Facebook spices up profiles with looping video, temporary pictures, larger images and more

As part of a continued effort to avoid the same fate as MySpace, Facebook on Wednesday announced a handful of major changes that add a bit of spice to users’ profiles.

The first change you may notice is the ability to replace your static profile photo with a looping video, an obvious next step as we continue to shift towards a video-centric web.



Facebook is also adding temporary profile pictures that allow users to display them for a set amount of time before reverting back to their original one. Facebook product managers Aigerim Shorman and Tony Hsieh suggested using the feature to support your favorite sports team leading up to the big game, to celebrate a special milestone like a birthday or vacation or to show off a throwback Thursday photo.

And speaking of, profile pictures are now larger and centered.



As it has done multiple times before, Facebook is making changes to its profile controls. Specifically, they’re adding a new customizable space at the top of your profile and adding a new one-line “bio” field. You’ll also be able to add up to five feature photos to showcase at the top of your profile. The space is visible to anyone that visits your profile although you’ll have full control over what information is shown, we’re told.

Facebook said it has already started to roll the changes out to a small number of iPhone users in California and the UK. Assuming all goes well, the rollout will continue to expand in the near future.

Exploiting Browser Cookies to Bypass HTTPS and Steal Private Information

A newly discovered critical flaw in the implementation of web cookies by major browsers could open secured (HTTPS) browsing to Man-in-the-middle attacks.

The US Computer Emergency Response Team (CERT) has revealed that all the main browser vendors have improperly implemented the RFC 6265 Standard, also referred to as "Browser Cookies," allowing…

…remote attackers to bypass secure HTTPS protocol and reveal confidential private session data.

Cookies are small pieces of data sent from web sites to web browsers, which contains various information used to identify users, or store any information related to that particular website.

HTTPS Cookie Injection Vulnerability

Whenever a website (you have visited) wants to set a cookie in your browser, it passes a header named “Set-Cookie” with the parameter name, its value and some options, including cookie expiration time and domain name (for which it is valid).

It is also important to note that HTTP based websites does not encrypt the headers in any way, and to solve this issue websites use HTTPS cookies with "secure flag", which indicates that the cookies must be sent (from browser to server) over a secure HTTPS connection.

However, the researchers found that some major web browsers accept cookies via HTTPS, without even verifying the source of the HTTPS cookies (cookie forcing), allowing attackers with man-in-the-middle position on a plain-text HTTP browsing session to inject cookies that will be used for secure HTTPS encrypted sessions.

For an unprotected browser, an attacker can set HTTPS cookie masquerading as another site (example.com) and override the real HTTPS cookie in such a way that even the user might not realise it's a fake while looking through their cookie list.

Now, this malicious HTTPS cookie is controlled by the attacker, thus being able to intercept and grab private session information.

The issue was first revealed at the 24th USENIX Security Symposium in Washington in August when researchers presented their paper that said that cookie injection attacks are possible with major websites and popular open source applications including…

…Google, Amazon, eBay, Apple, Bank of America, BitBucket, China Construction Bank, China UnionPay, JD.com, phpMyAdmin, and MediaWiki, among others.

Affected Browsers:

The Affected major web browsers includes previous versions of:

    Apple’s Safari

    Mozilla’s Firefox

    Google’s Chrome

    Microsoft’s Internet Explorer

    Microsoft’s Edge

    Opera

However, the good news is that the vendors have now fixed the issue. So, if you want to protect yourself from this kind of cookie injection MitM (Man-in-the-Middle) attack vectors, upgrade to the latest versions of these web browsers.

CERT also recommended webmasters to deploy HSTS (HTTP Strict Transport Security) on their top-level domain.

iOS 9 Hack: How to Access Private Photos and Contacts Without a Passcode

A hacker has found a new and quite simple method of bypassing the security of a locked iOS device (iPhone, iPad or iPod touch) running Apple's latest iOS 9 operating system that could allow you to access the device's photos and contacts in 30 seconds or less.

