Whats app Security Bleach - 200 million user at Risk

Security Flaw found in WhatsApp: 200 million users are at Risk

You will be shocked to know that about 200 million users of the world’s most famous instant messaging service are at risk. Yes, about 200 million what’s app users are at security risk.

Few days back WhatsApp claimed to have hit over 900 million monthly active users! The web extension of what’s app puts many users at risk, the web version of WhatsApp is vulnerable to an exploit that could allow the hackers to convince the users to install the malware in their system in a new classy way.

WhatsApp launched its web version for iPhone users last month. WhatsApp web is current method to practice the mobile app in browser. It allows you to view all of your conversations, to see images, videos, audios you share with your friends and save them directly at your desktop.

A Security Flaw found in WhatsApp was discovered by security researcher Kasif Dekel in the web version of WhatsApp which allows hackers to share your machine by some malwares. Some of them are RATs (Remote Access Tools) which gives the hackers a remote access to your PC. The web version is also effected by Ransomware ( forces victim to pay a ransom through certain online payment methods in order to grant access to their system), bots and other malicious software.

 Security Flaw found in WhatsApp: How the Hack Works?

To exploit the vulnerability attacker needs to send a seemingly innocent vcard having the malicious code to the user. It is very easy to send .BAT file as legit vCard. This vCard looks like any other message but the WhatsApp user is unknown about the risk that it will trigger the malicious code when clicked.

After sending the vCard all an attacker need to do is wait the victim to open the message. As soon as the message is opened the executable malicious code in the vCard will run.

Security Flaw found in WhatsApp: What this Malicious Code can do

There are possibilities that the code after running will take the complete control over the target machine. But it will definitely monitor the user’s activities and use the target machine to spread virus.

The security team of WhatsApp has recognized the flaw and rolled out an update to fix the issue. So, you are advised to use the updated version of WhatsApp because every version before v0.1.4481. is vulnerable to the exploit.

Have something to add on Security Flaw found in WhatsApp ? Please add in comments.

Read More

How to Unlock Android Phone Pattern or Password Lock Easily – Step By Step Guide

Android lock screen is a very strong protection of data on any android device. There may be times if you forget your pattern and want to reset it, this article shows how you can unlock your android pattern lock screen with very simple steps. This is an educational article. Try this at your own risk. This website is not responsible for any issue which may occur.

Steps to Unlock Android pattern lock:

1.Enabling USB Debugging:

For this process to be a success, the device which you wish to unlock should be enabled with USB Debugging. For this go to Settings->Development->USB debugging and enable it.

2. Connect the device to the computer:

Now after making sure that the device is USB Debugging enabled, Connect it to the computer.

• Go to start and open CMD.
• Type the following code very carefully.

adb shell

• Now press enter

rm /data/system/gesture.key

3. Reboot:

After giving the commands in the CMD, restart or reboot the android device. Now give any pattern and your device should be unlocked.
If you any doubts in the above process, please feel free to contact us. 

Read More

How to Hack Gmail , Facebook with Backtrack 5 or Kali linux

First open your backtrack terminal and type ifconfig to check your IP

Now Again Open Your Backtrack terminal and Type cd  /pentest/exploits/set

Now Open Social Engineering Toolkit (SET) ./set

Now choose option 2, “Website Attack Vectors”.

In this option we will select option 4 “Tabnabbing Attack Method”.

In this option we will choose option 2 “Site Cloner”.

Enter the URL of the site you want to clone. In this case http://www.gmail.com and hit enter. SET will clone up the web site. And press return to continue.

Now convert your URL into Google URL using goo.gl and send this link address to your victim via Email orChat.

When victim open in their browser it should be a message that the page is still loading. so victim start to open another tab. As soon as victim open new tab, our fake website start working. That script will redirect the victim to the phishing page your derived.

For Any help and Information Follow me on 

Read More

HACK FACEBOOK BY BREAKING THE SSL

By Parth Makadiya

In my previous post I've discussed how user's session is hijacked and how SSL/TLS is incorporated for secure communication. But still the hackers can sniff the user credentials by breaking the SSL/TLS. This technique is referred to SSLstrip which was released by Moxie Marlinspike to demonstrate the vulnerabilities he spoke about at Black Hat Technical Security Conference: USA 2009.

In this scope I'll be using BackTrack, a Penetration Testing Distribution integrated with the below tools to scan the Network, set up Firewall rules, MIMA, monitor client-server HTTP connection and sniff packets.

1. NMAP
2. IPTABLES
3. ARPSPOOF
4. SSLSTRIP
5. ETTERCAP

SSLstrip strips out HTTPS links from unencrypted webpages, replaces them with HTTP links and sends the altered pages to the client. The client never sees an HTTPS link to click on, only the unencrypred HTTP version.

• Techniques:   

1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.5 as the Target.

  2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.

3. Next Set up port redirection using IPtables.

4. Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  

5. Start the SSLstrip tool and make it listen to default port 10000.

 

6. Start Ettercap to sniff the packets to fetch user credentials.

Once this setup is up and running perfectly, let the victim login the Facebook. In particular, the victim's HTTP traffic will be redirected to our port 10000, where SSLstrip is listening. After this we will be able to eavesdrop and steal all of the victim's passwords sent supposedly over SSL/TLS.

• Protection:

1. Force-TLS add-on allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites. 

 

2. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL) 




Be extra careful
Happy Hacking...Enjoy... Educational Purpose only.Dont missuse it..

Read More