraud.

He noticed the flaw while making a transaction using PayPal with a person back in 2010, who was trying to scam him with his money using the same chargeback process. To avoid paying charges, he transfer all his money from his temporary account to his another, real PayPal account. But, when he checked after a month, he noticed that his account balance was negative i.e. $50.

Exactly this trick he demonstrated to PayPal security team, which allows anyone to double their amount endlessly. In a proof of concept explanation he detailed that by making three separate PayPal account with one real and other two verified using Virtual Credit Card (VCC) and Virtual Bank Account (VBA).

POC Scenario:
So for example, you have 500$ on your account. You transfer the money to the second account with the pretext of buying a phone. From the second account you again transfer the money to the third account as a gift. After 24 hours, use the charge-back function from the first account (the real one) to get the money back, with the excuse that the phone did not arrive on time. PayPal will initiate a process where both sides bring evidence for their defense. Obviously you will only send evidence from the first account showing that you were scammed. At the end of the trial the money will be restored to the primary account and the second account will have a negative balance of -500$. This way, you doubled the initial amount of money because you still have 500$ in the third account. As the second account is only a virtual one, it will not have real money from which PayPal can extract. Therefore you are left with 500$ restored by PayPal, and 500$ in your third account.

TinKode already reported the flaw to PayPal Security team for bug bounty and they admitted it as a flaw in their Terms of Service (ToS), but not as a web application vulnerability. “While the abuse described here is possible in our system, repeated abusive behavior by the same and/or linked account(s) is addressed.” PayPal replied.
TinKode is not eligible for bug bounty, but we thank him for exposing this fraud technique that could be already in use by some criminals to generate money illegally. Anyone with little technical knowledge can reproduce this trick, but readers are advised to do not try to use this trick as PayPal could ban your account permanently.  

Ghostly Greetings!


Deep into the darkness peering, long I stood there, wondering, fearing,
Doubting, dreaming dreams no mortal ever dared to dream before.

!! HAVE A SCARY HALLOWEEN !!



"Kunal Vohra", Director@H2K
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

CVE-2014-4877: Wget FTP Symlink Attack Vulnerability


CVE-2014-4877: Wget FTP Symlink Attack Vulnerability
The open-source Wget application which is most widely used on Linux and Unix systems for retrieving files from the web has found vulnerable to a critical flaw.

GNU Wget is a command-line utility designed to retrieve files from the Web using HTTP, HTTPS, and FTP, the most widely used Internet protocols. Wget can be easily installed on any Unix-like system and has been ported to many environments, including Microsoft Windows, Mac OS X, OpenVMS, MorphOS and AmigaOS.

When a recursive directory fetch over FTP server as the target, it would let an attacker "create arbitrary files, directories or symbolic links" due to a symlink flaw.

IMPACT OF SYMLINK ATTACK
"It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov wrote in a Red Hat Bugzilla comment.
A remote unauthenticated malicious FTP server connected to the victim via wget would allow attackers to do anything they wanted. Wget could download and create or overwrite existing files within the context of the user running wget.

The vulnerability was first reported to the GNU Wget project by HD Moore, chief research officer at Rapid7. and is publicly identified as CVE-2014-4877. The flaw is considered critical since wget is present on nearly every Linux server in the world, and is installable (although not by default) on OS X machines as well, so needs a patch as soon as possible.

PATCH AVAILABLE
"This flaw can lead to remote code execution through system-level vectors such as cron and user-level vectors such as bash profile files and SSH authorized_keys," Moore wrote.
The vulnerability has now been fixed by the Wget project in wget 1.16, which blocks the default setting that allowed the setting of local symlinks.
"Upgrade to wget version 1.16 or a package that has backported the CVE-2014-4877 patch," Moore said.
WORKAROUND AVAILABLE EXPLOIT
"This issue can be mitigated by ensuring that all invocations of wget in the mirror mode also specify --retr-symlinks command line option," wrote Tomas Hoger on the Bugzilla report. "Doing so is equivalent to applying the upstream commit linked in comment 14, which changes the default for the retr-symlinks options from off/no to on/yes, preventing creation of symbolic links locally."
"In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the line: retr-symlinks=on"
An exploit for the vulnerability is now available on the open-source Metasploit penetration testing Website, so that security researchers could test the bug. You can download the exploit from here.


