Yahoo Account Exploit Selling on Black Market

Yahoo Account Exploit Selling on Black Market

Yahoo is investigating the claims of a hacker who is selling an exploit that apparently hijacks Yahoo mail accounts.

The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets a cross-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! Webmail users.

Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Demonstrating an apparent flair for marketing, the hacker, under the alias “TheHell” also posted a video on YouTube, providing a demo for potential customers. He claims it works with all browsers and does not require a bypass of XSS filters in either Chrome or Internet Explorer. He also says the exploit will be sold only to trusted individuals who are not likely to turn it over to Yahoo, which would undoubtedly develop a patch that will foil the attack.

“TheHell” claims that his exploit attacks a “stored” XSS flaw. This type of attack injects a code that is permanently stored on targeted servers until it is found and deleted. The malicious code is then passed to the victim’s machine when that particular server is accessed for legitimate download.

A standard phishing attempt is used to access the user’s cookies, from which the attacker can access the person’s email, or take full control of the account.

As of Tuesday morning, Yahoo was in the process of trying to identify the infected URL. Once the identification is successful, the malicious portion of code will be deleted.

Shylock Banking Trojan Spreads via Skype

Shylock Banking Trojan Spreads via Skype

The home Trojan-banker known as Shylock has just been updated with new functions. According to the CSIS Security Group, during an investigation, researchers found that Shylock is now capable of spreading using the popular Voice over IP service and software application, Skype.

The program was discovered in 2011 that steals online banking credentials and other financial information from infected computers. Shylock, named after a character from Shakespeare’s “The Merchant of Venice”.

Shylock is active in only a few parts of the world. The epicenter of infections is primarily located in the UK.

The Skype replication is implemented with a plugin called “msg.gsm”. This plugin allows the code to spread through Skype and adds the following functionality:

– Sending messages and transferring files
– Clean messages and transfers from Skype history (using sql-lite access to Skype%smain.db )
– Bypass Skype warning/restriction for connecting to Skype (using “findwindow” and “postmessage”)
– Sends request to server: https://a[removed]s.su/tool/skype.php?action=…

Besides from utilizing Skype it will also spread through local shares and removable drives. Basically, the C&C functions allow the attacker to:

– Execute files
– Get cookies
– Inject HTTP into a website
– Setup VNC
– Spread through removable drives
– Uninstall
– Update C&C server list
– Upload files

Shylock is one of the most advanced Trojan-banker currently being used in attacks against home banking systems. The code is constantly being updated and new features are added regularly.

As always for this type of Trojans antivirus detection is low.

Facebook Data Mining Tool Uncovers Your Life

You know you shouldn’t post potentially damaging data on Facebook, but more often that not, your friends don’t think twice about it, and this can impact you even more than you think. At the Hack In The Box conference in Kuala Lumpur, security consultants Keith Lee and Jonathan Werrett from SpiderLabs revealed how a simple tool can enable anyone to find a comprehensive amount of data on any user.

Keith Lee and Jonathan Werrett during their presentation

To get the information, they created the aptly named FBStalker. This tool reverse-engineers the Facebook Graph and can find information on almost anyone. You don’t have to be a friend with someone on the network – the only thing that FBStalker needs to work is for parts of your posts to be marked as public. The tool will find things based on photos you’ve been tagged in, the comments you’ve put on other people’s posts, the things that you like, etc.

If you are tagged in a photo, we can assume you know the people you’re in the photo with. If you comment on a post, FBStalker knows there’s an association. Most people have an open friends list and this gives the tool a variety of people to target for more information. By looking at their posts and your interactions with them, it’s possible to understand how some of those people are important in your life.

Even though many users don’t use the Check-In function, it’s still possible to determine their favorite places to hang-out based on the tagged photos and posts from their friends. Just imagine the level of detail you can achieve and how that can help you if you want to mount a targeted social engineering attack against the user.

The first thing that came to mind when I learned about this tool was to ask if it’s a violation of Facebook’s terms of service. Werrett was expecting the question, he says with a smile: “The tool is basically automating what the user can do in the browser. We’re not using any APIs or unofficial ways of interacting with the interface. We’re using Graph Search to build-up this profile.”

FBStalker goes also a step further and provides private information about the targeted user that might not be obvious to others. It allows you to analyze the time when the person is online and, with time you are able to guess their sleep patterns and active hours.

This type of tool works well if you haven’t locked down your profile, but it can still work even if you have, provided that your friends haven’t locked down their profiles. You know the old saying – the chain is only as strong as its weakest link. With Facebook’s recent announcement that they are removing a privacy feature and that every user is going to be discoverable by name, things are getting increasingly harder to hide.

Even if your account is locked down, you can’t mark your profile picture as private. Once you change it and people like the picture, the attacker can start building a view of your friends list.

What can you do to protect yourself? The authors have a few suggestions: turn off location tracking and tighten your Facebook privacy settings. However, with the social networking giant increasingly removing privacy options, you may have trouble staying hidden.

