Thursday, 22 January 2015

Hey Readers, your favorite WhatsApp is now live on Desktop. Enjoy WhatsApp in PC without any Android emulators but there is some limitation and terms. Let's proceed further and see. Major limitation of WhatsApp Web is you can only use it in Google Chrome and you need Internet connectivity in mobile as well then only WhatsApp Web version will work.Today, for the first time, millions of you will have the ability to use WhatsApp on your web browser. WhatsApp web client is simply an extension of your phone: the web browser mirrors conversations and messages from your mobile device -- this means all of your messages still live on your phone.

To connect your web browser to your WhatsApp client, simply open in your Google Chrome browser. You will see a QR code --- scan the code inside of WhatsApp, and you're ready to go. You have now paired WhatsApp on your phone with the WhatsApp web client. Your phone needs to stay connected to the internet for our web client to work, and please make sure to install the latest version of WhatsApp on your phone. Unfortunately for now, we will not be able to provide web client to our iOS users due to Apple platform limitations. To scan QR code, goto menu of your Whatsapp and select WhatsApp Web.

Note : If you can't see any such option, then update your WhatsApp Messenger. After update
also, if such option is not available then download latest version from below link:


Once you download, install it and then restart your mobile.
After restart, you can see option of WhatsApp Web in top menu.

Once you click on WhatsApp Web, you can see steps to scan QR code, just click on OK, Got
It and open in PC and scan QR code.

After scan, you can see all your WhatsApp messages in your PC.

Note : Keep in mind these two things - 1) Keep your Phone connected to Internet. 2) Open
WhatsApp web only in Google Chrome.
Bravo !! Its Done !! Now enjo whatsapp in your PC.
Hope you enjoyed our steps by step tutorial to use Whatsapp Web version.

Monday, 19 January 2015


Dear readers,

   I am going to tell you about the FREE TRACKING APPS (SPY APPS).
now a days all are wants to track their friends,lovers or wife/husband personal calls, messages,activities etc..

when you are started to track their(victims) mobile. You need to find the spying apps. Spy apps are two verions one is paid and another one is free. when you are searching for a spy ( Tracking )apps on GOOGLE, YAHOO, you will get the paid apps everytime. if you want to find the free apps but you will get paid apps only.

so, now am going to tell you about the free tracking apps which are working perfectly. and also with the use of these apps you can hack the Facebook and Whatsapp and of victims. you can get the details of their Calls, Messages, Locations, Recordings, Photos, etc... and you can access their mobile remotely with the help of internet. when you are using these apps can must linkup your mail-id to that app.

these are top free Tracking apps


The Mobile-Tracker-Free app helps to the users to access these following specifications. and also the data will be fetches continuously to the server when it connected to the internet without giving any commands. this app hides automatically when completion of installation in android. and also we can hack the Whatsapp and Facebbok if the phone rooted. we can do more with this app.

 these are the following features of this app.
  • SMS
    Display the log of sent and received SMS.
  • Calls
    Audio recording and pieces of information related to incoming and outgoing calls.
  • Block calls
    Block incoming calls from one or several contact(s).
  • Locations
    Display the log of GPS and/or live location.
  • Pictures
    Display photos taken by the phone.
  • Applications
    List the applications installed on the smartphone.
  • Block Applications
    Can block one or more application (s).
  • Calendar
    List the information in the calendar.
  • Contacts
    List the contacts stored on the phone.
  • Blocking Site
    Block one or more websites.
  • Facebook*
    List sent and received Facebook messages.
  • WhatsApp *
    List sent and received WhatsApp messages.
  • Hangouts *
    List sent and received Hangouts messages.
  • Skype *
    List sent and received Skype messages.
  • LINE *
    List sent and received LINE messages.
  • Kik *
    List sent and received Kik messages.
  • Viber *
    List sent and received Viber messages.
  • ChatON *
    List sent and received ChatON messages.
  • Gmail *
    List sent and received Gmail messages.
  • BBM *
    List sent and received BBM messages.
  • Vibrate - Ring
    Make vibrate or ring the phone.
  • Send a message
    Sends a notification (voice or text).
  • Send SMS
    Send an SMS from the web interface.
  • Location
    Provide location coordinates.
    Enable/disable GPS and/or WiFi.
  • Lock / Unlock
    Lock/unlock with a 4-digit code.
  • General Information
    Retrieves the status of the phone (battery, IMEI ...).
  • Reset
    Formats the phone.
  • Recover Data
    Get the data list of SMS, Calls, History, Bookmarks and  Chrome browsing history*.
  • IM (messages) *
    Retrieve the list of messages from Facebook, WhatsApp, Hangouts, LINE, Kik, Viber, ChatOn, Skype, GMail, BBM.
  • Instant messaging (Calls) *
    Retrieve the list of Skype and Viber calls.
  • Retrieve the list of contacts
    Retrieve the list of phone contacts.
  • Hide/Show icon
    Hide/show the application on the application list.
  • Take a picture
    Taking a picture with the camera front or back, with or without flash.
  • History recover
    Recover the history of the default web browser.
  • Audio recording
    Record audio in MP3 format.
  • Restart the phone *
    Restarted the phone.
  • SMS commands
    Control your smartphone with SMS commands.
  • Save your data
    Backing up your data to PDF, Excel, CSV ...
  • And much more ...
    HTTPS, search by name, message, address ...