Yes, the passcode on any iOS device running iOS 9.0 is possible to bypass using the benevolent nature of Apple’s personal assistant Siri.

Here's the List of Steps to Bypass Passcode:

You need to follow these simple steps to bypass passcode on any iOS device running iOS 9.0:

Wake the iOS device and Enter an incorrect passcode four times.For the fifth time, Enter 3 or 5 digits(depending on how long your passcode is), and for the last one, press and hold the Home button to invoke Siri immediately followed by the 4th digit.After Siri appears, ask her for the time.Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.Now double tap on the word you wrote to invoke the copy & paste menu, Select Alland then click on "Share".Tap the 'Message' icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.Select "Create New Contact," and Tap on "Add Photo" and then on "Choose Photo".You'll now be able to see the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

Video Demonstration 

You can also watch a video demonstration (given below) that shows the whole hack in action.

It isn't a remote flaw you need to worry about, as this only works if someone has access to your iPhone or iOS device. However, such an easy way to bypass any locked iOS device could put users personal data at risk.

How to Prevent iOS 9 Hack

Until Apple fixes this issue, iOS users can protect themselves by disabling Siri on the lock screen fromSettings > Touch ID & Passcode. Once disabled, you’ll only be able to use Siri after you have unlocked your iOS device using the passcode or your fingerprint. 

France rejects Google's appeal against implementing 'right to be forgotten' globally

France’s data protection watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), has rejected Google’s appeal against the global enforcement of the ‘right to be forgotten’ rule.

In May this year, the CNIL ordered Google to apply the right to be forgotten rule – which lets people ask search engines to not display certain unflattering links resulting from a search on their name – to its google.com global domain and not just European domains such as google.fr or google.co.uk.

Google filed an informal appeal against the order in July, claiming it would restrict the public’s right to information, was a form of censorship, and was attempting to extend French law outside the country’s borders. The president of the CNIL, Isabelle Falque-Pierrotin, rejected the appeal on Monday, saying that delistings must be applied across all extensions of the search engine and that not doing so would mean the RTBF ruling could be easily circumvented. The CNIL added that it just wanted non-European companies to respect European laws when offering their services in the continent - rejecting Google’s claims it was going beyond its jurisdiction.

"The President of the CNIL rejects Google's informal appeal against the formal notice requesting it to apply delisting on all of the search engine's domain names […] Contrary to what Google has stated, this decision does not show any willingness on the part of the CNIL to apply French law extraterritorially. It simply requests full observance of European legislation by non European players offering their services in Europe," it said in a statement.

Under French law, Google has no legal possibility of appealing the order at this stage. If the company refuses to remove the tens of thousands of delistings from its non-European domains for named searches, then the CNIL will likely look at imposing sanctions - including the possibility of a fine up to 5 percent of its worldwide revenue - against the internet giant.

A Google spokesman said: “We’ve worked hard to implement the ‘right to be forgotten’ ruling thoughtfully and comprehensively in Europe, and we’ll continue to do so. But as a matter of principle, we respectfully disagree with the idea that one national data protection authority can assert global authority to control the content that people can access around the world.”

Security firm is buying iOS 9 exploits for $1 million

Zerodium, a startup that bills themselves as the "premium zero-day vulnerability and exploit acquisition program", are currently running a massive bug bounty program that is offering $1 million to developers who discover critical, exploitable flaws in iOS 9.

The company is willing to pay a total of $3 million for three separate iOS 9 exploits; $1 million to each group of developers. However it's going to take a particularly serious exploit to claim the million dollar bounty, as Zerodium's requirements are lengthy and strict.

The exploit in question must use an unknown flaw and lead to a "remote, privileged, and persistent installation of an arbitrary app", essentially making it an untethered jailbreak of iOS 9. On top of this, the flaw must be exploitable silently, reliably and remotely without any user interaction, with attacks originating through either a web page, SMS or MMS.

