Tuesday, July 31, 2012

Meet zANTI – Mobile Penetration Testing Platform


zANTI is an award-winning Mobile Penetration Testing software specially built for smartphones and the first of its kind for mobile devices.

The revolutionary softSware is the winner of the renowned PCMag Editor’s Choice Award and the THN Tool of the Year award. zANTI has been hailed by popular technology media such as Engadget and Forbes and won acclaim from the worldwide security community.

Some would recognize the very scary Zanti in “The Zanti Misfits,” from the 1963 television show, “The Outer Limits.” Watch it on Youtube in the end of the page.

Our own zANTI — as you can imagine — is designed not to scare, but to secure our mobile world and make it safer for you. The release version of the beta, which was codenamed ANTI, or Android Network Toolkit, has come after almost a year of testing by about 100,000 users.

We first created ANTI to demonstrate that smartphones are the equal of computers in the way penetration testers/IT managers can use for their daily tasks. Soon enough, ANTI became one of the most used smartphone apps among pentesters and security enthusiasts that wanted a simple tool to provide them real-time status of their network security.

We chose a new name for the release version, from the tens of different variations. With the naming protocol of our other products — zCore IPS, zDefender and zAppliance — it only made sense to call it
zANTI boosts the normative IT security toolbox and enables you to run a complete vulnerabilities scan on your network with the click of a button. You can also get a visual status of the devices connected to the same physical network.

Here is a longer list of zANTI’s powerful features:
• Common vulnerabilities search
• Cloud-based report to fix recognized vulnerabilities including wise analysis for critical flaws
• Password audit to check for password complexity
• Audit password complexity in a specific device or entire LAN
• Detect misconfiguration of device firewall by detecting open ports
• Check network vulnerability to MITM and common client side and server side vulnerabilities
• Discover insecure traffic and cookies affecting network’s privacy settings.
• Alert network vulnerability to MITM attacks by demonstrating live modification of unsecured communication’s images
• Visualise network by watching live photo feeds, recorded from unsecured network
• WiFi monitor to benchmark nearby networks


Samsung (google) Nexus S Review

The Google Nexus S is the first Google-branded phone manufactured by device giant Samsung. Running on Android 2.3.3 Gingerbread out of the box and easily upgradeable to 2.3.4 in most countries, the 4 inch Nexus S has seen its fair share of popularity due to its unique outward design, solid specs and penchant for seeing Android updates ahead of the competition.

Samsung has taken a new approach to external design with the Google Nexus S, introducing a unique, convexly curved screen to the equation that makes the Nexus S more comfortable to hold against the face. The curved design, coupled with the sleek angles and large screen give the device a certain quality of style not seen in much of the smartphone market.

Available in both black and white the case for the Nexus S has a glossy plastic finish which does detract from the end result somewhat, but not enough to really damage the handset’s visual appeal. Although we can see that scratches would be more readily visible on this kind of surface we still think the Nexus S will stay classy over the full length of a 24 month contract as long as it’s not too badly mistreated.

Of course there are the normal physical buttons: power/lock and the volume rocker. Both these keys are easy to press but not so much so that they are easily activated when in the pocket. The now standard capacitive Android buttons can be found below the screen in order or Back, Menu, Search and Home (from left to right).


Getting Started with the Google Nexus S


Setup is simple and standard with the Nexus S. A few short prompts are given and once you’ve either synced or created your Google account you’re on your way. As always it’s a good idea to plug the handset in to a computer straight away in case there are any updates, but ours automatically updated from 2.3.3 to 2.3.4 automatically over the air so you mightn’t need to depending on your carrier.

The Google Nexus S, although designed and manufactured by Samsung, comes running the base Android user interface (UI). There’s no fancy skins to slow down performance and everything has a very crisp and snappy feel to it. The Home menu has 5 different screens to fill with icons or widgets that we did find was a teeny bit jerky at first. However, it was nothing major and we found that performance was improved when we turned off the native live wallpaper and opted for a still image instead. It also improved battery life, which was already sufficient to last more than a day with medium-to-heavy use.

The Android 2.3 Gingerbread UI not only adds speed and battery efficiency, but also sports a few cute UI changes. Most notably are two examples found in the menus and one found when locking the device. The first is in the applications section, which now appears to roll off the top and bottom of the screen 3 dimensionally. This effect doesn’t really add any functionality, but we still found it to be a welcome addition to the familiar Android UI.

The second addition is a small orange flash that appears whenever the end of a scrolling menu list is reached. Once again it’s nothing major, but does still add an element of polish to the experience.
The third is a quick visualisation that happens whenever the screen is locked. Instead of turning straight off the screen minimises in to a horizontal white line before condensing in to a dot and disappearing, much like one would find on an old television set. It’s a cute little addition and once again helped give the impression of a fully finished device, rather than a hastily assembled one.


Speed, Apps and Browsing


For its price range, the Google Nexus S sports some impressive hardware. The 1GHz processor and 512MB of RAM provide a smooth and generally pain-free interfacing experience with both the native Android 2.3.3 and 2.3.4 Gingerbread operating system (OS) versions.

App support is, of course, fantastic on the Android platform. There are literally hundreds of thousands of apps to choose from, many of which are free due to Android’s tendency to opt for in-app advertising, rather than one-time payments. We had a little fun and filled one of our home screen with Google-made apps and found them all to work extremely well with the Nexus S.

The web browser is also pretty efficient. It’s not the fastest browsing experience we’ve had on a standard 3G network but it’s definitely close. We often found that we received a full 3 or 4 bars of 3G connectivity in areas where some of our other devices received little to no wireless support at all. There’s also the added bonus of Flash support on the Android platform. Flash support does cause the browser to move a little slowly when loading Flash intensive pages, but we’ve found the positives far outweigh the negatives on most Android devices.


 Camera and Multimedia Playback


The Google Nexus S sports a reliable 5MP camera with LED flash. While pictures don’t turn out quite as clear as on the Apple iPhone 4’s camera of the same MP rating, the Nexus S still churns out images of high quality. The camera does have a bit of trouble with fast movement, especially in low light and the LED flash can definitely be a little over-zealous at times. But overall we were happy with what the Nexus S had to offer in terms of image-capture.
Video filming was much the same. Videos came out pretty well but once again had a bit of trouble with fast movement, especially if the device itself is doing the movement. Night-time recordings are probably best avoided but daytime video came out fine.
As far as video playback goes the 4 inch, 480 x 800 Super AMOLED display offered clear images and vibrant colours. Blacks came out nice and stark and there wasn’t any noticeable bleeding or dodgy pixilation.
The same could be said for the music player, which we found to be quite intuitive. Partially because many Android devices use this standard Google media player and partially because of its simple layout and design.


