Sekure4Sure

A text message bug that crashes an iPhone's messaging app or shuts down the phone went viral Wednesday. In lieu of a full security update to fix the problem at its root, Apple released instructions Thursday for how to work around it and reenable messaging functions. While the company said it is working on a software update to fix the issue, it advised users locked out of their messages on a temporary fix for the problem. Users who are hit by the annoying text should ask Siri to "read unread messages" and then use Siri to reply to the malicious message. In a new support post, Apple says that is “aware of an iMessage issue caused by a specific series of unicode characters and we will make a fix available in a software update.” It doesn’t provide a timescale for that. But in the meantime, it suggests you do the following: Ask Siri to “read unread messages.” Use Siri to reply to the malicious message. After you reply, you’ll be able to open Messages again. In Me

Day before yesterday, Gaana.com was hacked over and 10 Millions registered users database was compromised - Hacker called name Mak Man gives details on his Facebook page. A hacker nicknamed Mak Manlaiming claiming to be from Pakistan hacked the website of music streaming web service Gaana.com and posted details of over 10 million users on his Facebook page. Times Internet CEO Satyan Gajwani replied to the hacker's post on Facebook later and apologised that the company hadn't responded to the security concerns raised by Mak Man. "I don't think your intention is to expose personal information about Gaana users, but to highlight vulnerability," Gajwani added. "Consider it highlighted, and we're 100% on it. Can I request that you take down access to the data, and delete it completely?" Mak Man alias Sajja Ahmad also responded and said: "Hello Satyan! It's good to see that you took notice of the issue before it was too late. You are right

Ross Ulbricht, the alleged founder and mastermind of the infamous online black marketplace Silk Road, has been sentenced to life in prison after being found guilty of narcotics conspiracy, money laundering and other criminal charges. At the hearing on Friday, Judge Katherine Forrest, who has presided over the gnarled case that has revealed many twisted plots and shadowy secrets since it began in January, delivered her verdict in front of a packed courtroom. The punishment is a heavy price to pay for the 31-year-old, who had pleaded with the judge to spare him his old age and “leave a small light at the end of the tunnel.” Ulbricht asked for Mercy, but Judge rejected: Ulbricht pleaded for leniency in his sentence during the court hearing, but that didn't work out. "I wish I could go back and convince myself to take a different path," Ulbricht said. "If given the chance, I would never break the law again." In addition to running Silk Road, Ulbricht was

How the Deep Web Works Search engines such as Google index well over a trillion pages on the World Wide Web[1], but there is information on the web that common search engines don't reach. Most of this is in databases of information that need to be searched directly from the specific website. More famously (or infamously), a small pocket of the deep web is filled with hyper-secret communities who flock there to escape identification from authorities. You thought you knew the Internet. But sites such as Facebook, Amazon, and Instagram are just the surface. There’s a whole other world out there: the Deep Web. It’s a place where online information is password protected, trapped behind paywalls, or requires special software to access—and it’s massive. By some estimates, it is 500 times larger than the surface Web that most people search every day. Yet it’s almost completely out of sight. According to a study published in Nature, Google indexes no more than 16 percent of the surface

Aran Khanna , a student developer in Cambridge, MA, has created a Chrome extension that grabs location data from Facebook Messenger and rapidly plots your friends’ locations on a map. The extension that allows you to watch every footstep of your Facebook friends by grabbing location data from Facebook Messenger and rapidly plotting your friends’ locations on a map. We all are aware that Facebook shares our location data with our friends, however, what we probably aren’t aware of the accuracy of that data and easiness of extracting that data from the messaging service. The data is retrieved from messages sent with location sharing enabled. That usually means from mobile devices, as it’s on by default in the iOS and Android apps. If you are in doubt that this extension could easily track all your location data, then you are wrong. The extension will able to map your location only for those instances when you have had a conversation with your friends over Messenge

This tutorial is divided in two parts: Android device creation. Integrate ADB with android device. For setup android testing lab on kali linux (32-bit), we need to install virtualbox on kali linux. If you don’t have virtualbox on your kali machine, you can download debian pacakage form here: https://www.virtualbox.org/wiki/Linux_Downloads Or you can simply type this command on kali terminal:                                                        apt-get install virtualbox Now we have installed virualbox on kali machine. At this moment, we need virtualbox images of Android API below: android_data_disk.vmdk (IDE Primary Slave) android_system_diskvmdk (IDE Primary Master) sdcard.vdi (IDE Secondary Master) You can download these files from here only. https://www.dropbox.com/s/c9h5gm89mp5j9uw/android_system_disk.vmdk?dl=0 https://www.dropbox.com/s/eo5b6x9k3ew4lev/android_data_disk.vmdk?dl=0 https://www.dropbox.com/s/4n1he0216cvz1tb/sdcard.vdi?dl=0 Android

The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack.  Hackers are actively exploiting this web application vulnerability to perform a large variety of attacks that include XSS cross-site scripting, cross-user defacement, positioning of client’s web-cache, hijacking of web pages, defacement and a myriad of other related attacks.  A number of years ago a number of CRLF injection vulnerabilities were also discovered in Google’s Adwords web interface. A simple CRLF Injection example Suppose you run a vulnerable website that has a language section. Sign in as admin and goto customize site language option and select English as language and intercept the request on proxy. Use Burp to intercept the request. This is CRLF payload(carriege return-line feed) Add CRLF payload in lang parameter. Now forward the request. It is observed that application gives two respo

A new class of Injection Vulnerability called HTTP Parameter Pollution (HPP) is less known – Has not received much attention – First presented by S. di Paola and L. Carettoni at OWASP 2009 • Attack consists of injecting encoded query string delimiters into existing HTTP parameters (e.g. GET/POST/Cookie) – If application does not sanitize its inputs, HPP can be used to launch client-side or server-side attacks – Attacker may be able to override existing parameter values, inject a new parameter or exploit variables out of a direct reach “An attacker overrides or adds HTTP GET/POST parameters by injecting query string delimiters. Via HPP it may be possible to override existing hardcoded HTTP parameters, modify the application behaviors, access and, potentially exploit, uncontrollable variables, and bypass input validation checkpoints and WAF rules” . HTTP Parameter Handling •During interaction with web application, client provides parameters via GET/POST