Thursday, January 3, 2013

Facebook Camera App Vulnerable To Man In The Middle Attack

Egypt-based security researcher reported that Facebook Camera App for mobiles are Vulnerable to Man in The Middle Attack, that allow an attacker to tap the network and hijack Camera users accounts and information like email addresses and passwords can be stolen.
Facebook Camera App Vulnerable to Man in The Middle Attack
Mohamed Ramadan trainer with Attack-Secure, who previously reported us about similar vulnerability in Etsy app for iPhone
Mohamed explains "The problem is that the app accepts any SSL certification from any source, even evil SSL certifications, and this enables any attacker to perform man in the middle attacks against anyone who uses the Facebook Camera app for IPhone. This means that the application doesn’t warn the user if someone in the same (Wi-Fi network) is trying to hijack his or her Facebook account."
Facebook suggest users to upgrade the Camera application To Version 1.1.2. A statement released by the company says “We applaud the security researcher who brought this bug to our attention for responsibly reporting the bug to our White Hat Program. We worked with the team to make sure we understood the full scope of the bug, which allowed us to fix it and upgrade the Camera application without any evidence that this bug was exploited in the wild. Users are only vulnerable if they are using an unsecured or untrusted public wireless network and an older version of the application."

"As always, we remind all users to only connect to networks they trust. Users can protect themselves by downloading the latest version of the Camera app. Due to the responsible reporting of this issue to Facebook, no one within the security community has evidence of account compromise using this bug. We have provided a bounty to the researcher to thank them for their contribution to Facebook Security.

Facebook suggest users to upgrade the Camera application To Version 1.1.2.

UbnHD2: Ubuntu Based Pentesting OS For Mobiles: Free Download

Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS.
UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer.
UbnHD2
Features
  • Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM)
  • X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0
  • USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum)
  • Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded
Download From Sourceforge

Android Malware That Can DDOS Attack From Ur Smart Phone

The Russian anti-virus vendor Doctor Web has found a new malicious program for Android which allows hacker groups to carry out mobile denial of service attacks. While it’s not entirely clear how the Trojan is spread, researchers suspect that the attackers use social engineering tactics since the malware appears to disguise itself as a Google Play clone.
Android MalwareThis malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware.
Dubbed TheAndroid.DDoS.1.origin, creates an application icon, similar to that of Google Play. If the user decides to use the fake icon to access Google Play, the application will be launched.
When it receives a DDoS attack command, the malware starts to send data packets to the specified address. "Activities of the Trojan can lower performance of the infected handset and affect the well-being of its owner, as access to the Internet and SMS are chargeable services. Should the device send messages to premium numbers, malicious activities will cost the user even more." they said.
Android Malware that can DDoS Attacks from your smartphone

I would like to advise readers to only download Android apps from official Android app stores like Google Play or the Amazon Appstore for Android, Always check the number of downloads, app rating and user reviews, Carefully review permissions before downloading and/or installing an app.

Israel Preparing Cyber Iron Dome Shield Attack

Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community.

Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age.
Israel preparing Cyber Iron Dome Shield
The new program will accept outstanding pupils aged between 16 and 18 and train them to intercept malicious attacks through a three-year course. Cyber security has become a national priority in Israel, with significant resources being invested in protecting the military and civilian computing networks.
Benjamin Netanyahu revealed plans to create a "digital Iron Dome" to protect vital infrastructure from hackers and viruses like last November, Israeli was under heavy cyber attacks from hacktivist group Anonymous as the latte protested against the Israeli attacks on Gaza.
We are one of the world’s leaders in the field of cybernetics and we must maintain this position. We will continue to cultivate the generation of the future,” said Israeli prime minister Binyamin Netanyahu. The Prime Minister told prospective students that they will be the "future interceptors for the state."