Email and Messaging With the Google Nexus S


Syncing an email account with the Nexus S was just as easy as on other Android devices we’ve used. The first time the email client is opened the user is prompted to sync an account and away they go.
For both messaging and emails the virtual keyboard makes things simple. Sporting the standard Android keyboard, rather than a skinned version, speeds up tactile response and the 4 inch screen allows for a comfortable spread of keys across the display. We found that we rarely had to slow down while typing.


Apple iphone 4s review

The iPhone 4S, as part of the iconic iPhone line, is obviously doing very well for itself in the market. However, directly after its release there was a lot of discontentment demonstrated throughout the online community. While the negative reactions were initially more abundant that one might expect for an Apple product, things seem to be quieting down a bit now as people come to terms with the fact that there isn’t going to be any iPhone 5 this time around.

Physical Design of the iPhone 4S


One of the more common complaints about the iPhone 4S when it was originally released is that its form-factor differs in almost no way from the original iPhone 4. Apart from a tiny redesign of the external antenna (CDMA iPhone users will notice no difference here) there pretty much hasn’t been any change to its physical parameters.

The same 3.5 inch 960×640 retina display has been implemented, both the front and back are still made of Gorilla Glass and the weight has increased by somewhere around 3g (0.11oz). The good news is that the new antenna arrangement means that there shouldn’t be any problems with the so-named “death grip” that inspired a media frenzy last year when iPhone 4 customers found that they lost all connectivity when holding their phones in a certain way.

While it’s understandable that Apple would keep a similar design for an upgraded, rather than wholly new device, many people are still expressing concern. There were perceived flaws with the iPhone 4 that many fans wanted to see fixed. Flaws such as delicacy and lack of grip when placed on a surface.
The combination of weight and smoothness does give the 4S a definite feel of both quality and class when held in the hand. It’s small, slim and very no-nonsense in appearance. However, these physical qualities, coupled with its identical appearance to the iPhone 4, also add a few problems.
  • The iPhone 4S is more inclined to slide out of loose pockets when on a train or in a car. It might sound silly, but we actually found that during our time with it we almost left it behind no less than 3 or 4 times after sitting for an extended period.
  • Dropping the 4S on a hard surface is much more likely to end with catastrophic damage to the casing and screen, often leading to repair costs. This is due to the glass design not offering much in the way of impact absorption.
  • Many folks see a new iPhone as something akin to a status symbol. People with a brand-new iPhone often want it to look like something special. If it just looks like an iPhone 4 then it’s hardly going to draw any attention from friends or acquaintances.
Obviously the first 2 of these 3 examples are the most important. Fortunately both can be easily avoided by purchasing a durable and grippy case for the device. Cases for the iPhone 4S exist in abundance; a clear advantage of it sporting the same dimensions as its predecessor. One of the great things about owning the most popular device on the market is that there’s a wealth of peripheral support, so individualising or reinforcing your device with a funky case shouldn’t be a problem.


UI and Speed


With iOS 5 there have been a few changes to the classic iOS user interface. Instead of going over each and every little detail, which would quickly turn this in to an iOS 5 post, we’re just going to approach the iOS 5 UI as we would any other for a review.iPhones have traditionally offered an impressively smoother user experience, even when compared to the top competitors in the market. One of the benefits of controlling every inch of development in both the hardware and software departments is that it’s much easier to optimise the end product. The iPhone 4S is no exception.

The 4S UI is smooth and fast. The dual-core processor really steps it up a notch when it comes to app switching and general performance. We did notice that when running particularly intense apps that the iPhone 4S did tend to heat up a little. This is a common problem with the current generation of dual-core handsets. Luckily in the 4S it’s not as pronounced as in other devices like the Galaxy S II and subsequently didn’t really cause too much of an issue.

In appearance the UI really doesn’t differ to what we’ve seen previously from Apple. The same familiar tile format with customisable background has made an appearance and we couldn’t really notice any major differences in layout or visualisations.

The new notification system, while ‘inspired’ very heavily by the one first employed on Android, is still a fantastic addition. Instead of intrusive pop-up notifications users are alerted to messages, Wi-Fi areas, Social Media updates, app notifications and more by a slide-down bar at the top of the screen. It’s still a little wide and can intrude when playing a game or reading an article, but it’s a marked improvement on the old style. That being said any fans of the original notification system can opt to revert back to it, but we can’t see to many users going for that.

Notifications are accessed by sliding the finger from the very top of the screen downwards, which brings down the notification screen. From here everything you’ve missed or just haven’t got around to checking yet is accessible. It’s a great, unobtrusive and fast way to handle notifications. We of course think it’s a little funny for Apple to take something that is so iconically Android and adopt it in to its own OS, seeing as it tends to be Apple’s flag waving whenever cries of plagiarism and patent infringement can be heard. But at the end of the day we’re happy when good ideas see wider adoption.


Messaging and Browsing on the iPhone 4S


The iPhone 4S has gone in a new direction when it comes to messenger. iMessenger, the new overarching messaging system for iOS, is more like an instant messenger (IM) than an SMS system. If you’re chatting to anyone else with iOS 5 or above and you have wireless internet access then iMessenger will take over as your messaging service in order to provide a more detailed experience.

It’s a good idea and we appreciate Apple trying to take these now traditional functionalities and spice them up a little. However, what a lot of iOS 5 users aren’t realising is that with iMessenger whoever messaged you is alerted when you view the message and when you are typing a response.

This kind of idea works well with normal IM services on the web, as more often than not you’re engaged in an active conversation when using them. The problem with SMS received message alerts is that we, and apparently many of our readers, will often read a message and make a mental note to reply at a later time, sometimes even hours distant. This leads to confusion at the other end and can even look rude, depending on the situation.

Not every user will have a problem with this new function and it’s easy enough to switch off your phone’s outgoing alerts in the setting menu, but we’ve been hearing a lot of surprised exclamations from 4S users when they find out their friends have been canny to the fact that they’ve been waiting hours to respond to their messages, rather than doing so as soon as they read them. We thought it wise to warn anyone reading this that you might want to consider turning it off if you’re one of them.

