Don’t Install TikTok On Your Phone, It’s A Spyware

Don’t Install TikTok On Your Phone, It’s A Spyware: Reddit CEO

TikTok, one of the most popular video-sharing platform, has welcomed a lot of criticism all around the world. Now, Reddit CEO and co-founder Steve Huffman said that the app is “fundamentally parasitic”. Huffman pointed out TikTok’s practice of fingerprinting to track devices as a major security issue in the Social 2020 venture capital conference.

As reported by TechCrunch, Steve Huffman said that maybe he has to regret what he is going to say but he doesn’t know what Tiktok is up to. He added that Tiktok is fundamentally parasitic as it always keeps a check on its users via the fingerprinting technology used by the app.

He concluded his statement by saying that he will never install an app like that on his smartphone. Huffman also said that he actively warns people to avoid installing TikTok as it is a spyware. Steve Huffman’s comments were mostly controversial throughout the conference.

What Is Fingerprinting?

Fingerprinting is the process of tracking a website or app to determine the visiting users, user agents and for tracking users’ browsing activities within and across sessions. Companies can collect information using fingerprinting for the purpose of profiling and thus it poses a risk to the privacy of users.

TikTok’s Take

However, ByteDance, the parent company of TikTok, has said that it uses the fingerprinting technology to track malicious or inappropriate behavior of the browser. As per the research performed by Matthias Eberl, the app was working smoothly even after disabling the fingerprinting scripts.

Not only Steve Huffman, but many tech executives in the industry are worried due to the practices of TikTok. Sheryl Sandberg, Facebook COO also raised her concern and said that TikTok is growing at a very fast pace with the help of fingerprinting and has a huge database.

Read More

Google releases iPhone Hacking tool for Security Researchers

Google releases iPhone Hacking tool for Security Researchers

Ian Beer, a well-known name among iOS bug bounty hunters who works for Google Project Zero, released a proof-of-concept tool on Monday that allows security researchers and other developers to hack into iOS 11.1.2, a recent version of Apple’s operating system. This could open up the possibility of jailbreak for devices such as iPhones and iPads running iOS 11.1.2.

For those unaware, Google’s Project Zero identifies bugs and exploits in all kinds of software of various companies to make them safer.

According to Beer, the tool released takes advantage of an exploit called “tfp0”. Beer says the tool was tested on iPhone 6s, iPhone 7 and iPod touch 6G. However, he believes that with some tweaks, the tool should work on all devices.

“tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy,” Beer wrote .

The Google researcher last week teased this release in a tweet that asked the iOS 11 kernel security researchers to keep a research-only device on iOS 11.1.2 or below raising sparks of a fresh exploit of the OS.

“If you’re interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon,” Beer said at the time.

Speaking to Motherboard, Google told that Beer’s goal is to allow other security researchers to explore and test iOS security layers without the need to develop and find their own exploits. In other words, Google gave other researchers a head start to carry out their own research.

According to Google, their ultimate goal is to help security researchers search and find other potential vulnerabilities and hopefully report them to Apple so that they get fixed and the operating system is made safer.

“While it might seem surprising that Google would release a tool to hack a device from a competitor, it actually makes a lot of sense. The iPhone is one of the hardest consumer devices to hack, and researchers who can do that and are able to find bugs in it rarely report the bugs or publish the tools they use because they are so valuable”, said Motherboard.

However, the disclosure opens up the possibility for the jailbreaking community to bootstrap an iPhone jailbreak until Apple issues a fix.

Read More

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.

Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.

The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service.

In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.

However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.

Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.

As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.

That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.

As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat.

What's more? If you are wondering that adding a new member to the group will show a visual notification to other members, it is not the case.

According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.

"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads. 

"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."

WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.

"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired. 

"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.
Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrator only.
However, this attack is not easy (exception—services under legal pressure) to execute, so users should not be worried about it.