The exploit must be delivered exclusively to Zerodium and must work on all iOS 9 devices newer than and including the iPhone 5 and 3rd-gen iPad. The program will run through to October 31st, although if three exploits are discovered before then, the program will end early.

Zerodium doesn't state what the zero-day exploits will be used for, although the company lists its clients as major corporations "in need of advanced zero-day protection" as well as governments "in need of specific and tailored cybersecurity capabilities".

It's most likely that these exploits will be packaged up for groups that require silent backdoor entry into iOS 9 devices, such as governments that want to tap into and spy on an iPhone user. These type exploits that remain unpatched and unknown to the public typically command high prices on the market, which is why Zerodium is offering such a large sum for iOS 9 exploits.

How to Upgrade /Edit Your School Grade Result #FUN

Hello everyone here,  I'm going to show y'all HOW TO UPGRADE/ENHANCE YOUR SCHOOL RESULT BY YOURSEF    

This tutorial will simply guild you on how to ehhance your  result successively in all exams written countries. All you need to do is to Watch and follow the simple steps above #Firebug #hmmmm
Note: Pls Check the article Title .

#MITM ATTACKS!!!!

What is a MITM Attack?

A Man in the Middle Attack (MITM) is a type of network attack in which an attacker assumes the role of the default gateway and captures all the traffic going to and fro. This is a very serious attack and also very easy to perform. MITM attack can be performed in a Local area network such as airport and  coffee shop wifi, college wifi, computer labs and other any kind of LAN. 

What the attack basically means is that a hacker (or anyone for that matter) with the right set of  tools, can intercept all your internet activities and see all your passwords and  all the websites you are browsing. 

How to perform a Man in the Middle attack?

There are many types of Man in the Middle attacks. There are also many ways to perform this attack. There are several tools such as Cain&Abel, Ettercap, Subterfuge, SSLStrip etc which can do a MITM attack.

In Windows, we use a technique called ARP spoofing to achieve MITM scenario. We use a free ready made tool called Cain&Abel for this. First, you need to be in the same network subnet as the victim (same campus, same room, or same wifi).

Download and Install Cain&Abel. Alsodownload and install Wireshark which is also free. We will be using wireshark to capture the packets and analyze them. 

After everything is installed, run Cain from the desktop or menu. 

• 1. Start Sniffer by clicking button shown in red box. 2. Then go to Sniffer tab.

• 3. Right click on screen and select “Scan Mac Addresses”. The screen will quickly  be populated with all users in your LAN.

• 4. Select all the IP addresses and right click. and select "Resolve host name". Now, you can find the IP address of the person you want to attack by viewing the computer names.

• Now, 
•  4. click on “ARP” on bottom and then 
•  5. click on “Plus” icon to add user in victim list. 
• 
  

 A window called “New ARP Poison Routing ” will pop up.

• You will see windows divided in two parts. Select the default gateway in left half and select the victim's IP in the right.  Here you see me selecting 10.97.26.1 as the default gateway for the network and the victim's IP address 10.97.26.156

• 
  

• Click on start ARP option shown in red box. You will see that CAIN starts poisoning the host. 

This completes our ARP poisoning  Now, all the traffic from the victim will pass through the attacker's PC. The victim may notice his internet speed slowing down. 

Now, we need to capture the traffic by using Wireshark. 

Fire up wireshark and

 1. Click on the adapter button shown below in red. 2. Click 'start' in the adapter where there are packets. 

If you let this run for a while, all the traffic going through the victim's PC will be captured by wireshark. You can then save the packet capture file and analyze it with appropriate filters. By analyzing the packets, you can find juicy information like username and passwords, web urls visited by the victim etc.

Please note that you have to be very careful while performing such an attack. If not done properly, it can even cause denial of service to the entire network. 