By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

Thursday 30 October 2014

Former Android head, Andy Rubin, leaves Google





Late last year Andy Rubin, Android’s co-founder, stepped down from his position as leader of our favorite mobile OS and handed the reigns over to the capable hands of Sundar Pichai. Following this move, Rubin took over as head of Google’s robotic efforts, a position he’s occupied ever since. Today it was announced that Rubin is making yet another move, this time away from Google altogether.
According to Google, Andy’s new goal is to start an incubator for startups interested in building technology-hardware products. While the details for his new ambition are a bit vague, that’s really all we know for now. In a statement, Larry Page wished Rubin the best, and thanked him for all his efforts at Google:
I want to wish Andy all the best with what’s next. With Android he created something truly remarkable—with a billion plus happy users. Thank you.
As for the future of Google’s robotic arm, Google says it remains as dedicated as ever and is placing James Kuffner, a research scientist at Google, as the new head of the robotics group.
While Rubin hadn’t been part of the Android world for about a year now, it still seems a bit odd to think of him as no longer part of Google. Either way, we wish him the best and thank him for all he did during his time running Android and beyond. What do you think of Andy Rubin’s departure from the company? Surprised, or did you see this one coming after he stepped down as head of Android?



By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

Google’s new Chrome extension is a Bookmark Manager for the modern age






chrome bookmark manager
Remember Google Stars, the cloud-based bookmark manager replacement that leaked in “dogfood” form back in May? It looks like it’s finally ready for the spotlight, albeit under a different and less inspiring name – Bookmark Manager.
Now available for free in the Chrome extension catalogue, Bookmark Manager replaces Chrome’s drab default bookmarks tool with a fresh card-based interface featuring bold colors and a touch of Material design.
Once installed, you can click on the star icon displayed on the right side of the address bar – a.k.a the omnibox – to instantly add a web page to your bookmark collection. Alternatively, you can simply hit Ctrl+D on Windows or Cmd+D on Mac.
In essence, the new Bookmark Manager delivers the same functions you get from the default bookmark tool, with a couple of extra niceties, like Auto Folders. This feature groups your bookmarked pages based on topic – for instance, if you have lots of pages about Google, Bookmark Manager will create a “Google” auto folder. There’s also a Google-powered search box for digging deeper into your collection.
It’s not clear yet how does this revamp fit in the larger picture. Does Google has bigger plans for bookmarks? Nevertheless, it’s good to see Google giving some attention to this long-neglected aspect of Chrome.

Having Problem..?!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

Material Design update hits Google Drive, Docs, Slides and Sheets


Material Design apps
Google opened up sales to the brand new Nexus 6 today, it ships with Android 5.0 Lollipop, which is the first version of Android that is imbued with Material Design. No better time to push out Material Design to a handful of Google apps, this time out we look at Drive, Docs, Slides and Sheets.
The updated versions of your trio of office suite apps – Docs, Slides and Sheets – in conjunction with your Google cloud storage solution, Google Drive, will start rolling out right away and may take a few days to get to everyone.
One of the biggest changes you’ll notice, across all the properties, is the addition of an “Incoming” link in the left hand menu. This section holds all of the goodies that others have shared with you through Google’s services. Not unlike the Incoming section you would find in Google Drive on the web.
Material Design for Google Drive Docs Sheets Slides
The Material Design improvements are about as good as you’d expect to see for non-Lollipop creations. The hamburger menu gets a little overhaul and there are a few nifty new animations to enjoy, including a new refresh animation.
In terms of functionality, I am very excited to see some old school keyboard shortcuts updating in the mix. Ctrl+C should work much better now when attached to a Bluetooth keyboard. A new “Make a copy” button under “Share & export” again duplicates features found in Drive/Docs on the web.
Last, Google Sheets is receiving a tiny addition that will make some of us very happy, you can now select a range of cells, by tapping and dragging, while editing a formula.
For a fresh install of Google’s apps, head on over to the Play Store – again, that wasDriveDocsSheets and Slides getting the Material Design touches today. For those of us with the apps already installed, look out for the updates coming soon.
Are you liking all of these Material Design app updates slowly trickling through, or would you rather just wait for Android 5.0 Lollipop to get them all at once?


By "Kunal Vohra", Director@H2K

Having Problem..?! Connect with Admin

BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

Wednesday 29 October 2014

Nexus 6 is now available for pre-order in the Play Store, ships from November 21

Nexus 6 press images (77)
Google is trying a different approach this year in putting the Nexus 6 up for sale. For theNexus 4 and the Nexus 5, Google simply opened the virtual doors of the Play Store and hoped for the best. The digital stampede that followed frustrated and disappointed tons of users, and naturally, all fingers were pointed towards Google.
For the Nexus 6 and the Nexus 9, Google is using a pre-order system. The device is now available for pre-order in the Play Store, starting from $649. Redditors who managed to complete their order report the shipping date is November 21!
Note that the listings don’t seem to be available to all users. Some users are seeing “out of inventory” messages.
While the Nexus 6 is a very attractive device, the relatively high price tag (compared to the Nexus 5, which remains available in the Play Store) will probably limit its appeal and prevent the buildup of overwhelming demand. Hopefully, the Nexus 6 will remain in stock for more than a few hours and the Play Store won’t buckle under heavy demand like it happened in the past.
Google is throwing in six months of free access of Play Music access to every Nexus 6 buyer. More details here.
Are you ordering a Nexus 6 today? Are you waiting for it to go on sale from retailers? Or are you skipping it altogether?