How to Hack Snapchat Account

Need to Hack Snapchat Account?
Here is a Snapchat Hack Guide with Detailed Instructions!

In this post you will learn how to hack Snapchat account so as to track activities such as text messages, photo and video sharing even though they get deleted after a specific time.

Snapchat is one of the most popular app downloaded in all major platform of smartphones. It includes media sharing, chatting platform and many more features. Since this app is common among teenagers and there comes the need to keep an eye on them.

How to Track Snapchat Activities

The simplest way to do this is by using a Snapchat Spy app that helps you in monitoring Snapchat in a way that you can keep your children away from harm. The following are some of the best spying apps on the market today:

1. mSpy

mSpy is a cell phone monitoring app which helps in spying on Snapchat by recording all the phone activities. This app supports the following Snapchat hacking features:

• Keep track of the flow of text, photo and video messages that is sent and received on the target phone.
• Pin point the exact location of the Snapchat user with GPS tracking.
• Also lets you monitor other popular IM apps like WhatsApp, Facebook, Line, Skype and many more.

HTML to PDF for .NET: Data Conversion Services Best Suited for Business Organizations

HTML to PDF for .NET: Data Conversion Services Best Suited for Business Organizations The document conversion services are helping many companies by organizing their large amount of data conveniently.In the market, most popular services are HTML to PDF for .NET and other similar type of services are demanded by customers. This is beneficial in terms of cost savings, as you can avail data conversion services for absolutely free of cost through the online portals, means without hiring a professional you can easily perform the task of data conversion. With great advancement in the internet world, organizations can easily find a number of options for html to pdf conversion services for .NET framework. You have to select the best one wisely, as the availability of plenty of options might confuse you; always try to analyze your needs prior to purchase of services through online providers. • The PDF is the original image of any HTML file, image or document, they are easy to read & manage. The companies use html to pdf converter services to maintain the quality of documents. • The one main benefits of availing conversion services is that it allows the display of content without additional software requirement. This is a time saving method used by organizations for business purposes. • The data conversion software is made to handle all the tasks related to PDF to HTML conversion. If you wish to complete the task in less time, you can make use of .net library that can perform data conversion with ease. • The data conversion services are specifically for the version of .net 2.0 and .net 4.0 that work best in 32-bit and 64-bit environment. • With the help of data conversion services, the manpower can be reduced to great extent. It also saves training cost that a company pays to hire new candidates. • You can get assured high quality HTML to PDF for.NET conversion services. Once you opt for this service it will ensure complete customer satisfaction and give desired results. • There are many options available on the internet for HTML to PDF for .net that include professional PDF library. • With this facility you can write, create, edit, and convert files without any additional help or software. Ensure to use the services of a known converter so that you’ll get quality results at the end of process. Conclusion All the organizations use data conversion services to convert HTML files to PDF format for .NET. The specific software comes with a variety of tools that allow you to edit & make changes in the document in desired manner. Furthermore, you can also ask to your service provider to offer additional features such as advanced editing tools, data encryption software, digital signatures, etc. All these services enable you to maintain the overall quality of the document.

E Signature Software Assured Safety Solution for Online Data & Files Posted: 23 Nov 2015 02:27 AM PST For the complete assurance of official data and files many organizations today are using e signature software that has simply replaced the handwritten signatures. They are used by many organizations including government institutions, corporates, and legal firms. E-signature is a unique way of authenticating legal documents using passwords and other security systems. This method of sending and receiving documents is made especially for the online communication that is actually important for organizations.  There are different service providers present in the market that offer comprehensive e-signature software that are easily affordable for users. In the present market situation, the name of eSign Genie is quite famous in the entire region of the USA. Many clients prefer to avail this service because of the multiple benefits associated with them. Main uses of E-signatures ·         The electronic signs are basically available in the form of symbol and images that is associated with the business name or the work area related to specific profession. Today, various entities have identified benefits of digital signatures and use them for performing the online transactions related to legal papers, official data, and other important documents & files. ·         The supreme legal entities like courts & legal department have now only accept digitally signed documents, because they are encrypted, and are fully authenticated. No one can easily access these documents without entering the password or code required to access the documents & files. By taking assistance of the internet you can easily decide what type of signatures you require for your organization. Simply, there are thousands of choices are available on the net that you can look for. ·         Today all types of documents that are sent and receive through the online means can be easily forged. E-signatures play a major role in controlling all these activities and are helpful to stop issues related to document duplication. Many businesses have applied e-signs in their firm to avoid forgery of their crucial data & files. Conclusion E-signatures proved helpful in many areas of business operations also save a lot of time in the distribution of information. This will make things faster in an organization, and eliminate the need of paper supplies for printing purpose of official documents. You can see various ranges of e signature software with the help of the online space that offer services at cost effective rates.