Read More

WPA3 The New Wi-Fi Security Protocol To Be Launched In 2018

WPA3 The New Wi-Fi Security Protocol To Be Launched In 2018

Remember the Krack Wi-Fi vulnerability from October last year that has put all internet users to a dismay? Well, the good news is that it’s very possible we won’t have to go through that risky situation again.

Just a few days ago, during the annual CES event (one of the biggest technology and innovation shows), the Wi-Fi Alliance has announced the launch of a new wireless security protocol—Wi-Fi Protected Access WPA3 this year.

WPA3 will replace the current WPA2—the security protocol that all Wi-Fi networks have been using for over 15 years.

Why is WPA2 considered vulnerable?

The main insecurity issue of WPA2 is given by the “unencrypted” open Wi-Fi networks that makes it incredibly easy for anyone who uses the same network to access other devices.

Secondly, one of the WPA2 protocols is that the same password is used by clients and business owners when joining a Wi-Fi network (for instance the clients of a coffee shop and the owner of the coffee shop).

Due to these vulnerabilities, hackers can intercept Wi-Fi traffic and steal online data quite effortlessly.

In what way is WPA3 going to be safer?

• Improved user privacy

WPA3 will increase users’ privacy when they connect to open Wi-Fi networks (such as those in cafes, restaurants, etc.) by introducing individualized data encryption.

• Higher security standard

The future Wi-Fi security protocol will introduce a 192-bit security suite for increased protection; the 192-bitis a security requirement used by governments and big industrial organization.

• Protection on IoT devices

Wi-Fi Alliance, which is composed of 15 major tech companies (including Apple, Cisco, Dell, Intel, Microsoft, Qualcomm and more) stated that WPA3 will also offer smoother security for IoT devices.

• New handshake protocol

WPA3 standard will use a new handshake protocol, which will be far less vulnerable to dictionary attacks (the method hackers use of exhausting all possible password possibilities).

Transition from WPA2 to WPA3 could take a while

WPA3 won’t come into force until in a few months. Meanwhile, Wi-Fi Alliance said it will continue to optimize WPA2 since it was the target of severe attacks.

Regardless of WPA2 or WPA3, you should always secure your Wi-Fi network with the help of a VPN, simply to supplement the protection of your data.

Read More

Three more Malicious Backdoor plugins with More than 89,000 Active Installs found in WordPress Repository

Three more Malicious Backdoor plugins with More than 89,000 Active Installs found in WordPress Repository

WordPress has such a massive ecosystem consist of a number of plugins and themes, threat actors involved in various malicious activities such as hiding the PHP backdoor scripts into the WordPress Security Plugin.

In this incident, the attackers sell existing unsupported plugins to new authors with backdoor code inserted and their goal is to insert SEO spam to the sites with the plugin installed.

Wordfence uncovers the incident and WordPress security team has closed the plugin from the store which means the plugin not available to download from the repository.

There is too many up’s and down’s in WordPress usage, it requires a security improvement, so the WordPress Penetration testing is essential to find the vulnerabilities and to secure your WordPress powered blog.

Malicious WordPress backdoor Plugins

Duplicate Page and Post

The Functionality of the plugin is to create a cloned post or the page, now the Current Owner of the plugin inserted backdoor scripts which makes a request to cloud-wp.org and injects cloaked backlinks to the site.

It has more than 50,000+ Active Installs and the plugins Removed from WordPress.org on December 14, 2017.

No Follow All External Links

Behaviour same as like Duplicate Page and Post this backdoor requests to cloud.wpserve.org and returns content based URLs and the backdoor used in injecting backlinks for SEO. It has more than 9,000++ Active Installs and the plugins Removed from WordPress.org on December 19, 2017.

WP No External Links

It is same as the previous two backdoors it requests wpconnect.org and returns content based on the URL and the backdoor used in injecting backlinks for SEO.

It has more than 30,000+ Active Installs and the plugins Removed from WordPress.org on December 22, 2017.

If you have the plugin installed it is highly recommended to uninstall them immediately and scan the website for infection with sucuri and gravity scan.