By "Kunal Vohra", Director@H2K
Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates 

Sony Xperia Devices Secretly Sending User Data to Servers in China



Sony Xperia Devices Secretly Sending User Data to Servers in China
If you own a Sony smartphone either the Android 4.4.2 or 4.4.4 KitKat firmware then inadvertently you may be transmitting your data back to the servers in China, even if you haven’t installed any application.

Quite surprising but it’s true. I know many of you haven’t expected such practices from a Japanese company, but reports popping up at several forums suggest that some new Sony Xperia handsets seem to contain theBaidu spyware.

MYSTERIOUS BAIDU SPYWARE
About a month ago, a group of community users of Sony smartphone detected the presence of a strange folder, named “Baidu”, mysteriously appeared from among those present in various versions of Android for these handsets.

The creepy part is that the folder is created automatically without the owners permission and there is no way of deleting it. Even if someone tries to remove it, it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing, neither does starting the phone in Safe Mode.
Just unpacked my Sony Z3 compact, haven't installed a single app and its connecting to China. I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about.” Reddit user commented.
The Baidu folder appears to be created by Sony’s ‘my Xperia’ service each time a connection is made and is reported to be sending pings to China. There is no further information known on what these pings are transmitting but nevertheless they do seem to be transmitting.

PERSONAL INFORMATION SEND TO CHINA
Going deep, several users reported they found that the Chinese government is able to detect the status and identity of the device, take pictures and make videos without the consent of the user. A user, going by the handle Elbird, posted on Sony Forums that with the help of Baidu folder, the Chinese Government can:
  • Read status and identity of your device
  • Make pictures and videos without your knowledge
  • Get your exact location
  • Read the contents of your USB memory
  • Read or edit accounts
  • Change security settings
  • Completely manage your network access
  • Couple with bluetooth devices
  • Know what apps you are using
  • Prevent your device from entering sleep mode
  • Change audio settings
  • Change system settings
AFFECTED PRODUCTS
Sony Xperia Devices Secretly Sending User Data to Servers in China

Thankfully this is a spyware and you can check to see if you have or not. If you see the folder named Baidu in your device then your device contains the spyware. But, for users it isn't the folder which seems to be the real cause for concern, though; it’s the fact that the phones open a connection to servers.

According to the reports affected devices include the new Sony Xperia Z3 and Z3 Compact, and several users from the Reddit community have also reported about the presence of this folder on their mobile phones, too — and not necessarily phones made by Sony. One owns an HTC One M7, another an HTC One X, a few others the OnePlus One.

STEPS TO DISABLE BAIDU SPYWARE
  1. Backup your important data and factory reset the device.
  2. Turn on the device and go to Settings -> Apps -> Running and Force stop both “MyXperia” apps.
  3. Then remove the baidu folder using File Kommander app.
  4. Go to Settings -> About Phone -> Click 7 times on the Build Number to enable developer mode.
  5. Download or Install the Android SDK on your computer and then connect the Sony device to it using USB cable.
  6. Run the adb tool terminal : adb shell 
  7. In adb shell, type the command: pm block com.sonymobile.mx.android
  8. Exit adb shell
  9. Reboot the device.
Note that the spyware does not necessarily affect the process or functionality of your mobile devices, so you shouldn't be worried in this respect. Sony has not officially responded to this ‘baidu’ folder issue. 


However, the company has recognized the issue and has said that in the next release the problem will be fixed. Unless Sony can roll out some kind of fix in the near future then it seems you might have to wait until Lollipop rolls out in January before you can get rid of Baidu.

Recently Chinese smartphone manufacturer Xiaomi has been called out for spying on personal user data using their smartphones. According to F-Secure Xiaomi Smartphones were sending user data back to the servers based in China.

By "Kunal Vohra", Director@H2K

Still Having Problem..!!! Connect with Admin
BBM: 7F72A48D


 Kunal Vohra
Download Our Official Android App & Get Free Internet



"The Hackers Street"

For Daily Updates