Security firm is buying iOS 9 exploits for $1 million

Zerodium, a startup that bills themselves as the "premium zero-day vulnerability and exploit acquisition program", are currently running a massive bug bounty program that is offering $1 million to developers who discover critical, exploitable flaws in iOS 9.

The company is willing to pay a total of $3 million for three separate iOS 9 exploits; $1 million to each group of developers. However it's going to take a particularly serious exploit to claim the million dollar bounty, as Zerodium's requirements are lengthy and strict.

The exploit in question must use an unknown flaw and lead to a "remote, privileged, and persistent installation of an arbitrary app", essentially making it an untethered jailbreak of iOS 9. On top of this, the flaw must be exploitable silently, reliably and remotely without any user interaction, with attacks originating through either a web page, SMS or MMS.

The exploit must be delivered exclusively to Zerodium and must work on all iOS 9 devices newer than and including the iPhone 5 and 3rd-gen iPad. The program will run through to October 31st, although if three exploits are discovered before then, the program will end early.

Zerodium doesn't state what the zero-day exploits will be used for, although the company lists its clients as major corporations "in need of advanced zero-day protection" as well as governments "in need of specific and tailored cybersecurity capabilities".

It's most likely that these exploits will be packaged up for groups that require silent backdoor entry into iOS 9 devices, such as governments that want to tap into and spy on an iPhone user. These type exploits that remain unpatched and unknown to the public typically command high prices on the market, which is why Zerodium is offering such a large sum for iOS 9 exploits.

How to Upgrade /Edit Your School Grade Result #FUN

Hello everyone here,  I'm going to show y'all HOW TO UPGRADE/ENHANCE YOUR SCHOOL RESULT BY YOURSEF    

This tutorial will simply guild you on how to ehhance your  result successively in all exams written countries. All you need to do is to Watch and follow the simple steps above #Firebug #hmmmm
Note: Pls Check the article Title .

#MITM ATTACKS!!!!

What is a MITM Attack?

A Man in the Middle Attack (MITM) is a type of network attack in which an attacker assumes the role of the default gateway and captures all the traffic going to and fro. This is a very serious attack and also very easy to perform. MITM attack can be performed in a Local area network such as airport and  coffee shop wifi, college wifi, computer labs and other any kind of LAN. 

What the attack basically means is that a hacker (or anyone for that matter) with the right set of  tools, can intercept all your internet activities and see all your passwords and  all the websites you are browsing. 

How to perform a Man in the Middle attack?

There are many types of Man in the Middle attacks. There are also many ways to perform this attack. There are several tools such as Cain&Abel, Ettercap, Subterfuge, SSLStrip etc which can do a MITM attack.

In Windows, we use a technique called ARP spoofing to achieve MITM scenario. We use a free ready made tool called Cain&Abel for this. First, you need to be in the same network subnet as the victim (same campus, same room, or same wifi).

Download and Install Cain&Abel. Alsodownload and install Wireshark which is also free. We will be using wireshark to capture the packets and analyze them. 

After everything is installed, run Cain from the desktop or menu. 

• 1. Start Sniffer by clicking button shown in red box. 2. Then go to Sniffer tab.

• 3. Right click on screen and select “Scan Mac Addresses”. The screen will quickly  be populated with all users in your LAN.

• 4. Select all the IP addresses and right click. and select "Resolve host name". Now, you can find the IP address of the person you want to attack by viewing the computer names.

• Now, 
•  4. click on “ARP” on bottom and then 
•  5. click on “Plus” icon to add user in victim list. 
• 
  

 A window called “New ARP Poison Routing ” will pop up.

• You will see windows divided in two parts. Select the default gateway in left half and select the victim's IP in the right.  Here you see me selecting 10.97.26.1 as the default gateway for the network and the victim's IP address 10.97.26.156

• 
  

• Click on start ARP option shown in red box. You will see that CAIN starts poisoning the host. 

This completes our ARP poisoning  Now, all the traffic from the victim will pass through the attacker's PC. The victim may notice his internet speed slowing down. 

Now, we need to capture the traffic by using Wireshark. 

Fire up wireshark and

 1. Click on the adapter button shown below in red. 2. Click 'start' in the adapter where there are packets. 

If you let this run for a while, all the traffic going through the victim's PC will be captured by wireshark. You can then save the packet capture file and analyze it with appropriate filters. By analyzing the packets, you can find juicy information like username and passwords, web urls visited by the victim etc.

Please note that you have to be very careful while performing such an attack. If not done properly, it can even cause denial of service to the entire network. 

How to setup VPN in Windows 7

WHAT'S VPN?
Virtual Private Network or VPN is used mostly by corporate employees to connect to their office while travelling or  from their home or coffee shop. However, for students, there is an entirely different usage, and that is to bypass firewall restriction in schools and colleges. My friends keep on asking me how to bypass our college firewall as sites like youtube and facebook are blocked during working hours. There are many ways to bypass a firewall, depending on the blocking mechanisms used. VPNs are the best in my opinion.

So, how does VPN work?
Simply put, the wifi or internet you are currently using is not secure. Anyone can sniff data by aMITM attack. VPN creates an encrypted tunnel from your computer to a remote computer which will pass on your information the the websites you are viewing. Just remember that VPN ensures that your information is safe from prying eyes. Now, you might ask, what is that remote computer we are connecting to? It may be your office, or a free VPN server in this case.  The diagram shows VPN connection to a corporate server.

There are several kind of VPN protocols such as PPTP, L2TP, OpenVPN etc.  OpenVPN is the most secure and reliable type of VPN. However, we have to download the OpenVPN client, making it an extra step. In a corporate environment or in a situation where data confidentiality is of prime importance, you may use OpenVPN.  The most easy to setup is PPTP, which comes inbuilt in Microsoft Windows. That means no downloading is required. So, we will use this one. Please note that PPTP is not absolutely secure, but for normal browsing it should be fine.

1. Goto your free VPN providers website. My personal favourite is www.vpnbook.com
   Once there, scroll down, and you will see the IP address or domain or the VPN server, the username and password.

Since the VPN website itself may be blocked by the firewall, you may use GPRS or 3G on you mobile to first visit the site and obtain the VPN username and password. 

Note: These VPN providers periodically  change the passwords, so keep visiting the site to get updated passwords.

2. Goto Control Panel -> Internet Options -> Connections tab

  Click on Add VPN as shown.

A new window will pop up, asking for the Internet Address. This is the VPN site address which we saw earlier on vpnbook.com.  In this case, it is euro1.vpnbook.com. Leave the other fields as they are.

3. Click Next, and it will ask for username and password  Enter them as you saw on the website. Leave the domain blank.

Now, Click Connect and your VPN setup is done. Congratulations, you can now surf any website anonymously and without being logged or blocked.

This tutorial was for PPTP based VPN. PPTP can be blocked by your college or ISP, although it is unlikely. In that case, use OpenVPN. It is impossible to block OpenVPN as it can use any port.