9 Popular Password Manager Apps Found Leaking Your Secrets

Is anything safe? It's 2017, and the likely answer is NO.

Making sure your passwords are secure is one of the first line of defense – for your computer, email, and information – against hacking attempts, and Password Managers are the one recommended by many security experts to keep all your passwords secure in one place.
Password Managers are software that creates complex passwords, stores them and organizes all your passwords for your computers, websites, applications and networks, as well as remember them on your behalf.

But what if your Password Managers itself are vulnerable?

Well, it's not just an imagination, as a new report has revealed that some of the most popular password managers are affected by critical vulnerabilities that can expose user credentials.

The report, published on Tuesday by a group of security experts from Team of the Fraunhofer Institute for Secure Information Technology in Germany, revealed that nine of the most popular Android password managers available on Google Play are vulnerable to one or more security vulnerabilities.

Popular Android Password Manager Apps Affected By One Or More Flaws
The team examined LastPass, Keeper, 1Password, My Passwords, Dashlane Password Manager, Informaticore's Password Manager, F-Secure KEY, Keepsafe, and Avast Passwords – each of which has between 100,000 and 50 Million installs.

"The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials," 

In each application, the researchers discovered one or more security vulnerabilities – a total of 26 issues – all of which were reported to the application makers and were fixed before the group's report went public.

Read more »

How to Run Multiple WhatsApp Account on Your Android Phone (Two WhatsApp in One Phone)

WhatsApp is one of the most popular and commonly used Instant messaging apps these days and due to its simplicity and Easy to Use interface, users are able to use it without any hassle.
By now, everyone of us has WhatsApp in our smartphones. Although each and everything is quite handy in WhatsApp, "What's the most disturbing part that you came across?"
For me it is:
How to use two WhatsApp account in one single mobile phone?


If you run dual SIM in your mobile phones, you might be willing to enjoy two separate WhatsApp account for your two different telephone numbers. Isn't it?
However, this is where WhatsApp puts limitations on its users. WhatsApp users can not use more than one WhatsApp account on their mobile devices.
You are probably wondering:
"How do I find an excellent solution to this problem that actually works?"

Today, I am introducing you not one but multiple solutions to your problem that will allow you to run two WhatsApp accounts in one phone.

Read more »

3D-Printed Machine Hacks Master Lock in 30 Seconds

Last month, semi-famous gray-hat hacker Samy Kamkar showed us how to open any wheel-combination-based Master Lock. Now he's showing you how to build a machine that can do it for you.

In case you missed it, Kamkar's method of cracking a MasterLock took some practice. But his new Combo Breaker device gets it right every time, proving that Kamkar has a killer instinct for breaking through security.

Read more »

Use WhatsApp? Get ready for more spam

Facebook-owned WhatsApp, the popular mobile messaging service, is considering opening its platform for businesses to communicate with their customers. This could be a potential way to monetize the service but will also allow brands and marketers to contact users leaving them vulnerable to spam.

The development was first reported by Bloomberg, which cited Facebook chief financial officer David Wehner, who spoke about the plans at a tech conference in Boston.

"We think that enabling that B2C [business-to-consumer] messaging has good business potential for us. As we learn those things, I think there's going to be opportunities to bring some of those things to WhatsApp, but that's more longer term."

Read more »

Pics and chat data are hackable on apps like Tinder and Grindr

Dating is all about exchanging information to find a match. But if you've ever used Tinder, Grindr or any popular dating app, your personal information may have gone further than you'd like.

A new study shows that it is easy to hack into popular dating apps like Tinder and Grindr to reveal email addresses, profile pictures and private messages.

Raymond Choo, an information security expert at the University of South Australia in Adelaide, and his colleagues created fake profiles on eight of the most popular dating apps in the Google Play store. They then tried to get the data, now supposedly private, back out of a Samsung Galaxy S3 phone by capturing network traffic and trawling the app's private directory.

Read more »

Disabling 'Find My iPhone' on iOS 7 without any Password

iOS devices have a feature called 'Find My iPhone', allows device owner to locate their stolen devices using linked Apple ID with iCloud Account.
Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which makes the iPhone untraceable if lost or stolen.
To Set-Up 'Find My iPhone' feature, users need to link their Apple ID with it and this will not only helps in locating the device but also gives permission to its user to remove all the data, drive direction to the lost device, lock the device by a passcode and displays a custom message on the locked screen.
KILL 'Find My iPhone' WITHOUT APPLE PASSWORD
Normally, disabling Find My iPhone requires Apple ID password, but according to the vulnerability reported by Miguel Alvarado, a thief can bypass all of this security feature without knowing your Apple account's password.
In a video demonstration on iOS 7, he explained that just by tapping the “Delete Account” in the iCloud settings panel and switch the “Find My iPhone” to off mode simultaneously, one can easily remove the iCloud account without any password authentication.