That being said the rest of iMessenger is great. Sharing media and pictures is fantastically quick and it’s wonderful to have what is pretty much unlimited texts to anyone else with iOS 5 on their device. That means you can even contact the iPads and iPod Touches of your friends as easily as you would an iPhone.
For traditional messaging to non-iPhone users you still use the same messenger screen and the iPhone will automatically know whether or not to employ iMessenger. You’ll be able to tell the difference by what colour your texts appear as in the conversation thread; green for standard texts and blue for iMessenger texts.
The keyboard is still fantastically quick, although a little cramped if you’re used to the larger screens that are coming out now-a-days. We didn’t find ourselves making too many mistakes in landscape mode, but portrait did get a little tricky for our large fingers.

The smaller screen also hampers browsing somewhat in that you can’t fit quite as much on the display as you can on other devices. If that doesn’t sound like a problem to you, or if you’re already used to iPhone browsing then there shouldn’t be any issues, but we would like to see Apple start upping the size of its displays just a little in the near future.

Websites loaded quickly. Moving between portrait and landscape didn’t create any problems and the drop-down address bar at the top of the screen was great for getting that little bit of extra reading space without sacrificing functionality. Overall the browser experience was polished, smooth and efficient.


The iPhone 4S Camera


The camera on the iPhone 4S is simply the best camera we’ve reviewed on a phone so far. Although on paper its 8MP rating might not wow anybody, the real-world application of 8MP when combined with a fantastic lens system and a solid software backbone is nothing but impressive.Firstly we’ll get the camera UI improvements from iOS 4 to iOS 5 out of the way. All iOS 5 iPhones, including the 4S, now have the option of using the +volume key as a hardware camera button. This is something we’ve loved every time we’ve encountered it on a handset. It’s so much less awkward taking a photo with the finger rested on the top or bottom of a device than tapping the screen.

One word of caution with this on the 4S, however, is that if you use the +volume key as a normal shutter button (with the key situated on the top of the device when held in landscape, to be activated by the index or middle fingers) then the photos are actually taken upside-down. Apple has tried to correct this issue with some clever software that recognises upside-down photos and corrects them when they’re transferred on to a computer. However, it doesn’t always work so some photos can come out wrong side up.

It’s an easy fix. We just turned the iPhones 4S around and used our left thumb to activate the shutter key instead. It was a bit odd at first, but it ended up being just as easy as the more traditional method and negated the need to manually switch the alignment of any photos once they’d been taken.It’s also now possible to jump straight in to camera mode from the lock screen. When the 4S is locked a double tap of the Home button will bring up an on-screen camera icon. Tap this and the camera app will instantly launch. It’s extremely quick and we love this kind of functionality. It means you’re less likely to miss one of those oh-so-fleeting photo ops that come around every now and then.

Pictures and videos in well-lit areas come out fantastically. Of course you still can’t compare the 4S to most dedicated cameras, but in some of our shots we honestly couldn’t tell the difference. Of course you can always download third party camera apps to improve upon the experience even more, which we recommend for those photo junkies out there. But the stock standard camera function should suffice for most owners.
Photos and videos in low light, as with every smartphone, did suffer. However, we noticed that there was still a noticeable difference in the quality of the iPhone 4S’s low-light shots when compared to other market leading devices, although the difference was admittedly smaller.

The camera flash is bright, but not so bright that it can ruin a photo. There’s little to no discolouration caused by the dual LED flash.not only did the 4S provide photos of high quality, but if you really need to it’s possible to snap off shots with alarming speed. If you’re trying to capture a specific moment then all you need do is tap the camera button as fast as you can. We found that we got the best effect with this when we used the +volume key. We easily captured over 1 photo per second, each of which didn’t seem to suffer any drop in quality from a regular snapshot.Sufficed to say we expect to see a lot of iPhone 4S camera shots start cropping up on sites like Facebook or Flickr in the very near future.






Yes, it’s time to talk about Siri. Is she worthwhile, is she useless, is she somewhere in between? The answer to all of those is “kinda”. While the range of Siri’s functionality drops significantly once you step foot outside of the US, we still found it to be an impressive piece of software.

In most of the world Siri can’t do some of the simple things that it’s advertised as doing in America. Questions like “where is the nearest train station” and “is there a nice place to eat around here” tend to not work, thus lessening Siri’s futuristic feel significantly. However, making calendar notes with pre-set alarms simply by talking to your phone is very cool, as is sending an accurate text message via your iPhone headphones while you walk down the street with your iPhone 4S in your pocket.

The voice recognition software for Siri is nothing short of incredible. Instead of the small number of pre-programmed voice commands we’ve traditionally seen from voice activated systems, Siri’s understanding of casual language borders on the uncanny. There are literally dozens of ways you can ask Siri a question and it will still understand you.

That being said, Siri definitely had trouble with place names. Things like when “Pyrmont” came out as “Pine”, which is even more confusing once you understand that the “Pyr” in Pyrmont is pronounced “Peer”. This problem did seem totally limited to location names, but it’s still a shame to see this potentially awesome functionality limited just because we weren’t using it on American shores.

In short if you live in America then Siri is amazing, if you live elsewhere then it’s a handy tool. But we would hardly call it a make-or-break piece of functionality if you fall in to the second category.



Media and Apps on the iPhone 4S


As always, media on an iOS device is very much a 2 edged sword. On one side you have unmatched support for purchasable media and an enormous app library. On the other you have a strictly controlled system with a very definite set of rules from which it’s impossible to break free. As a result this ends up being one of the most subjective areas of the iPhone 4S’s functionality, so we’ll do our best to cover it objectively and give you an idea of what to expect.

Media playback on the 4S is fantastic. The music and video players have a simple yet still somewhat stylish design, despite not really seeing any major visual makeovers in recent years. Sound quality is some of the best we’ve ever heard on a portable music device and syncing with iTunes is super easy.

That being said if you’re not a fan of iTunes then you’re out of luck. As with every other iOS device the iPhone 4S doesn’t play nice with other media players. You will need a licenced version of iTunes on your computer if you want to transfer files. You also have a limited number of devices that you can sync with your iPhone 4S, so if you go to a friend’s house and notice they have an album or two you want to “borrow” then you’ll have to somehow get them on to your home computer before transferring them to your device, rather than just plugging it in and transferring them right then and there.

 The iPhone range also only supports a very limited range of file types. If you want to get a media file of an unsupported codec, which nearly all video files that have not been downloaded via iTunes are,you’llneedtouse a 3rd party conversion program. This is a hassle and often gives rise to an issue where users find themselves with 2 versions of the same file, one in the original format and another in the new. The original file is better for watching on a larger computer screen, but you don’t want to delete the new iOS friendly file because if you need to free up room on your phone at some point you don’t want to have to re-convert the file at a later date, as it can be very time consuming.