                    The Neverlostmydroid app can track same as mobile-tracker-free app but it does not fetches the data automatically to the server. we need to get the data by the giving of commands to that app. this is an main drawback to this app. but this app can also hack the whatsapp and Facebook if the phone rooted. these are the following other features of this app.
 Vibrate the phone

 Send a message and voice message.

 Find phone by making it ring.

 Find phone using GPS location.

 Remotely lock device.

 No battery drain.

 100% Free, no hidden charges.

 Phone status: battery, imei, etc.

 Wipe data.

 Hide from launcher (Name : Service GPS).

 Take picture with front camera.

 Take picture with rear camera.

 Get list of SMS.

 Get list of contacts.

 Get list of calls.

 Record audio with microphone.

 Command by SMS (Enabled Data Mobile/GPS/WiFi)...


FreeAndroidSpy is the world's first 100% free and invisible cell phone spy application for Android smartphones and tablets.
Once the application is installed you will be able to spy on the smartphone's location, access the entire contact lists, see all the images and videos on the smartphone, current information about the device and more!

If you are wondering where are your kids now or if your employees are cheating this app will help you find out.

                            Spy Phone App is the next generation of smartphone surveillance software. This mobile tracker application records the incoming and outgoing phone calls, sms and surroundings. It tracks gps locations, the browser activity and messages from applications like Whatsapp, Facebook, Viber, Skype and Line. With the free trial that they offer, you can also test the application.

Use it for

This application is great for:
  • tracking your children. You can monitor your children in order to keep them out of harm's way.
  • tracking your employees. You can monitor your employees in order to see if they use their phone or their time for other reasons.
  • backing up data from your phone.
  • tracking your phone if it was stolen. 

Monitor remotely

Spy Phone App is using the smartphone's internet connection in order to send the data to our server. After that you can monitor the logs remotely from our server. You will need to login to our server using the email and password supplied when you registered the application on the smartphone. Wifi notification You can see a notification when the phone is connecting to a wifi network.

                                    Spy Phone ® Phone Tracker keeps records of all incoming and outgoing phone calls which include phone number called or phone number of party calling the smartphone if information is not blocked by caller. It will also keep record of date and time calls were made and length of calls.

                                 Spy Phone ® Phone Tracker sends GPS location data of the cell phone every 30 minutes to control panel where the GPS data is stored and you can view data. The results are also plotted on a map for ease of use. You can also use the GPS data to help find your phone if it has gone missing.

                     Spy Phone ® Phone Tracker keeps records of all incoming and outgoing text messages which will include phone number text was sent from or phone number where text was sent to. The records will also include the date and time the texts were sent or received.

                   Spy Phone ® Phone Tracker keeps a record of websites visited including the website address and the date and time it was visited.


                 Spy1Dollar Free Mobile Spy is the most powerful cell phone spy and tracking software that lets you monitor ALL the activities of any iPhone or Android phone. The application is super easy to install on the phone you want to monitor. It starts uploading the monitored phone’s usage information and its exact location instantly which can be viewed by logging in to your Spy1Dollar Free Mobile Spy user area from any computer in the world within minutes. This state-of-the-art application works in stealth mode which means that it will never be found on the monitored phone. these are the following features having in this app

Environment Monitoring

Remotely record audio surroundings.
Remotely capture an instant spy photo.

GPS Tracking

View a Map of Recorded Locations.
Works where GPS Signal Available.

Social Media Monitoring

Facebook Messages. WhatsApp Messages.
Twitter Messages.
Twitter Posts.

Photo and Video Monitoring

View all Photos taken by the phone.
Watch Videos recorded by the phone.

 Text Message Monitoring

Sender’s Number.
Recipient’s Number.
SMS Date / Time.
Message Text.

View Multimedia Files

Get access to photos.
Watch videos files.
Listen to audio files.

Call Monitoring

Number Dialed.
Date / Duration.
Number of Caller.
Call Direction.

Internet Activities

View web browser history.
View bookmarks.


                                             ImMobileSpy is the most powerful spy phone software with highly innovative features. You can spy on virtually any phone remotely and invisibly. Because it costs you less than your daily cup of coffee! As an employer you want to monitor all company owned phones and make sure they are not being misused It will never appear on the monitored phone.