But doing so is not that much easy as it actually looks, a novice has to perform this a number of times to get this done.
After Doing so, just connect the hacked iPhone with your computer and use iTunes software to restore the smartphone's Data.
Similar flaw was disclosed in February this year allows anyone to disable 'Find My iPhone' on iOS 7.0.4 devices.
HOW TO PROTECT YOUR iPHONE
The the vulnerability is totally irrelevant if you have a passcode on your iPhone. Apple will release a fix as soon as possible, until then users are advised to keep a secure passcode with a very short timer, that prevents anyone from getting into the iCloud settings at all.

Read more »

iPhone 5S fingerprint sensor hacked by Germany's Chaos Computer Club

Biometrics are not safe, says famous hacker team who provide video showing how they could use a fake fingerprint to bypass phone's security lockscreen

An Apple employee instructs the use of the fingerprint scanner technology built into the company's iPhone 5S. German hackers say they can beat it. Photograph: Ng Han Guan/AP

Germany's Chaos Computer Club says it has cracked the protection around Apple's fingerprint sensor on its new iPhone 5S, just two days after the device went on sale worldwide.

In a post on their site, the group says that their biometric hacking team took a fingerprint of the user, photographed from a glass surface, and then created a "fake fingerprint" which could be put onto a thin film and used with a real finger to unlock the phone.

Read more »

Drobox Users Hit with Spam Emails

Popular cloud storage company Dropbox saw another uptick in the amount of spam users reported receiving last week, leading to complaints on the company's own troubleshooting forum.One user, who went by "Nathan G," said his Dropbox-specific email address received it's first two spam messages on Feb. 12, followed by another on Feb. 13 and one more on Feb. 27.

Read more »

What is a Firewall?

Firewalls are software programs that filter information coming through the Internet to a network or individual computer. Firewalls keep destructive external forces away from your personal data. The name “firewall” comes from the idea of an actual physical firewall, a strategy used among firefighters to keep a fire from spreading from one area to another.

For companies with hundreds of employees, it’s more common for a firewall to be used at the network level. Without a firewall, every computer at a company would be directly accessible by anyone using the Internet. Hackers could easily probe the computers, create FTP connections to download data from the computer and so on.

Read more »

Hackers Use Stolen Passwords to Jimmy Into Dropbox

The habit of using the same username and password combination for multiple sites has come around to bite Dropbox and its users. Network intruders who came into the possession of name/password combos from other sites, tried them out on Dropbox and were able to break into many users' accounts -- including the account of a Dropbox employee, which led to a deluge of spam.

Dropbox says reused passwords are to blame for a wave of spam that's hitting subscribers to the service.

The company found that usernames and passwords recently stolen from other websites were used to sign in to some Dropbox accounts. One of these accounts belonged to a Dropbox employee, and it contained a project document with some users' email addresses.

This improper access led to the spamming of many users, Dropbox said.

The company has taken various steps to improve security, including the coming introduction of two-factor authentication.

"The downside of not having more rigorous access controls in place around sensitive data is that they can be compromised," Todd Thiemann, senior director of product marketing at Vormetric, told TechNewsWorld. "Dropbox appears to have learned that the hard way."


Bless My Soul, What's Wrong With Me?

Some Dropbox customers began complaining about being spammed back in mid-July.

The company called in external investigators to look into the matter, and on Tuesday it said the situation was most likely attributable to usernames and passwords employed by its subscribers across multiple sites.

It has contacted customers whose accounts had been hijacked and helped them protect their accounts.

"Given [Dropbox's] poor track record when it comes to security, I was floored" by the company's statement about contacting users whose accounts had been hijacked, said Rob Sobers, technical marketing manager at Varonis.

"They are assuming they know exactly which accounts were compromised," Sobers told TechNewsWorld. "What about the accounts whose passwords might have been stolen but haven't been breached yet?"