How to setup VPN in Windows 7

WHAT'S VPN?
Virtual Private Network or VPN is used mostly by corporate employees to connect to their office while travelling or  from their home or coffee shop. However, for students, there is an entirely different usage, and that is to bypass firewall restriction in schools and colleges. My friends keep on asking me how to bypass our college firewall as sites like youtube and facebook are blocked during working hours. There are many ways to bypass a firewall, depending on the blocking mechanisms used. VPNs are the best in my opinion.

So, how does VPN work?
Simply put, the wifi or internet you are currently using is not secure. Anyone can sniff data by aMITM attack. VPN creates an encrypted tunnel from your computer to a remote computer which will pass on your information the the websites you are viewing. Just remember that VPN ensures that your information is safe from prying eyes. Now, you might ask, what is that remote computer we are connecting to? It may be your office, or a free VPN server in this case.  The diagram shows VPN connection to a corporate server.

There are several kind of VPN protocols such as PPTP, L2TP, OpenVPN etc.  OpenVPN is the most secure and reliable type of VPN. However, we have to download the OpenVPN client, making it an extra step. In a corporate environment or in a situation where data confidentiality is of prime importance, you may use OpenVPN.  The most easy to setup is PPTP, which comes inbuilt in Microsoft Windows. That means no downloading is required. So, we will use this one. Please note that PPTP is not absolutely secure, but for normal browsing it should be fine.

1. Goto your free VPN providers website. My personal favourite is www.vpnbook.com
   Once there, scroll down, and you will see the IP address or domain or the VPN server, the username and password.

Since the VPN website itself may be blocked by the firewall, you may use GPRS or 3G on you mobile to first visit the site and obtain the VPN username and password. 

Note: These VPN providers periodically  change the passwords, so keep visiting the site to get updated passwords.

2. Goto Control Panel -> Internet Options -> Connections tab

  Click on Add VPN as shown.

A new window will pop up, asking for the Internet Address. This is the VPN site address which we saw earlier on vpnbook.com.  In this case, it is euro1.vpnbook.com. Leave the other fields as they are.

3. Click Next, and it will ask for username and password  Enter them as you saw on the website. Leave the domain blank.

Now, Click Connect and your VPN setup is done. Congratulations, you can now surf any website anonymously and without being logged or blocked.

This tutorial was for PPTP based VPN. PPTP can be blocked by your college or ISP, although it is unlikely. In that case, use OpenVPN. It is impossible to block OpenVPN as it can use any port.

Denial of Service (DOS) Attacks

What are Denial of Service (DOS) attacks?

Denial of Service attacks have become more widely known due to extensive media coverage. But what exactly is a denial of service attack? Simply put, a denial of service attack is a type of cyber attack wherein a website or service is brought down by a hacker or a group of hackers by flooding it with bogus traffic. The web server becomes overloaded with this bogus traffic and the service eventually crashes.

This means that if a hacker performs a denial of service attack against a website, say for example a bank website, then all the online transitions of that bank will be halted. Both companies and individuals are no long able to log into their netbanking accounts for the duration of the attack, leading to loss in revenue for the bank. The bank will also lose reputation and credibility for failing to protect their IT infrastructure.  Similarly, if Gmail was attacked, millions of users will not be able to access their email accounts. In a typical DoS attack, one hacker performs the attack using a DoS tool or script. This is easy to mitigate. The only thing one needs to do is block the IP address of the attacker. To overcome this, hackers use a technique called Distributed Denial of Service or DDoS.

What are Distributed Denial of Service(DDoS) Attacks?

DDoS attacks involve hundreds, if not thousands of "volunteers" who install the DoS tool in their systems and launch a coordinated attack on the target at a specified time. This was the case when Anonymous hacker group took down Paypal  and Mastercard websites some time back. In case there are no "volunteers" involved, hackers use a networks of zombies called botnets to perform the same attack. These zombies are basically normal home computers which have been hacked and infected with the DoS tool. The controller is able to issue remote commands to these "bots" so that they can start attacking a particular website without the owners even noticing. 