Over 200,000 satisfied customers are already using ImMobileSpy ImMobileSpy works on all phones on all networks.

 ImMobileSpy has been featured by several popular media outlets. Very easy to install and simple to use. these are the following features of this app.

Remotely record audio surroundings:
Listen and record the device’s surroundings from your computer at any time. Just click on the button Start on your control panel ( and you will be able to listen what is happening around your device immediately. All the audio will be stored in a MP3 file to allow you download
them lately.

Sometimes we call this feature as ambient voice recording or sound surrounding or audio live. All are the same meaning.

Hack Phone SMS Remotely
This feature lets you read all incoming and outgoing SMS messages, even if one deleted them. You can Spy Old SMS Messages, read all the text messages your target gets/sends

Monitor incoming and outgoing calls.
ImMobileSpy gives you full access to the entire detail call logs saved on the smartphone.
You only need to login to your control panel entering your e-mail address and password. You can find out if there are any suspicious or unknown people, saved in the mobile call history or call logs. Furthermore, you can click on a particular name and see all last calls and call history from/to this person.

Read Someone Phone Contact
Similar to an online address book, ImMobileSpy gives you easy access to the people you want to reach. All your contacts (address book) are stored here. Click Contact History in the top left corner of your control panel to access and see contacts’ information from target devices.

Real Time To Track Phone Location
With ImMobileSpy – A GPS tracker, you’ll be able to ensure your teen is driving safely and in an agreed-upon area, or that your child isn’t wandering around after school when he or she should be home or at a friend’s.

    if you have any doubt regarding these apps comment below and any free tracking apps may u know share with this blog. stay tune for more updates ....

Tuesday, 13 January 2015


ATM’s Robbed Via Samsung Galaxy Note 4 Smartphone – Hello guys welcome back to techno Sensations. We have a breaking news this time. Yes ATM’s have been robbed via a simple galaxy note 4 smartphone. So just telling you how all it happened. While this is quite amazing ! 

Image Source Hackread Cybercriminals have found an effective and simple way to dispense cash from the ATMs through a smartphone without inserting a card. In this case the device used was Samsung Galaxy 4 smartphone. 

The smartphone is used to relay commands from a remote individual. 

The hackers target poorly protected ATMs, for instance standalone units, ones located in isolated, dimly lit places, because it requires physical access to the system’s internals. 

The hackers disconnect the cash dispenser from its legitimate computer and connect it to the malicious smartphone instead. 

In one case, the perpetrators used a circuit board with USB connection to hook it to the system. Called as “black box attacks,” they are mostly used against NCR- manufactured units,said Brian Krebs, a security blogger. 

NCR is a major player in this market and their products have been the attack target in the past as well; in an earlier attack, CD-ROM of the ATM’s computer was compromised and a machine-
controlling malware uploaded. 

NCR had problems deciphering the communication between the ATM machine and the fraudster, who appeared to be commanding
the machine from a remote server.

 Till date, NCR has reported only two black-box attacks. But the company has issued an updated firmware with stronger
encryption to protect communication between the cash dispenser and the computer.

 Earlier, the encryption key exchange depended upon a specific authentication sequence. 

“All things considered, this is a pretty cheap attack. If you know the right commands to send, it’s relatively
simple to do.

 That’s why better authentication needs to be there,”said Charlie Harrow, solutions manager for global security at NCR. 

The latest update also includes blocking the possibility of a roll- back to the vulnerable version of the firmware. 

Article Source – 

Thanks to this site for providing this info.

Thursday, 8 January 2015

Free Rs.200 Promo Balance From Mobikwik [ New Users Only & a small trick for existed users ]

Free Rs.200 Promo Balance From Mobikwik
[ New Users Only ]

Mobikwik is offering Rs.200 free promo balance if you create new Mobikwik account. You cannot use those promo balance as a recharge, but you can send those balance to your friends and if they accepts your balance, then you will also get credited as Rs.10.

 Let's see How ?? 

Download Mobikwik application from playstore and create new Mobikwik account. 

Note : If you are already using Mobikwik, then I would suggest you to use these steps in Android emulator like Youwave else you will not get Rs.200 promo balance but i have a small trick for that.

Once you created new account, goto transfer option. There you can see notification as "Mobikwik has credited free Promo balance in your wallet. Your Promo balance is Rs.200". 

Now click on "How to use". 

There you can see contact list of friends, if there is no contact list then goto contacts section and create some new accounts. 

Now come back to Mobikwik and again click on How to use and send those Rs.200 to any of your 10 friends.

 Note : You cannot send one friend twice from one account so you have to send those Rs.200 promo balance to 10 friends. Now if your friend accepts that Rs.10, then both  of you will get Rs.10 in your account. So ask your friend to accept it immediately.

 Note : Here is my number, if you wish you can send here I will accept instantly : 9573888004.

So finally, create as much as new Mobikwik account you can and
enjoy this free balance trick. 