However, if you do most of your downloading via iTunes then your media experience should be streamlined and easy. Downloads from the iTunes store will be ready to go the instant they’re downloaded. It’s an absolutely great system if you love iTunes, but a less than optimal one if you don’t.
App support on the iPhone 4S is, as one would expect, immense. The Apple App store is the largest software distribution system in the world, offering the most apps to the largest and most app-hungry consumer base. Apple is often the first platform to receive the newest and shiniest game titles, the largest amount of handy and intriguing apps and now, with the help of iCloud, even makes those apps available over your multiple iOS/Mac devices, assuming you have more than one.

Apps open and close extremely quickly, partly due to Apple’s vertical integration of hardware and software and partly due to the new dual-core CPU of the iPhone 4S. The 4S really is faster than its single-core predecessor and it’s probably most notable in the loading, closing and switching-between of apps.


Apple iPhone 4S vs Samsung Galaxy Nexus

Of course when comparing 2 high end devices like the Galaxy Nexus and the iPhone 4S it’s impossible to take in to account the personal preferences of each of phone shoppers. The subjective areas of smartphone synergy will always be one of the strongest driving factors for which device someone purchases and we aren’t forgetting that.
So, what are the differences between the iPhone 4S and the new Samsung Galaxy Nexus flagship phone for Android 4.0 Ice Cream Sandwich. We thought we’d throw a quick comparison of some of the key features together and try to explain what the differences actually mean, if indeed they mean anything at all.
We also acknowledge that one cannot truly compare every aspect of a phone, so this comparison will cover as many of the basic bits that customers worry about when choosing between two high-end devices as we can, before the word length gets too out of hand.
So without further ado, here’s our head-to-head of the Samsung Galaxy Nexus and the iPhone 4S and if you're after a more summarised spreadsheet we've got our Apple iPhone 4S vs Galaxy Nexus



One of the first things anyone notices about a device is the display, so that seems like a good place to start. This is also one of the areas where the iPhone 4S and Galaxy Nexus differ most obviously, even to the most cursory of glances.
Where the iPhone 4S sports the trusty and proven 3.5 inch retina display that made the iPhone 4 such a hit, the Galaxy Nexus has taken a slightly different approach.
The G-Nex (as we shall refer to it occasionally from now on) boasts a whopping 4.65 inch Super AMOLED display with 720p HD resolution.
This is an area where numbers and buzz words like “720p HD” can be misleading. It’s certainly impressive that Samsung has managed to cram a resolution of 720x1280 on to such a small screen, but if you were to measure by pixels per inch (ppi) you’d find that the iPhone 4S was still slightly in front. The Galaxy Nexus has a ppi rating of 316 and the iPhone 4S of 326. Is this a big difference? No. But it puts that “720p HD” tagline in to perspective.
Basically both of these phones have incredibly crisp displays. Both have clear blacks, uniform whites and vibrant colours. Both will be among the best displays you will have ever seen on a handset. The only area where they ultimately differ is in size; 3.5 inches compared to 4.65.
This is one of those subjective areas we talked about. Many people will love the idea of a larger screen for browsing, movies and just general use. Others will prefer the more compact approach, as it means a smaller device that takes up less room in the pocket and drains less power. It’s totally up to the user to decide.

Physical Design and Dimensions

Perhaps next most obvious area of difference is outward appearace. With such different sized screens the Galaxy Nexus and 4S will obviously differ greatly in dimensions, which can definitely affect how comfortable a device might feel in the hand, or when kept in the pocket. There’s also the element of aesthetic style that is inherent to every high-end purchase. When someone gets a new top-tier handset, it’s always nice to be reminded every time you use it by its level and quality of stylish design.

--The Samsung Galaxy Nexus’ Design--

During the Galaxy Nexus keynote presentation, Samsung stated that design creates the “emotional connection to the amazing technology at the heart of the Galaxy Nexus.” Whether or not this is true, we’re still fans of the Galaxy Nexus’ design.
In keeping with the Google Nexus S’s signature curved design with contoured screen, Samsung has done something similar again with the Galaxy Nexus. Back in our Nexus S review, we mentioned how appreciative we were of this approach, as it not only made the phone more comfortable when held against the head, but also when kept in a pocket. The curvature allows the phone to rest against the leg or chest more snugly, and as such makes less of an impact than a totally flat phone would. This allows the handset to be both thicker and larger overall, without decreasing from comfort.
Other than that the Galaxy Nexus has taken a new approach to button design. Neither hardware nor fixed capacitive buttons are employed on the G-Nex. Instead what Samsung and Google are calling virtual buttons. Now, instead of actual separate keys, the Galaxy Nexus’ buttons are part of the display. This allows the buttons to slide away when watching media, or even to light up when pressed. However, once they’ve slid away there’s that little bit extra screen space that hasn’t been sacrificed just to accommodate 3 buttons. It’s an intriguing idea and we can’t wait to see how it goes.
The bezel around the display is just 4.29mm, creating a streamlined look not shared by many other phones. Once again this allows for the display to be larger without impacting the dimensions of the phone unnecessarily.
The back cover is made of what Samsung calls “hyperskin”. This material is said to increase slip resistance and make the device easier to hold overall.
The dimensions of the Samsung Galaxy Nexus are:
  • Height: 135.5mm
  • Width: 67.9mm
  • Depth/Thickness: 8.9mm



--The iPhone 4S’ Design--

We went in to great depth on the design of the iPhone 4S in our iPhone 4S review a short while back. Basically between the iPhone 4 and iPhone 4S nothing has changed.
It’s the same stylish and smooth handset that we’ve all become familiar with. It’s still made out of durable Gorilla Glass and it still has that external antenna running around the side. The antenna itself has received a tiny redesign to avoid the ‘death grip’ issues that plagued the iPhone 4 upon its release, but other than moving a couple of little gaps around there’s really no physical difference.
The dimensions of the iPhone 4S are:
  • Height: 115.2mm
  • Width: 58.6mm
  • Depth/Thickness: 9.3mm


Speed is also an area in which certain phrases and terms can be misconstrued to mean more than they actually do. For instance, hardware-wise the Galaxy Nexus is definitely in front in the speed department.
With a 1.2GHz Cortex A-9 processor and a full 1GB of RAM the G-Nex definitely puts itself in front of its competitor. The iPhone 4S has a still impressive dual-core 1GHz A5 processor that has been under-clocked to 800MHz and just 512MB of RAM. But at the end of the day the speed of the two devices is very similar.
If these were 2 Android phones competing against one another then the victor would be clear, especially if they were manufactured by the same company. However, iPhones are renowned for their speed, efficiency and reliability. iPhones are designed alongside the very operating systems on which they run and thus make efficient use of their hardware. As a result it would be safe to say that both the 4S and Galaxy Nexus will be comparable in speed, despite the hardware discrepancy.
Yes, there will be differences between the two if you were to run any of the myriad of benchmark tests out there. But at the end of the day what matters is what the user notices. If you simply notice that your device is fast, switches between apps well and handles reliably then that’s all the average consumer really needs to know.
Both phones are fast; as fast or faster than any other high-end phone out there.  Each will excel in certain areas and be simply good in others. It’s really not worth judging a phone by its speed based on specs at the end of the day. What you really need are reviews or hands-on experience. We’ve already got an iPhone 4S review up and we promise we’ll have a Samsung Galaxy Nexus review up as soon as we can. But if a phone is smooth and reliable at every level of operation then that’s all you really need to know, numbers need not really come in to it at all.