Hackers and hactivists perform denial of service attacks by using an array of readymade tools. one such tools is called the Low Orbit Ion Cannon(LOIC). It is a simple GUI tool and volunteers can use it to launch attacks once they receive the green light from the controllers, usually via IRC or social networks. There are many other DoS tools such as HOIC,Hulk Web server, RUDY (R-U-Dead-Yet), Silent  DDoSer etc.

This disruption in service is one of the biggest challenges for companies today. There is no fool proof method to protect against DDoS attacks.  There are many ongoing research on how to mitigate DDoS attacks. As of now, big companies rely on IDS and firewalls and the cooperation of the ISPs to mitigate such attacks.

Would you like to know how to perform a denial of service yourself? Read my other article on  #how to perform DoS attack here.

How to perform a Denial of Service attack to crash a website

Denial of service is a very aggressive attack usually launched against websites as a form of protest or activism. The ultimate aim is to bring down or crash the web server. There are many readymade tools for this. Here, I will give instructions on how to use a very simple DoS tool called Low Orbit Ion Cannon (LOIC). LOIC is a free and open source and can be found in Sourceforge.

Please note that the information provides here is only for educational purpose. 

First download LOIC from here. The original version requires Microsoft .net to run. If you are using a Linux system, then you can use the java version, Java LOIC.

Once downloaded, you can go ahead and run the tool. The directions are pretty straight forward.

1. Enter the URL of the website you are planning to attack. There is also an option to enter the IP address.

2. Once the URL is entered, click on "Lock On"

3. Select the protocol you want to use. TCP is fine.

4. Enter the no of simultaneous threads. (In other words, the severity of your attack) 500 to 1000 threads will do.

5.Finally, click on the large button labelled as "IMMA CHARGIN MAH LAZER"

That will start the attack.  In the bottom, you will see a substantial increase in the no. of requested connections. This means your attack is on. After some time, the website will slow down and eventually stop responding(crash). The best way to observe this is by creating a web server in a virtual lab and attacking it. You can then analyze the web server logs  for more information.

Note: Please don't use tool on any website other than your own. It is a very powerful tool and you could get in trouble with the law.¶lol 

#9jaCZ said it!!! 

5 Best Tools For Hacking Web Applications

In an earlier post, I listed the top 10 general hacking tools. This time, I have listed 5 of the best tools specifically  to hack websites and web applications. Most of these tools are free and are very easy to use.

 If you want to hack a website or web application, knowledge of PHP, ASP, SQL etc are necessary. If you know these languages and technologies, you will be able to hack the website without the need for any tool. These tools make the life of a hacker easy by automating the tasks.

                                                              Image courtesy of chanpipat/ FreeDigitalPhotos.net

So, here is the list of the top 5 web application hacking tools. Starting off with..

1. Burp Suite

Burp suite is a web proxy tool that can be used to test web application security. It can brute force any login form in a browser. You can edit or modify GET and POST data before sending it to the server. It can also be used to automatically detect SQL injection vulnerabilities. It is a good tool to use both under Windows and Linux environments. It is free, however, if you need the advanced features, you can always buy the premium version.

2. Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner provides a comprehensive environment to automatically  scan a website for vulnerabilities.  It scans the web application as well as the web server. Once Acunetix identifies the vulnerabilities in the website, you can go ahead and exploit it manually or use any of the other tools in this list.  Acunetix is however, a paid software, but if you are resourceful, you will know where to get it for free ;)

3. OWASP ZAP

ZAP  OWASP is similar to Burp Suite in functionality. However, ZAP is completely free.

According to the official website:

"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing."

4. Havij

Havij is one of the best Automatic SQL injection tools. It is extremely easy to use, thanks to its GUI. All you have to do is provide a vulnerable link to Havij, and it will spew out database details such as tables, columns and rows.