Note : Sometimes your friend might get Error of Transaction Declined at the time of accepting balance. There is no solution for this, Mobikwik is tracking device ids so sometimes you might face this type of error as well. 

A small trick :
If you are already registered with mobikwik then logout current account then signup with same number with different mail id. 

Boooom you got 200 promo balance again. Enjoy and comment below for queries  

Monday, 5 January 2015

NASA’s Mars Rover’s Flash Memory Slowly and Steadily Wearing Out

Problems with NASA’s Mars Exploration Rover Opportunity’s flash memory have intensified over recent weeks

NASA’s Mars Exploration Rover Opportunity has been exploring the martian surface for over a decade now. The greatness of the achievement sinks in, only when told that the rover was originally supposed to survive for just 3 months. And as with every machine, even the Mars rover has undergone damage over time and this damage is leading to a loss of data collected by the Opportunity.


Flash Memory worn out

It’s primary mission it began in January 2004. But with its great successes, inevitable age-related issues have surfaced and mission engineers are being challenged by an increasingly troubling bout of rover “amnesia.”   Opportunity utilizes two types of memory to record mission telemetry as it explores the Meridiani Planum region. Sister rover Spirit, which sadly succumbed to the Martian elements in 2010 after 6 years of exploring Mars, used the same system. The two types of memory are known as “volatile” and “non-volatile.”
“The difference is non-volatile memory remembers everything even if you power off, in volatile memory everything goes away,” said Mars Exploration Rover Project Manager John Callas, of NASA’s Jet Propulsion Laboratory in Pasadena, Calif. “So volatile memory is like the traditional RAM you have in your computer; non-volatile memory uses flash memory technology.”
As per procedure, all telemetry data is stored on the rover’s flash storage, so that when the rover powers down during night time on the planet, the data remains safe and secure, just like data remains on your computers of phones even after you shut it down.  However, such memory has a life time i.e. there is only so many number of times you can perform read/write operations on it before it starts wearing out. Because of this wear and tear, when the rover shuts down, all the data that is stored on the rover’s RAM gets erased.  After a decade of constant use, this wear and tear has become the source of lost data and unexpected reset events for the mission.


Oldman problems

“The problems started off fairly benign, but now they’ve become more serious — much like an illness, the symptoms were mild, but now with the progression of time things have become more serious,” added Callas. “So now we’re having these events we call ‘amnesia,’ which is the rover trying to use the flash memory, but it wasn’t able to, so instead it uses the RAM … it stores telemetry data in that volatile memory, but when the rover goes to sleep and wakes up again, all (the data) is gone. So that’s why we call it amnesia — it forgets what it has done.”
Opportunity uses the Mars Odessy satellite to send back data to its handlers on earth. Every time Odessy made a pass near Opportunity (as per its revolution), commands were sent to Opportunity rover and the telemetry sent back to earth. However, if the satellite did not pass near the rover and data transmission was not possible, they noticed that some data was being lost. They found out that the rover was suffering from the flash memory error and was using the RAM to avoid flash memory altogether. And as the rover shut down, it erased all data stored on its RAM.
The flash memory problem has now grown even more problematic. As the rover fails to save data, its software forces the rover to restart. If a sequence of commands is sent to the rover, it will keep rebooting over and over again, forgetting what the previous command instructed the rover to do.
“Basically the rover stops what it was doing because it wasn’t sure what caused the reset,” said Callas. “So that interrupts our science mission on the surface of Mars.
“It’s like you’re trying to drive on a family trip — the car stalls out every 5 minutes. You don’t make much progress that way!”


Worries between Christmas celebrations

And now the rover team’s worst nightmare has reared its ugly head — Opportunity stopped communicating with Earth over the Christmas break. As the NASA team went into the Christmas holidays, a series of 3 sol (Mars day) plans gave the rover a sequence of commands to work on. On the first sol, the rover would operate as expected, but come the second and third sols, not only would the rover not execute the rest of the commands, it stopped talking to mission control. Fortunately though, the rover reconnected to the station and continued its operations as per commands.
“It seems the source for all these problems lead back to one particular bank of flash memory. 7 banks are used by Opportunity and it’s the 7th bank that is triggering the data loss, rover resets and communications glitches. Now the culprit has been identified, JPL software engineers have developed a technique that will force the rover’s software to ignore the 7th bank and utilize the other 6 apparently healthy banks. According to Callas, his team is probably a couple of weeks away from completing the software change so it can be uploaded to Opportunity.”


Surprised at the longetivity

Excluding the recent events, Callas has expressed surprise at how healthy and long lasting the mission has been.
“The rover has been amazingly healthy considering how much we’ve used it … we thought the mobility system would have worn out a long ago but it’s in great health.
“But anything could fail at any moment,” he said. “It’s like you have an aging parent, that is otherwise in good health — maybe they go for a little jog every day, play tennis each day — but you never know, they could have a massive stroke right in the middle of the night. So we’re always cautious that something could happen.”