All Shook Up

"What other customer information is stored in Dropbox folders -- credit card data? Passwords?" Varonis's Sobers asked. "Which employees have access to customer data? Of the employees that have access to customer data, how many of them reuse their passwords?"

As for the project document stolen from a Dropbox employee whose account was hijacked, "A Dropbox employee should have clearly defined policies surrounding password strength and reuse for anything they do with customer data, regardless of where it's stored," Randy Abrams a research director at NSS Labs, told TechNewsWorld.

Encrypting sensitive data in cloud services such as Dropbox is critical because, "as a rule of thumb, anything stored in the cloud that's not meant to be a Playboy Expose should be encrypted," Abrams continued.

Upping the Security Ante

Measures Dropbox is taking to improve security include two-factor authentication, new automated mechanisms to help identify suspicious activity, and a new page that lets users examine all active logins to their account.

The company may require users to change their passwords in some cases, for example where the passwords are commonly used or haven't been changed in a long time.

It is also recommending that users set a unique password for each website they use.

"Going forward, integrating password education with regularly mandated password changes would be a good thing," NSS Labs' Abrams said.

However, "the problem is that a policy of password-only security is outdated," Leonid Shtilman, CEO of Viewfinity, told TechNewsWorld. He advocates using biometric facial recognition technology.

Comments on Security Measures

Password reuse across multiple sites "is a universal problem ... and it's better for services such as Dropbox to offer multi-factor authentication, given the gravity of data that people store on these systems," Frank Artes, a research director at NSS Labs, told TechNewsWorld.

In the interim, it would be a best practice to force a full change of passwords and set a threshold on password strength, Artes suggested.

Computer security "is an evolving process, driven by the harsh reality of computer crime," David Perry, global director of education at Comodo, told TechNewsWorld. "I have no doubt that this kind of 'oops' moment will be very common over the next decade."

Dropbox did not respond to our request to comment.

Read more »

The 10 Best Open Source Projects You Should Be Volunteering To Help With

The success of Open Source projects has defied the old saying – too many cooks spoil the broth. If you doubt the success of the open source initiative, you just have to look at Firefox and WordPress, probably two tools that are helping you to read most of the web. Then, you probably are fixing up a date on an Android phone.
My colleague X.E.R.O explained Why You Should Contribute To Open Source Projects [Opinion]. You aren’t a coder? Read 8 Ways To Help Open-Source Projects If You’re Not A Coder. You could be a writer, a designer, a translator, just a Facebook or Twitter junkie, or someone who wants to just donate money for the cause. There are different levels where you can put your two bits. And here are ten of the many open source projects where you can.

Mozilla Developer Network

Read more »

Remove an Outlook e-mail profile or Signout from outlook

An e-mail profile is made up of e-mail accounts, data files, and information about where your e-mail is stored. If you are unfamiliar with e-mail profiles, see overview of Outlook e-mail profiles.

1.In Microsoft Windows, click the Start button, and then click Control Panel.

2.Do one of the following:

Windows Vista    Click User Accounts, and then click Mail.

 NOTE:   In Classic view, double-click Mail.

Microsoft Windows XP    Click User Accounts, and then click Mail.

 NOTE:   In Classic view, double-click Mail.

3.The Mail icon won't appear unless you have Outlook installed and have run the program at least once.

The Mail Setup dialog box opens.

Read more »

NSDECODER – automatic Malware detection tool

Nosec has introduced NSDECODER which is a automated website malware detection tools. It can be used to decode and analyze weather the URL exist malware. Also, NSDECODER will analyze which vulnerability been exploit and the original source address of malware.

Functionality

• Automated analyze and detect website malware.
• Plenty of vulnerabilities.
• Log export support HTML and TXT format.
• Deeply analyze JavaScript. 

Read more »

HACK ANY COMPUTER WITH JUST AN IP!

llo Hello everybody! I am here to show you this magical tool called Metasploit that allows you to hack ANY unpatched computer with only it's IP. Lets begin...

1.) First you need to download Metasploit. The most up-to-date version is FREE at metasploit.com.

2.) You need PostgrSQL for your database. Download here:http://www.postgresql.org/. Make sure you use all the defaults or Metasploit woun't work!
3.) Now lets get down to buisness... After installing both tools, open up the PostgrSQL admin gui (start -> all programs -> PostgreSQL 9.0 -> pgAdmin III). Then right-click on your server (in the left hand box) and click connect. Remember to keep this window open the whole time. You will also need the pass you chose to use in step 5...