Once again phone cameras are an area where it is easy to be misled, or hasten to judge based on a spec sheet. It’s true that megapixels do give a reliable round-about idea of a phone’s capability, but it’s never wise to make up your mind based solely on any number immediately preceding “MP”.
That being said the iPhone 4S is definitely a winner in the camera department. Its 8MP camera is a wonderful piece of engineering and was one of our favourite features when we reviewed it. The combination of Lens, MP density and the software backing it all made for a truly impressive photo experience.
On the other hand Android phones have always been very similar in quality to one another and, while we hate to take sides, we must admit that the iPhone line has always edged ahead when cameras of equal MP rating were compared.
Having said all of this, Samsung Galaxy Nexus has just a 5MP camera. Given its lower MP rating and the fact that Apple has always had an upper-hand in the camera department, we’d suggest that the Galaxy Nexus would be overshadowed here.  The 5MP camera on the G-Nex is no doubt impressive and should definitely take acceptable photos and we’re not saying it won’t. But based on the history between Apple and Android it’s difficult to imagine a 5MP Android camera outclassing an 8MP iPhone competitor.

Memory and Storage

Memory and storage is important for a lot of people on devices. Just how much media content or random file space is available can make or break a purchase. Both the iPhone 4S and Galaxy Nexus have plenty to go around.
The Galaxy Nexus comes in both 16 and 32GB versions. Unlike other Android devices it does not have a MicroSD slot for expandable memory, so what you get is what you get.
The iPhone 4S comes in 16, 32 and 64GB versions. It’s a little bit more variety, but variety you’ll have to pay for. This difference in storage space will only matter for the upper end of media users who really think they’ll need that extra 32GB of space.

Price Comparison of the iPhone 4S and Samsung Galaxy Nexus

The pricing of both the Galaxy Nexus and iPhone 4S is very close. For the 16GB versions of each you’re looking at starting around $15-$16 extra per month on a $29 dollar 24 month cap on Virgin, Vodafone and Optus. Telstra prices vary a bit, but that’s to be expected.
If you’d like a more detailed comparison you can put both devices head to head on our phone comparison calculator. Just click “Add a phone” to add your first device, then in the same area click “Add another phone” to add your second.
If you want you can then adjust the search to include your estimated number of calls, texts and the carriers whose prices you’re interested in once you click search. All that info is accessed via the sliders on the left side.


Saturday, July 28, 2012

Google launched its 1-gigabit-per-second broadband service in Kansas City

Google launched its 1-gigabit-per-second broadband service in Kansas City today and also unveiled a new interactive television service called Google Fiber TV, in a move it hopes will push the broadband and paid TV industries to deploy speedier networks at a lower cost.

Google Fiber TV is a service that provides interactive search for TV that lets you search your DVR as well as content you have on services like Netflix. It will include a DVR with up to 500 hours of storage of shows and movies all in 1,080p High Definition. You can also record up to eight TV shows at once.

Google is charging every home that gets the fiber service $300 for the construction of the fiber link. But the company is waiving that fee for people who sign up initially for the service.

Google is offering three different packages. The Gigabit and Fiber TV service will cost $120 a month and will include 1Gbps connectivity on the upstream as well as downstream. There is no data cap. It also comes with 1 terabyte of Google Drive cloud storage. The TV service will include all the regular broadcast TV channels, hundreds of Google Fiber TV channels, thousands of TV shows on demand, and premium movie channels.

Google didn't say whether traditional cable channels such as Discovery or ESPN will be included in the package. The company will also be giving away free Google Android Nexus 7 tablets to everyone who signs up for this service.

The second package is for broadband-only customers. It will cost $70 a month and offer 1Gbps downloads and uploads. It will also provide the 1 terabyte of data storage, as well as a network box for offering the service.

For an introductory period, people who sign up for the two services won't have to pay the $300 construction fee.

The last package is geared toward the 25 percent of Kansas City area people who may not have broadband already. Google will offer this service for a limited time only. It will be free to customers who pay for the $300 fiber installation. And it will include 5Mbps download speeds and 1Mpbs upload speeds for seven years. Customers will have the option to upgrade the service to one of the other packages. Google will allow customers for this plan to pay for the $300 construction fee on a monthly basis -- $25 a month for the first year.

Kevin Lo, general manager of Google Access, said during the unveiling presentation that Google will make the service available to folks in Kansas City, Kan., as well as people in Kansas City, Mo. The company will deploy the network first in "fiberhoods" where there's the most interest from consumers.

Starting today, Google is launching virtual "rallies" in which it's encouraging people throughout these cities to sign up on a Web site. If a neighborhood can get 40 to 80 households to preregister for the service, Google will begin deployments. From there, the company will hook up schools, libraries, government offices, and other publicly accessed buildings to the fiber network.

Google has also established a "fiber space" demonstration center where local residents can make appointments to learn more about the personal and community benefits of having a fiber network.

Google, which announced the project in February 2010, began construction of the network backbone in February. The company had said it expected to launch the network this summer. The idea behind Google Fiber is for the company to build a commercial fiber-based high-speed broadband network that Google and others can use to test new business models and applications that need very fast connections -- upward of 1Gbps. Thousands of cities competed to be the home of the future network. Kansas City won.

Google is now ready to put the network into action. Earlier this summer a set-top box displaying the company's logo made it through the Federal Communications Commission's approval process.

source - cnet

Wednesday, July 25, 2012

Android Hackers will demonstrate Fully loaded Spying Applications & Mobile Botnet

This Sunday, The Capital , New Delhi plays host to an International The Hackers Conference where blackhat hackers will discuss the challenges of cyber safety with security agencies.