Milestone approaching

The Mars rover has also come very close to achieve two feats. The first being completing the distance equivalent to one entire Mars marathon. Marathon Valley is so-called as the location marks the distance the rover will have exceeded a marathon on Mars should it get there. Opportunity has traversed over 26 miles and currently holds the off-world record for any rover — robotic or driven by an Apollo astronaut.
According to orbital mapping of Marathon Valley, the location contains a variety of clay minerals that could have only been formed when Mars had an abundance of pH-neutral water on its surface. It has ancient geology spanning back to the Noachian era, much older than Gale Crater — where NASA’s Curiosity rover is currently exploring. Like Opportunity’s previous exploration of clay-rich deposits, studies of Marathon Valley could provide invaluable data as to the ancient, potentially habitable Mars environment.


Software Glitch

The engineers have identified that the 7th flash memory bank aboard rover is triggering the data loss. Opportunity has 7 banks of flash memory and now the JPL software engineers have developed a technique that will force the rover’s software to ignore the 7th bank and utilize the other 6 apparently healthy banks.

\According to Callas, his team is probably a couple of weeks away from completing the software change so it can be uploaded to Opportunity.

Resource : Discovery

The Netflix Mystery and The VPN Proxy Pirates

I try to be a “good citizen” on the Internet. I am very sympathetic to actors and artist who need to make a living on their craft, so I have subscribed to Netflix, to pay my dues for watching movies and to allow some convenience to have a streamlined User Interface (through my browser) to watch those movies and be less stressed about introducing any malware on my systems.
But when Netflix started to block subscribers who accessed its service through VPN services and other software tools that happen to bypass geolocation I was stunned and as a legitimate user, of Netflix service I was furious.
Movie executives seemed to have successfully coursed Netflix on the VPN witch hunt as the movie studios want full control over what people can see in their respective countries. To be brutally honest I was not even aware I was being blocked at first.

How did I discover this?
Since I write security and hacking articles I run security software on some of my machines and devices to test and report on software. The PC machine I happened to be using was running a VPN at the time. I fired up my browser, logged into Netflix and searched for the series “Deadwood”, which I originally started to watch up to season 2, but got involved with some other projects and did not have the time to finish watching through to season 3.
A quick search on Netflix revealed that “Deadwood” was in-fact an option in Netflix’s library, so I started to binge watch season one. The next day, I decided to watch season 2 of “Deadwood” on my daughter’s Wii console (which supports Netflix, but is not on any VPN). Imagine my suprise when I logged on to my Netflix account and there was no option to continue to watch the “Deadwood” series.

I searched through the conventional search box, nothing. I even looked onto my recently watched movies, again nothing. I was annoyed but decided I should go back to work on my research. So I then decided to go back to my security PC and start some research projects. On a whim, I logged on to my Netflix account and right before my eyes, there it was, “Deadwood” exactly where I left off. I thought it strange, but didn’t think much more of it and just decided to binge watch the second season.
Then the story broke. Netflix cracks down on vpn and proxy pirates.

So What Happened?
Due to the complicated licensing agreements Netflix is only available in a few countries, all of which have a different content library.

You can bypass these content and access restrictions by using a VPN and other circumvention tools that change your devices Internet Protocol (IP) geographical location. Making it easy for people all around the world to have access to any Netflix library listing that your new IP shows your device to be coming from.

The movie studios do not like this and are not happy with these types of subscribers as it violates their licensing agreements that they have imposed on Netflix in exchange for Netflix showing their movie titles.

Entertainment industry sources in Australia complained bitterly that several Netflix subscribed “VPN-pirates” were hurting their business.
So Netflix started to take action against their legitimate subscribers who use these circumvention tools.

At first Netflix’s Android application started to force Google DNS to make it more difficult to use DNS based location unblockers, in addition it flagged several VPN IP-ranges.
This tactic had a limited in scope, so not all VPN users experienced problems. But some of the common VPN providers started to become affected specifically, TorGuard, which started to notice a surge in access problems by its users, around mid-December.
TorGuard’s Ben Van der Pelt stated “This was a brand new development. A few weeks ago we received the first report from a handful of clients that Netflix blocked access due to VPN or proxy usage. This is the very first time I’ve ever heard Netflix displaying this type of error message to a VPN user.”.

TorGuard’s users were able to quickly gain access again by logging into another U.S. IP locations. Some of the blocking efforts were temporary, probably as a test for a full-scale 
rollout blocking for a future date.

Ben Van der Pelt, continued to state “I have a sneaking suspicion that Netflix may be testing these new IP blocking methods temporarily in certain markets. At this time the blocks do not seem aggressive and may only be targeted at IP ranges that exceed too many simultaneous logins.”