Read more »

Honeypots

Definition :-
"Honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems."  -Wikipedia

"Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource."  -Lance Spitzner

Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand.

Read more »

How to hack remote computer using IP Address

Literally, hacking is accessing something or somebody in internetwithout their permission or interest. While, speaking in summary, hacking is very easy job, it is like instead of using front door, finding the hidden door of a house and hijacking the precious things. Among all the hacking, hacking via IP address is one of the most common yet powerful beginning.

You may want to hack the website and put your advertisement there or grab some database information In this type of hacking, you are playing with the web server’s computer instead of the administrator’s computer. Because, www.website.com is hosted in separate web server rather than personal computer.

Another can be accessing your friend’s computer from your home. Again this is IP based and this is possible only when your friend’s computer is online. If it is off or not connected to internet then remote IP hacking is totally impossible.

Well, both of the hacking has the same process. Let’s summarize what we must do.

1. Confirm the website or a computer you want to hack.
2. Find or trace their IP address.
3. Make sure that IP address is online
4. Scan for open ports
5. Check for venerable ports
6. access through the port
7. Brute-force username and password

Now let me describe in brief in merely basic steps that a child can understand it.

First, getting the IP address of victim.

To get the IP address of the victim website, ping for it in command prompt.

For example,

ping www.google.com

will fetch the IP address of Google.com

This is how we can get the IP address of the victims website.

How about your friend’s PC? You can’t do www.yourfirend’sname.com, can you? Finding your friend’s IP address is little tough job, and tougher it is if he has dynamic IP address that keeps changing.

One of the widely used method to detect IP address of your friend is by chatting with him.

You might find this article helpful

• How to get the IP address using MSN/Yahoo/Pidgin messenger

Now you got the IP address right? Is it online?

To know the online status just ping the IP address, if it is online it will reply.

If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.

Use Advanced Port Scanner to scan all open and venerable ports.

Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.

Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.

telnet [IP address] [Port]

You’ll be asked to input login information.

If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one.

In this way you’ll able to hack remove computer using only IP address

Read more »

Top 10 Web hacking techniques of 2010 revealed

A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting.

Called the 1)Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies.

 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. That reduces the number of unknown bytes to a small enough number to be guessed.

Read more »

JSKY - Free Vulnerability Scanner

With hordes of vulnerability scanners and frameworks launching everyday (mostly commercial) Jsky makes an impressive attempt to set itself apart by keeping it free and keeping it real by packaging everything in a small package. Don't be fooled by its small size, it packs quite a punch when compared to other professional packages considering its release  version.Good vulnerability scanner ? check ! Web backdoor and SQL Injection? Check ! Directory traversal,sensitive directory and file scan? check ! Jsky is quite promising in its features..

Jsky packs powerful web spider and multi-threaded scanner which crawls hundreds of thousands of pages with ease & allows to extract links from JavaScript and flash.It uses Pangolin as its engine and allows for advanced and in-depth SQL injection,and hence can detect these vulnerabilities exactly with no sweat unlike others which using method of Pattern Matching.Supported databases include Oracle, MSSQL, Mysql, Informix, DB2, Access, Sqlite, Sybase, PostgreSQL and even more. Jsky has a modular design which allows for everybody to code and share their custom modules. Also a XML-based vulnerability file system and an integrated a Web vulnerability executive parser means you can design a vulnerability just by editing the XML file, no need to code any program. 
The best part ? ITS FREE ! 

Read more »

The Stoned Bootkit – NO ONE IS SECURE !

A bootkit is a type of boot virus that is able to hook and patch Windows kernel , and thus getting unrestricted access to the entire computer hence compromising it . The "Stoned" bootkit, a MBR rootkit was presented by Austrian  software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009 and has been taken quite seriously at the circles at Redmond. It is even able to bypass full volume encryption, because the master boot record (MBR) (where Stoned is stored) is not encrypted and as the master boot record contains the decryption software which encrypts and decrypts the harddrive using a password. This is a potential weak point as MBR if compromised,can be used to pwn your whole system. Forget your antiviruses..No one’s secure!

Read more »

Shell Packs & Other Tools

Its been a long time since I have posted the hacking tools,I m using one of the posts I found in forums months ago which I downloaded and used and found that it was really useful for budding hackers out there. Although script kiddies may utilize them for malicious purposes and I m not responsible for any kind of damage done.

You have Been Warned.

Read more »