5. Mozilla Firefox

Mozilla Firefox is a web browser. Why then, is it in this list? That is because every web application hacking will take place through a web browser. And what better browser than Firefox? Google Chrome is too simplistic, Internet explorer is too buggy and slow. Firefox is the preferred web hacking tool because it is fast, supports proxy (to be used with Burp Suite) and supports many  plug-ins  such as cookie editor.

Not successful in hacking that website? Crash it instead with my other article How to perform denial of service to crash a website.

Top 10 Best Hacking Tools

Hacking always involves tools. A good hacker knows how to use tools to his best advantage. An even better hacker writes his own tools. Here I have listed the top 10 most popular tools used in hacking. It is advisable to master these tools to become a good hacker. Note that all the tools listed here are completely free.

1. Nmap

Nmap is also known as the swiss army knife of hacking. It is the best port scanner with a lot of functions
In hacking, Nmap is usually used in the footprinting phase to scan the ports of the remote computer to find out wich ports are open.


2. Wireshark

Wireshark is a packet sniffer. It captures all network traffic going through a network adapter. When performing man in the middle attacks using tools like Cain, we can use Wireshark to capture the traffic and analyze it for juicy info like usernames and passwords. It is used by network administrators to perform network troubleshooting.

3. Cain and Abel

Cain and Abel is a multipurpose windows only hacking tool. It is a bit old now, but it still does the job well. Cain can be used to crack windows password, perform man in the middle attacks, capture network passwords etc.

4. Metasploit

Metasploit is a huge database of exploits. There are thousands of exploit codes, payloads that can be used to attack web servers or any computer for that matter. This is the ultimate hacking tool that will allow you to actually "hack" a computer. You will be able to get root access to the remote computer and plant backdoors or do any other stuff. It is best to use metasploit under linux.

5. Burp Suite

Burpsuite is a web proxy tool that can be used to test web application security. It can brute force any login form in a browser. You can edit or modify GET and POST data before sending it to the server. It can also be used to automatically detect SQL injection vulnerabilities. It is a good tool to use both under Windows and Linux environments.

6. Aircrack-ng

Aircrack-ng is a set of tools that are used to crack wifi passwords. Using a combination of the tools in  aircrack, you can easily crack WEP passwords. WPA passwords can be cracked using dictionary or brute force.  Although aircrack-ng is available for Windows, it is best to use it under Linux environment. There are many issues if you use it under Windows environment.


8. Nessus

Nessus is a comprehensive  automatic vulnerability scanner.  You have to give it an IP address as input and it will scan that IP address to find out the vulnerabilities in that system. Once you know the vulnerabllities, you can use metasploit to exploit the vulnerablity. Nessus works both in Windows and Linux.



10. THC Hydra

Hydra is a fast password cracker tool. It cracks passwords of remote systems through the network. It can crack passwords of many protocols including ftp,http, smtp etc. You have the option to supply a dictionary file which contains possible passwords. It is best to use hydra under linux environment.

9. Netcat

Netcat is a great networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is also known as the swiss army knife for TCP/IP. This is because netcat is extremely versatile and can perform almost anything related to TCP/IP. In a hacking scenario, it can be used as a backdoor to access hacked computers remotely. The use of netcat is limited only by the user's imagination. Find out more about netcat at the official website.

10. Putty

Although putty is not a hacking software by itself, it is a very useful tool for a hacker. It is a client for SSH and telnet, which can be used to connect to remote computers. You may use putty when you want to connect to your Backtrack machine from your Windows PC.  It can also be used to perform SSH tunneling to bypass firewalls.

Note: This list is not comprehensive. There are many tools that I have left out. Those tools that did not make the list are; Sqlmap, Havij, Acunetix Web Scanner, SuperScan, John the Ripper, Kismet, Hping3.
I have written another article about the top 5 website hacking tools.