Netflix is suspected of testing a variety of blocking methods. Some involve querying the user’s time zone through their web browser and/or mobile device GPS and cross-comparing the data from that query against the timezone of their known IP-address of origin.
TorGuard and services, such as Unblock-us are working to help its VPN users find work arounds for Netflix’s draconian strict ban policy, to provide an easy solution to bypass the blocks.

Netflix’ efforts to block geoblocking circumvention tools should not come as a surprise. It is reported that a there is a draft of the content protection agreement Sony Pictures prepared for Netflix earlier. The agreement specifically requires Netflix to verify that registered users are indeed residing in the proper locations.
In addition, Netflix must “use such geolocation bypass detection technology to detect known web proxies, DNS based proxies, anonymizing services and VPNs which have been created for the primary intent of bypassing geo-restrictions.”

As there has been a recent back pedaling from Netflix that there’s been “no change” in the way it handles VPNs, so you shouldn’t have to worry about the company getting tough any time soon.

This should still be taken as a lesson of understanding of how any information can be censored from region to region. In addition to encrypting your Internet traffic VPNs and Proxies are important. It is really sad in a way that the movie executives spearheading this are punishing paying subscribers so they can have more control over what those paying subscribers watch and where they watch it from.

It just bolsters users to actual piracy to avoid the misdirection, deception from the movie giants. One can only hope they come to their senses and realize that blocking and punishing paying subscribers will only encourage them to take their money elsewhere.

Sunday, 4 January 2015

NSA’s Vulcan Death Grip on VPNs

According to reports published this week by the German news magazine Der Speigel. The NSA (National Security Agency) has a division called the Office of Target Pursuit (OTP), which maintains a team of engineers assigned to cracking the VPN (Virtual Private Networks) encrypted traffic. It is believed that they have developed tools that have the potential to un encrypt the traffic of the majority of VPNs. A presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used.
OTP’s VPN exploit team assigned its members to branches to specifically focus on regional teams, including a “Cross-Target Support Branch” and a custom development team for building targeted VPN exploits. At the regional level, the VPN team acted as liaisons to analysts, providing information on new VPN attacks while also gathering requirements for specific targets to be used in developing new ones.

Some VPN mechanisms —specifically, the Point-to-Point Protocol (PPTP)—have previously been isolated and identified as being vulnerable to attack because of the key exchange at the beginning of a VPN session, while others have generally been assumed to be safer from scrutiny.

Since 2010, the NSA had already developed software tools to attack commonly used VPN encryption schemes, specifically the Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

The NSA has created a specific repository called TOYGRIPPE for capturing VPN metadata. The TOYGRIPPE repository stores information on VPN sessions between systems of interest, including their “digital fingerprints” for specific devices and which VPN services they connect to during key exchanges between them, as well as other connection data. VPN “digital fingerprints” is also be extracted from NSA’s distributed “big data” store of all recently captured Internet traffic called XKEYSCORE which is used to identify targets to develop a attack.

Since XKEYSCORE includes data from “untasked” sources (people and systems not designated as under surveillance) the OTP VPN Exploitation Team “tries to avoid relying on XKEYSCORE work flows due to legal and logistical issues.” But XKEYSCORE, remains, the best for attacks on SSH traffic.

NSA analysis of the TOYGRIPPE and XKEYSCORE data, in addition to all daily VPN exploits is fed into BLEAKINQUIRY, another NSA metadata database of “potentially exploitable” VPNs. The BLEAKINQUIRY meta database is searched by NSA analysts for addresses matching targeted individuals or systems and to generate requests for the OTP VPN Exploit crew to finally convert the “potentially exploitable” into an “actuality exploitable”.
When an IPSec VPN is identified and “tasked” by NSA analysts, (meaning the people and systems are designated as under surveillance), a “full take” of all its traffic are stored in a VPN repository called VULCANDEATHGRIP. There are also similar yet separate repositories for PPTP and SSL VPN traffic dubbed FOURSCORE and VULCANMINDMELD, respectively.
The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) previously harvested from other sources such as exploited routers, etc. and then stored into a key database called CORALREEF.

Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, all successfully cracked VPNs are further processed by a system called TURTLEPOWER and in turn sorted back into the NSA’s XKEYSCORE full-traffic database, all extracted content is then pushed to a digital network intelligence content database called the PINWALE.

VPNs that aren’t successfully cracked, by these methods are continually monitored by doing more data collection, capturing IPSec Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP) traffic during VPN handshakes to fortify and build better attacks in the future.

In the cases where the keys just can’t be recovered, the VPN Exploit Team will reach out to “friends” that will assist in gathering more information on the targeted systems of interest through other data collection sites and also by doing an end-run by calling on Tailored Access Operations to “create access points” through exploits of one of the endpoints of the VPN connection.