Your smartphone is an always-on and always-connected digital extension of your life which will be used by attackers to covertly steal your sensitive data and spy on you. Mahesh Rakheja , An Independent Security Researchers and Android Developer/Hacker will demonstrate "Android Spy Agent".

This application allows us to remotely access the entire victim’s personal information and even though the confidential data available in the android cell phone. The type of personal information include the victim’s contacts, call logs, messages, browser’s history, GPS location and many more information directly available on the victim’s cell phone. 

Many-a-times we think that is there any way by which we can read the private sms of anyone. So here is the solution Mr. Mahesh will present in The Hackers Conference 2012 platform with Hundreds of advance features.
This application can also allows the attacker to remotely delete the data available on the victim’s phone. In order to perfectly work this application you have to gain access to the victim’s android cell phone for at least 20 seconds. You have to install the application and then restart the cell phone. After restart your application get automatically starts on the victim’s cell phone. Now you can access the victim’s cells information for any normal cell phone and get the response on it. The android spy agent will be hidden in the victim’s cell phone and not allows the victim to easily uninstall or delete it from the cell.

In Another Talk Android Hacker Aditya Gupta and Subho Halder will talk about "All your Droids belong to me : A look into Mobile Security in 2012". Researchers have developed and will Demonstrate  malware for Android phones that can be used as a spam botnet.

"The talk is about Android Malwares, Botnets and all the crazy stuff you have been hearing in the past. We will give an inside view on how the black hat underground uses this, to earn 5-6 digit income per month . For this, We will start off with creating an Android Malware, and then will gradually move on to the Botnet Part.", Aditya Gupta said.

Maintaining that a wide variety of services is being offered on the mobile platforms without proper security implementation, Anurag Kumar Jain and Devendra Shanbhag from Tata Consultancy Services will deliberate on the topic, "Mobile Application Security Risk and Remediation". They will highlight the need for application security in mobile applications, the threats in a mobile environment, key security issues that can creep in mobile applications, and suggests a secure development approach which can possibly safeguard mobile applications from becoming “sitting ducks” for attackers and mobile malware.

Experts from countries like Iran and Argentina will share space with Indian speakers in the day-long discussion at the India Habitat Centre. Yet another important issue The Hackers Conference 2012 will deliberate on is the Internet censorship in India.

For more details, go to www.thehackersconference.com

Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference.

The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes.
Two independent security consultants will give a class called "Advanced ARM exploitation," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting.

The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux.

In addition to mobile and Web security, Black Hat presentations will also cover security issues and attack techniques affecting industrial control systems, smart meters and embedded devices.

CVE-2012-2808 : Android 4.0.4 DNS poisoning vulnerability Exposed


Android's DNS resolver is vulnerable to DNS poisoning due to weak randomness in its implementation. Researchers Roee Hay & Roi Saltzman from IBM Application Security Research Group demonstrate that how an attacker can successfully guess the nonce of the DNS request with a probability thatis su cient for a feasible attack. Android version 4.0.4 and below are Vulnerable to this bug.
Weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. DNS poisoning attacks may endanger the integrity and con dentiality of the attacked system. For example, in Android, the Browser app can be attacked in order to steal the victim's cookies of a domain of the attacker's choice. If the attacker manages to lure the victim to browse to a web page controlled by him/her, the attacker can use JavaScript, to start resolving non-existing sub-domains.

Upon success, a sub-domain points to the attacker's IP, which enables the latter to steal wild card cookies of the attacked domain, and even set cookies. In addition, a malicious app instantiate the Browser app on the attacker's malicious web-page. If the attacker knows the PID (for example, a malicious app can access that information), the attack expected time can be reduced furthermore.

Vulnerability dubbed as "CVE-2012-2808" Android 4.1.1 has been released, and patches are available on AOSP. The random sample is now pulled from /dev/urandom, which should have adequate entropy by the time network activity occurs.

Iranian nuclear program hit by AC/DC virus

A scientist working at the Atomic Energy Organisation of Iran said computer systems have been hit by a cyber-attack which forced them to play AC/DC’s Thunderstruck at full volume in the middle of the night.

The attack came to light after a researcher at security firm F-Secure received a string of emails from a Iran's atomic energy organisation."I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom."
"It does sound really weird," he said. "If there was an attack, why would the attacker announce themselves by playing 'Thunderstruck?" If true, this attack is the third hacking attempt aimed at Tehran’s controversial nuclear program.

It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 2010 starting with Stuxnet. However, there’s no independent confirmation of this attack’s existence.

The scientist reported that the virus came through a simple and cheap open-source project that finds vulnerabilities in software.

See the full e-mail below:
I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.

CVE-2012-0217 - Intel SYSRET FreeBSD Privilege Escalation Exploit Released

The Vulnerability reported on 06/12/2012, dubbed as "CVE-2012-0217" - according to that Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.

Inj3ct0r team today released related private exploit on their website, which allow normal FreeBSD users to Privilege Escalation. All systems running 64 bit Xen hypervisor running 64 bit PV guests onIntel CPUs are vulnerable to this issue.

However FreeBSD/amd64 running on AMD CPUs is not vulnerable to thisparticular problem.Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386kernel are not vulnerable, nor are systems running on differentprocessor architectures.

Download the relevant patch from the location below:
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc

[8.1 if original sysret.patch has been applied]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc

How to Apply the patch ?
# cd /usr/src
# patch < /path/to/patch

After Recompile your kernel as described and reboot the system and update system
# freebsd-update fetch
# freebsd-update install

Tuesday, July 24, 2012

Hack a Server - The man behind the idea

Choose a job you love, and you will never have to work a day in your life” said Confucius. These would be the words that describe Marius CorĂ®ci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing installations retailer from South-Eastern Europe. In 2007 he moved into Artificial Intelligence field and founded Intelligentics, a group for Natural Language Processing. Now, he is very focused on infosec and got involved in all the biggest independent security projects in Romania: S3ntinel, Hack Me If You Can, Hack a Server and DefCamp.

Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future.

What determined you to shift your attention towards software development industry?
Besides the great opportunities, I am a guy who loves challenges. I started to like developing digital products and I belive that the online industry will increase growth in the near future.

Hacking Servers
What is Hack a Server?
HaS (Hack a Server) is a platform designed for conducting manual penetration tests using the power of crowdsourcing, covered by anonymity and confidentiality.

It's a fact that communities and individuals who love to discover and test security issues already exist. Whether they are called black, grey or white hackers, crackers, skiddies, PenTesters you name it, they love to find flaws and vulnerabilities. They love challenges and every flaw or vulnerability represents a challenge for them. This is the truth.