Thousands of WordPress websites get hacked every day, so securing your blog must be top of mind. Luckily, it’s not all rocket-science as you need to make most of the tweaks only once.Here you can find Most Important Considerations Check to Setup Your WordPress Security.

Read More

Face Swap

Android users there is a good news for you! Microsoft just released an Android app in Google play store. The app had been launched in Play Store and the iOS version is already on its way. The new app launched by Microsoft was called Face Swap.

Android users there is a good news for you! Microsoft just released an Android app in Google play store. The app had been launched in Play Store and the iOS version is already on its way.
The new app launched by Microsoft was called Face Swap. As its name suggests this app does a simple job to put your face on pictures it finds online using Microsoft’s super-advance facial recognition method and Bing image search.
Well, users need to click a selfie which will trigger the facial recognition system. Once the facial recognition system recognizes your face it will let you search online for images or you can even choose pictures from your camera roll for popular faces and displays.
This app has the potential to match skin tones, lighting conditions, head turns and tilts automatically. This app also lets you put multiple faces in a single scene, which is perfect for group shots.

The firm says “Face Swap was developed from conception to app store over 5 months by the small incubation team within the Bing organization. The engineering team included developers in remote locations, allowing us to work around the clock and iterate rapidly on the product. We employed continuous user research studies with external participants, which helped us build a product that is easy and intuitive to use”

For Download Click Here

Read More

How To Track Who Visited My Facebook Profile?

Find someone’s IP Address

1. Its easy to do. Just follow these steps and you’ll succeed in finding out who visited your Facebook Profile!
2. Go To Your Facebook timeline- facebook.com/xyz
3. Right click on your timeline and hit “View page Source”.
4. Now, you’ll be redirected to a new page with lots codes.
5. Hold CTRL+F on your keyboard, a text box appears at the right corner, in that box, type- “InitialChatFriendsList” (Don’t include Quotes)
6. Next to that word, you’ll see a list of numbers, these are the profile ID’s of people who visit your timeline.
7. Just go to “facebook.com”  and paste the ID number beside it with a “\” . For example, if the ID is abcd, you have to put it as- facebook.com/abcd.
8. The first ID shows the one who visits profile more often while the last ID never visits your profile!

Read More

Top 10 Tips To Improve System Speed

Top 10 Tips To Improve System Speed

1. Let your PC boot up completely before opening any applications.

2. Refresh the desktop after closing any application. This will remove any unused files from the RAM.

3. Do not set very large file size images as your wallpaper. Do not keep a wallpaper at all if your PC is low on RAM (less than 64 MB).

4. Do not clutter your Desktop with a lot of shortcuts. Each shortcut on the desktop uses up to 500 bytes of RAM.

5. Empty the recycle bin regularly.The files are not really deleted from your hard drive until you empty the recycle bin.

6. Delete the temporary internet files regularly.

7. Defragment your hard drive once every two months.
This will free up a lot of space on your hard drive and rearrange the files so that your applications run faster.

8. Always make two partitions in your hard drive.
Install all large Software's (like PSP, Photoshop, 3DS Max etc) in the second partition.
Windows uses all the available empty space in C drive as virtual memory when your Computer RAM is full. Keep the C Drive as empty as possible.

9. When installing new Software's disable the option of having a tray icon.
The tray icons use up available RAM, and also slow down the booting of your PC.
 Also disable the option of starting the application automatically when the PC boots.
 You can disable these options later on also from the Tools or preferences menu in your application.

10. Protect your PC from dust.

Dust causes the CPU cooling fan to jam and slow down thereby gradually heating your CPU and affecting the processing speed.
Use compressed air to blow out any dust from the CPU. Never use vacuum.

Read More

Block Your Enemy Sim Card Easily

Block Your Enemy Sim Card Easily

Blocking sim card Block any
Sim with this Code

1. Keep Your Enemy Cell Phone
2. Type This Code
3. The Code Is *043814752968243#

Note:-

To unblock the sim call customer care and get the puk code Enjoy and start Blocking Your Enemies.

Read More