It is evident that the NSA is building a library of metadata to crack VPNs in an increasingly brute force manner, but they have to work hard for it and based on their tactics they are depending on conventional methods since 2010, so this was, as far as we know 4 years in the making so one can assume the XKEYSCORE database has grown since then.
What does this mean if you want to keep your secrets? Well, it’s a race now. The more hurdles you go through, using VPNs, Proxies, Wiped Devices, insanely long passwords the better off your secrets are. If you are targeted, then it can be complicated, but given what is based on my analysis they don’t have the quantum magic wand…yet.

Google Researcher discovers Windows 8.1 Privilege Escalation Vulnerability

Google Researcher discovers Windows 8.1 Privilege Escalation Vulnerability

Google researcher discover privilege elevation bug in Windows 8.1, 32/64 bit versions.

A Google researcher named Forshaw has discovered a privilege escalation bug in Windows 8.1.  The bug in ahcache.sys/NtApphelpCacheControl has occured after Windows 8 was updated to Windows 8.1 and was found by Forshaw in September 2014.  He notified the Google Security Research mailing about the bug on 30th September and after 90 days disclosure deadline the flaw and Proof of Concept was made public yesterday.

Google researcher team  contacted Microsoft regarding the bug on the same day as the flaw was discovered but there are no indications of any action being taken in the matter  Forshaw has also stated in the mailing list that he has tested the PoC only on 8.1 and doesnt know whether Windows 7 is vulnerable.

The vulnerability is identified in the function ahcache.sys/AhcVerifyAdminContext. The proof of concept includes two program files and a set of instructions for executing it which result in the Windows calculator running as Administrator. Forshaw states that the bug is not in UAC itself, but that UAC is used in part to demonstrate the bug.
Microsoft has big problem on hand with this vulnerability as it releases its main patches on the second Tuesday of the month.  As of now Microsoft has two choices :
  • Fix it in time for the second patch tuesday.
  • Issue an out-of-band patch (usually a bad sign of 0day).
The next Patch Tuesday is due on 13.1.2015 and if releases a patch before that, it can be assumed that this is a Zero day vulnerability.
The entire thread is reproduced below :
Platform: Windows 8.1 Update 32/64 bit (No other OS tested)
On Windows 8.1 update the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext.
This function has a vulnerability where it doesn’t correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller’s impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem’s SID. It doesn’t check the impersonation level of the token so it’s possible to get an identify token on your thread from a local system process and bypass this check. For this purpose the PoC abuses the BITS service and COM to get the impersonation token but there are probably other ways.
It is just then a case of finding a way to exploit the vulnerability. In the PoC a cache entry is made for an UAC auto-elevate executable (say ComputerDefaults.exe) and sets up the cache to point to the app compat entry for regsvr32 which forces a RedirectExe shim to reload regsvr32.exe. However any executable could be used, the trick would be finding a suitable pre-existing app compat configuration to abuse.
It’s unclear if Windows 7 is vulnerable as the code path for update has a TCB privilege check on it (although it looks like depending on the flags this might be bypassable). No effort has been made to verify it on Windows 7. NOTE: This is not a bug in UAC, it is just using UAC auto elevation for demonstration purposes.
The PoC has been tested on Windows 8.1 update, both 32 bit and 64 bit versions. I’d recommend running on 32 bit just to be sure. To verify perform the following steps:
1) Put the AppCompatCache.exe and Testdll.dll on disk
2) Ensure that UAC is enabled, the current user is a split-token admin and the UAC setting is the default (no prompt for specific executables).
3) Execute AppCompatCache from the command prompt with the command line “AppCompatCache.exe c:\windows\system32\ComputerDefaults.exe testdll.dll”.
4) If successful then the calculator should appear running as an administrator. If it doesn’t work first time (and you get the ComputerDefaults program) re-run the exploit from 3, there seems to be a caching/timing issue sometimes on first run.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.
Another user has claimed that Windows 10 is not vulnerable to this vulnerability while another has question the Google policy of making such a bug public without Microsoft’s approval. The Thread and PoC can be accessed here.

Lizard Squad Member Vinnie Omari Allegedly Arrested in United Kingdom

Vinnie Omari, a Lizard Squad member was arrested and released on bail; Lizard Squad meanwhile going about marketing its Lizard Stresser