When your system or production server gets hacked in real life, peaceful intentions are the least to expect. Trust me, we’ve been there having our platform “tested” and tested. Thanks God we don’t keep any sensitive data about our users on the platform.
HaS brings security skilled people in the same place and gets them paid for what they love doing most: Hacking. Everybody can register to our platform, but only the best will have access to “Playground Arena”, where all the hacking happens.

In order to get access to the “Playground Arena”, they will first have to pass a test. We all know that the most important thing when someone finds holes into your system is not the penetration itself but the report that describes the security issues and the solutions. That report is the most important thing for a CTO, Sys Admin or web app developer.

The test that a HaS user has to pass in order to get access for hacking, is like any other tests that they should pass in order to get different security certificates (e.g. CPTC, OSPC, CEH, CEPT, CISSP etc). The only difference is that we give this opportunity to all our users and we don’t charge for it. This test ensures CTOs, Sys Administrators and web apps developers that whenever they will pay and receive a Penetration Test Report, it will comply Penetration Test Standard Reports.

How did you come up with the idea behind HaS platform?
I use to say: Solve a problem, then, build a product. There were two ingredients that make me come up with this idea:
  • Gaming: I hate gaming because if you are not aware, it's like a drug.
  • Security: Security is one big problem, believe me.

One day, being with my little daughter at a doctor and waiting to get in, I was thinking „how can you use gaming in such a way to solve a big problem?” And it strike it me. Online Security Gaming but in another way that it hasn’t been done before. Using the power of crowd source, and not for points (as was done until now), but for real money. After I figured out the outlines, I grabbed the phone, called a friend who’s Sys Admin and asked if he would use such platform and how much would pay for this service. He said yes, he would use such service and he would pay like 1000 Euros. …And here we are. If you think deeper, we solve a few other complementary problems, like hackers that ware black hats, can become grey and start earning real money for what they love most: Hacking Servers. Moreover we fill up a niche between companies that perform penetration tests with high rate cost for small and medium companies and those companies. In fact we don’t even compete with those companies and we complete them. And I can add at least two or three more good things like being sys admin or tester on our platform you get the opportunity if you are in „Hall of Fame” to become consultants on InfoSec issues.

Building the product
Who is currently working to bring out HaS platform to the world?
I’ve tried many, we left few.

Marius Chis is currently CFO and the first investor in this project. I tried to involve people that fall in love with the project because I’m a strong believer that money is a consequence of a “well done job” and not a purpose.

Andrei Nistor, is the CTO. He is the one who did the most of the coding part, based on relevant feedback from team members or testers. He worked day and night to get the project working flawless, and made crowdsourcing pentesting possible.

Alexandru Constantinescu, is the PR & Marketing Executive. He impressed me with his determination when he told me how much loves the project and wants to jump in on marketing side with no initial financial interest, because he understands the development stages of a bootstrap leanstartup company.

Cosmin Strimbu is our frontend developer. Although I didn’t meet him at the time I’m being interviewed, the same like Alexandru, he just asked me to take him on board. I love this kind of people driven by passion of what they doing and not by money.

Am I lucky? Yes and no.
Lucky because They find me (not otherwise) and They find the project. Not lucky because I worked hard to spread the word about me and my projects. No, this is not luck, this is hard work. I have spent over 3 years in online industry, and although I’ve meet a lot of people, I would recommend just a few.

What is the business model that will bring you revenue from HaS?
We had a few business models in mind, but since we are dealing with a two sided market place we have decided to charge at a decent percentage those who get paid. That means low rates costs at a fraction comparing with penetration test companies, and we are aiming towards a mass adoption price.

Who are your customers?
HaS customers are companies that wants to solve their security issues fast and with low costs. CTOs CIOs CISOs, Sys Administrators, Data Base Administrators, Web Apps Dev are also the professionals within companies that can use our product.

Other customers are the individual specialists, whether they are PenTesters, Sys Administrators, who want to verify the security of their innovative servers or applications, covered by what we value most, anonymity and confidentiality.

What are the current features of hackaserver?
Hack a Server is the next level solution to resolve critical security issues in a funny war game way.
Cost effective: What can be better for your business than The Power of Crowd Source at cost of a fraction?

It’s Fast, Reliable and Secure.

Fast: Within minutes you can setup your server with most popular OS and start to configure. I think we have like 7 clicks to have a machine up and running

Reliable: Our PenTesters must pass a test and complete a Penetration Test Report to see if they really can be PenTesters before they get access to hack into Playground Arena.

Secure: At Hack a Server, we encourage you not to disclose your real identity whatever you are a company representative or a pentester. In this way, we don’t keep sensitive data on our platform which means that no matter if someone will try to penetrate our system. They will find nothing.

What’s next?
Are there new features to be implemented into the platfom?
Ha! There are a lot of features that we want to implement. We have a top three features but better for us is to let our customers to decide what they want most. On the second thought we have one that we believe will help CTOs, sys administrators, web apps dev and companies: Finding the best way to automate the process to replicate a physical machine on our platform. Now this is a challenge and we will start as soon as we close this iteration (I think?!).

How you intend to penetrate the market?
Hack a Server will become official platform for gamming at DefCamp a premier InfoSec Conference that will held on September 6-8 in Cluj-Napoca City at Hotel Napoca.

The virtualization module we make it open source so everybody who wants to deploy fast a PenTest lab can free of charge.

The virtualization module we intend to implement within faculties so the students will have a funny way to learn security.

Those are a few directions, part of our market strategy.

8 million passwords dumped from gaming website Gamigo

Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList.

The list of passwords, which were scrambled using a one-way cryptographic hash algorithm, were published earlier this month to a forum on the password-cracking website Inside Pro. According to forbe,"The list also contained 8.2 million unique e-mail addresses, including 3 million American accounts from the US, 2.4 million accounts from Germany, and 1.3 million accounts from France."

Gamigo warned users in early March that an attack on the Gamigo database had exposed hashed passwords and usernames and possibly other, unspecified additional personal data. The site required users to change their account passwords.
PwnedList founder Steve Thomas said, “It’s the largest leak I’ve ever actually seen. When this breach originally happened, the data wasn’t released, so it wasn’t a big concern. Now eight million email addresses and passwords have been online, live data for any hacker to see.

This breach is bigger than anything we've seen so far this year. In the last few months, there have been a slew of attacks against the following sites: LinkedIn, eHarmony, Last.fm, Yahoo, Android Forums, Formspring, and Nvidia, among others.

Gamigo users can check on PwnedList’s site whether their email address is included in the leak.