Vinnie Omari, a 22 year old member of the infamous Lizard Squad hacker group was arrested on Monday after British police officers from Thames Valley Police raided his home.  Vinnie Omari is one of the two members of Lizard Squad who gave the interview to BBC Radio which was aired on 26th December, a day after Vinnie’s band of hackers had completely downed the webservers of PlayStation Network and Xbox Live with a 1200 GB/s DDoS attack.
Lizard Squad which had promised to take down both the gaming networks through a now banned Twitter handle @LizardSquad eventually managed to take down both PSN and XBL servers for more than 48 hours.  The attacks were supposedly carried out by the gang to make the mega corporations ‘aware of vulnerabilities.’  The attacks would have carried on much longer if Kim ‘Santa’ Com wouldnt have intervened and paid 3000 Mega premium account coupons to the gang.
Vinnie has confirmed the raid on his house and his subsequent arrest on Monday ot Daily Dot.  “They took everything,” Omari told the Daily Dot in an email. “Xbox one, phones, laptops, computer USBs, etc.”
He was released on bail on Tuesday and said that no charges have been filed.  He said arrested for, “just alleged charges.” He added that he’ll “know more when the forensics team gets info.”
A press release from the Thames Valley Police confirms that a 22-year-old man was arrested Monday “on suspicion of fraud by false representation and Computer Misuse Act offense.”
Lizard Squad Member Vinnie Omari Allegedly Arrested in United Kingdom and Released on Bail
Courtesy DailyDot
A another member of the Lizard squad who identified himself as ‘Ryan’ last week on a interview is reportedly being investigated by the FBI.
On the other hand, Lizard Squad said on Twitter that Ryan was arrested for the massive amount of money laundering using the stolen card details and currently is in the Finnish prison.

Lizard Stresser for rent; Lizard Squads new DDoS business

Meanwhile the gang itself hasnt shown any shock on the news of arrest of Vinne.  They are busy promoting their new found venture of renting their expertise and a tool called Lizard Stresser for DDoS attacks.  The rents for DDoS targets range from $6 to $500, depending on the length of the attack.
Lizard Stresser for rent; Lizard Squads new DDoS business

The Lizard Stresser seems to be down at the time of writing this article
Another member of Lizard Squad had confirmed with DailyDot that the whole PSN and Xbox Live hack attack was a publicity gimmick for their product, Lizard Stresser.
It is worth noting that Lizard Squad has already had a taste of  illicit profit from their illegal hacking activities. The ransom Mega premium account coupons which Kim Dotcom offered them are worth $150,000 in the market.

It remains to be seen whether they succeed with their illegal business venture or fall prey to law enforcement authorities in due time.

iOS 8 Shrinks Storage on 16GB iPhone and iPad; Users Sue Apple

Apple sued for shrinking storage space on 16GB after upgrade to iOS 8

Apple has this time, been caught in the legal tangle for selling iPhones with too less storage space, specifically the 16 GB model .  Miami residents Paul Orshan and Christopher Endara have filed the lawsuit (PDF) against the tech giant claiming that the space is just enough to upgrade their devices to iOS 8, which will reduce their available storage even further.
iOS 8 Shrinks Storage on 16GB iPhone and iPad; Users Sue Apple
Apple has clarified that the amount of total storage space its softwares calculate is the storage left after a complete system format. But these litigants don’t seem to be  satisfied by this explanation.

Storage Tactics

In addition to the above claim, they also claimed that Apple is charging a premium for every extra gigabyte of storage by pushing customers to use its iCloud storage device. So when a user runs out of space at a moment when they want to record their child or grandchild’s basketball game, they will be forced to pay top dollar to Apple. With the lack of an option to expand the existing storage by adding a memory card, as in mostly found on android devices, users are left with no other option that to pay.
“Apple’s misrepresentations and omissions are deceptive and misleading because they omit material facts that an average consumer would consider in deciding whether to purchase its products,” the complaint says. “Rather ironically, Apple touts iOS 8 as ‘The biggest iOS release ever.’ Of course, Apple is not referring to the literal size of iOS 8, which appears to be entirely undisclosed in its voluminous marketing materials extolling the purported virtues of iOS 8.”
The lawsuit also accuses Apple of not working with third party vendors to offer other cloud storage options. Users are restricted to only Apple provided services. Neither does Apple offer any support to its customers to offload their data from the cloud storage. Coming in hindsight of the iCloud hacking scandal, a lot of users do not find iCloud a safe place for their personal data.
According to the lawsuit, the ratio of storage space that a user cannot use ranges from  18.1 to 23.1 percentApple sued for shrinking storage space on 16GB devices thanks to iOS 8
“Using these sharp business tactics, [Apple] gives less storage capacity than advertised, only to offer to sell that capacity in a desperate moment, e.g., when a consumer is trying to record or take photos at a child or grandchild’s recital, basketball game or wedding,” it says. “To put this in context, each gigabyte of storage Apple shortchanges its customers amounts to approximately 400-500 high resolution photographs.”

Case Files

Apple has not made any official comment on this case so far. But it is bound to bring back memories of an older case related to storage space that was filed against them. That case was filed against the total space available in an iPod Nano model to be 7.45GB instead of the 8 GB advertised. The case was ultimately dismissed by the Courts.  Similarly, Microsoft was sued over the amount of available amount of storage in Surface, notably when users only had access to about half the storage on its earlier models.