On March 1, Gamigo sent out the following e-mail to its users:

Dear Community,

As you have all already noticed, our game servers, websites and forums are partially unreachable at the moment. We would like to explain to you what happened and what has been done on our side.

There was an attack on the gamigo database in which user information, such as alias usernames and encrypted passwords were stolen. An excerpt from these was published in the gamigo forums. We detected the attack and are working to the utmost of our resources to repair the damage and determine how it happened.

Your character data, including items, is safely stored on the backup! We cannot rule out that the intruder(s) is/are still in possession of additional personal data, although to date we have received no report of any fraudulent use.

To prevent any unauthorized access to your account, we have reset all passwords for the gamigo account system and for all gamigo games!

17 years old hacker will demonstrate Linux ELF Virus at 'The Hackers Conference 2012'

The Biggest Hacking Mania has arrived - 'The Hackers Conference 2012'.  In this first of its kind conference in India, Blackhat hackers drawn from around the world will demonstrate how they access a victim's personal information, and even confidential data available on the Android cell phone. The conference will be held on July 29 at the India Habitat Centre in New Delhi.

The use of Linux as an operating system is increasing rapidly, thanks partly topopular distributions such as ‘RedHat’ and ‘Suse’. So far, there are very few Linuxfile infectors and they do not pose a big threat yet. However, with more desktopsrunning Linux, and probably more Linux viruses, the Linux virus situation couldbecome a bigger problem.

17 years old hacker,Aneesh Dogra will talk on "How to make a Linux ELF Virus (That works on your latest linux distribution)" at 'The Hackers Conference 2012' . Linux or Unix has the reputation of being "not so buggy", and of being a good maintainer of system sanctity via good protection mechanisms.
This talk will be focused on How to make a simple ELF virus in Linux. A virus is a program that infects other programs stored on permanent media. Usually this means to copy the executable code of the virus into another file. Other possible targets are boot sectors and programmable ROMs. 

The Executable and Linking Format (ELF) is meant to provide developers with a set of binary interface definitions that extend across multiple platforms. ELF is indeed used on several platforms, and is flexible enough to be manipulated creatively, as demonstrated by many. A virus could attach viral code to an ELF file, and re-route control-flow so as to include the viral code during execution.

Aneesh said,"We'll be starting with a basic idea of a Prepernder and using that we'll create a Virus which actually works on your latest linux distribution. There will a demonstration showing how this virus infects different files on the system, and How it can be dangerous."

The Hackers Conference 2012 is expected to be the first open gathering of Blackhat hackers in India who will debate latest security issues with the top itelligence echolons in India.

ChallenGe Security Team, which includes Sina Hatef Matbue, Farhad Miria and Arash Shirkhorshidi from Iran will deliberate on the topic "GraVitoN: Cross Platform Malware". GraViton, they claim aspires to become an artificial creature which can move between world of windows, world of apples, and world of emperor penguins, etc., and remain stealth. “We believe as this project grows, security professionals will have a better and deeper understanding of how viruses, trojans, etc work, so they can fight and protect themselves against those, and they can even create 'white viruses', to spread and fight against malicious viruses, effectively,” the press release informed.

Monday, July 23, 2012

Russian Hacker Arrested For DDoS Attacks on Amazon

Dmitry Olegovich Zubakha, a Russian man accused of launching distributed-denial-of-service (DDOS) attacks on Amazon.com, has been arrested this week by authorities in Cyprus based on an international warrant, the Department of Justice revealed.

Zubakha, a native of Moscow, was indicted for two denial of service attacks in 2008 on the Amazon.com website. The indictment, unsealed Thursday, also details denial of service attacks on Priceline.com and eBay.
"Orders from Amazon.com customers dropped significantly, as legitimate customers were unable to access the website and complete their e-commerce transactions during the pendency of the attack," read an indictment unsealed in district court in western Washington on Thursday. The botnet involved requested "large and resource-intensive web pages" on a magnitude of between 600 and 1,000 percent of normal traffic levels, according to the indictment.

The hacker is charged with conspiracy to intentionally cause damage to a protected computer, possession of more than 15 unauthorized access devices, aggravated identity theft, and intentionally causing damage to a computer resulting in a loss of over $5,000 (4,000 EUR).

Zubakha and his friend claimed credit for the attacks on online hacker forums, and law enforcement traced 28,000 stolen credit card numbers to the pair in 2009. For that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person.

The charges faced by Zubakha carry potential penalties of up to 10 years in prison and a $250,000 (£160,000) fine.

Russian Hacker Arrested For DDoS Attacks on Amazon

Dmitry Olegovich Zubakha, a Russian man accused of launching distributed-denial-of-service (DDOS) attacks on Amazon.com, has been arrested this week by authorities in Cyprus based on an international warrant, the Department of Justice revealed.

Zubakha, a native of Moscow, was indicted for two denial of service attacks in 2008 on the Amazon.com website. The indictment, unsealed Thursday, also details denial of service attacks on Priceline.com and eBay.
"Orders from Amazon.com customers dropped significantly, as legitimate customers were unable to access the website and complete their e-commerce transactions during the pendency of the attack," read an indictment unsealed in district court in western Washington on Thursday. The botnet involved requested "large and resource-intensive web pages" on a magnitude of between 600 and 1,000 percent of normal traffic levels, according to the indictment.

The hacker is charged with conspiracy to intentionally cause damage to a protected computer, possession of more than 15 unauthorized access devices, aggravated identity theft, and intentionally causing damage to a computer resulting in a loss of over $5,000 (4,000 EUR).

Zubakha and his friend claimed credit for the attacks on online hacker forums, and law enforcement traced 28,000 stolen credit card numbers to the pair in 2009. For that reason, Zubakha and his partner are also charged with aggravated identity theft for illegally using the credit card of at least one person.

The charges faced by Zubakha carry potential penalties of up to 10 years in prison and a $250,000 (£160,000) fine.

Hacker going to demonstrate open source tool to crack Hashes with speed of 154 Billion/sec

Bitweasil lead developer going to Demonstrate an open source Tool called "Cryptohaze" at DEF CON 20. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers.

"Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems." BitWeasil posted.
WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets. 

Bitweasil Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets.

Cryptohaze tools are aimed at providing high quality tools that run on any platform - Windows, Linux, or OS X. The tools run on all platforms that support CUDA or OpenCL (currently Windows, Linux, OS X). If you don't have a GPU - the OpenCL code will run just fine on your host CPU!

The releases are now combined into single releases. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes with the same card, performance drops to 380M steps per second. This is the password stepping rate - not the search rate. The search rate is 380M * 1.4M passwords per second!

Recommended Post Slide Out For Blogger