App advertising in India: Excellent Opportunity for Mobile App Developers

App advertising in India: Excellent Opportunity for Mobile App Developers Looking at the mass popularity of mobile applications it is the right time for app advertising companies to provide their services in the market. This is a perfect opportunity for those who want to earn money through app marketing services. This field is the biggest revenue generator for many companies that are into app development business. Such firms look for suitable marketing solutions to market their app on the internet space. The power of app advertising in India is known to everyone especially those are in app marketing & development business. There are certain criteria’s in the field in which a professional app advertiser can help you to understand about the rules & procedures. Many reputed entities are operating in the mobile app advertising segment and have developed innovative ways to present specific brand in front of the global audiences. The app developers can understand the entire process of app marketing from the service provider they will share each & every details with you. The complete information about your mobile application advertising process will help you to select an appropriate marketing campaign. Users can track different factors with the help of the online app advertising facility that include following points:   • You can see app ranking on global standards • Evaluate number of downloads • Check the number of releases • Can look for the numbers of clicks on you app • Users can see the live reviews of clients • Closely check out the process of marketing campaign setup The app advertisers introduced several effective ways of optimizing your marketing campaign in the online space. Depending on customers need app marketing firms will provide you the best solutions that perfectly suits your requirements and easily come into your budget limit. Many operators are there in the market that you can select with the help of the internet; also you can compare their services with the other brands serving in the similar field. These services are fully compliant to Indian market standards and are trusted by thousands of customers based all across the nation. Conclusion In the present market building an effective mobile app is not sufficient, you have to look for app advertising services that enable to showcase your brand in the internet space. The selection of app developers should be done in a careful manner by analyzing all the primary factors related to marketing techniques such as market statistics, customer reviews, brand reputation, and assessing growth potential of app advertising firm.

Rage Will Go On Among Samsung Galaxy Note 5 VS Iphone 6

Rage Will Go On Among Samsung Galaxy Note 5 VS Iphone 6 It is sometimes said that the world is divided into two types, Apple lovers and Apple bashers. Therefore, there is always a chance that opinion gets tweaked in this way or other. But, it is difficult to compare apples and oranges, because Apple has a huge lead in software platform over Samsung and while testing the very principle of interfacing matters. And then there are standard ways to test the hardware on standard platforms, and if you are clever, enough you can tweak your OS to beat anyone in the run. So, the question is what to compare and how to compare. However in India there is not much difference in price. Comparing competing Specs Comparing specs of two different architectures is meaningless. The comparison between Samsung Galaxy Note 5 VS Iphone 6 will rage, but there is a problem; you cannot compare the performance of DSLR with a mobile camera. It is pertinent to compare the performance. Then the question of tweaking will always be there. However, we can take a look at the specs of 64GB variety of the two giants iPhone 6 runs on ios 8 based platform and Galaxy Note 5 on v5.1.1 Lollipop Dimension of iPhone 6 is 138.1X67X6.9 mm, and Galaxy Note 5 is 153.2X76.1X7.6 mm iPhone 6 is 129 gram and Galaxy Note 5 is 171gram iPhone 6 has a resolution of 750X1334 pixels at 326 ppi, and Galaxy Note 5 has 1440X2560 p at 518 ppi Comparing competing technologies Is anything gets clarified from the comparison? The answer is no. It appears from the above comparison that Galaxy has beaten iPhone hands down. But, may be the answer is not that easy. In the resolution part, Samsung appears to be miles ahead, but two resolutions are based on two different technologies. The Apple use LED-backlit IPS LCD against that Samsung use Super AMOLED screens. Apple is using their proprietary OS for last three decades and Samsung is working on an open platform. Check the hardware platform iPhone 6 use Apple A8 chipset and Dual core ARM v8 based Typhoon 1.4 Gig CPU Galaxy Note 5 use Exynos 7420 chipset and two Quad-core CPUs 1.5 Gig A 53 Cortex and 2.1 Gig A 57 Cortex. iPhone 6 use 1 GB DDR3 RAM and Galaxy Note 5 uses 4GB DDR 4 RAM. The final verdict The Apples Retina display is smooth and viewing angles are great, whereas Samsungs AMOLED displays are live with vibrant colors two are totally different technology and time has not yet ripe to deliver the final one. Because, which screen is long haul is not yet established. The craze to upgrade or to go for the new brand is so fast that long hauls are probably meaning a couple of years only. Similarly, the power of processor is always a deciding factor but the threading of the core always matters. In benchmark tests of net surfing the iPhone 6 apparently beats Galaxy Note 5 hand down. But, of you refresh the page iPhone 6 stays in the page while Galaxy Note 5 is opening the refreshed page. So, who wins probably the consumer! The fight for supremacy between Samsung Galaxy Note 5 VS iPhone 6 will force innovation and cost cutting.

Buy The High-End Gadget Of Samsung Galaxy S6 Posted: 26 Nov 2015 02:04 AM PST Purchasing a smartphone from a reputed brand ascertains optimality and durability of the device. Excellence of devices primarily depends on numerous factors and technicalities. A sharp display and enhanced camera quality are some considerable aspects. One brand that has remained consistent in its performance and functional attributes is Samsung. It comprises of all exclusive and optimum mechanisms that you would want on your phone. Eye-catching gadgets with superior operational facets will surely cater to all your requisitions. Optimality of features A high-end operating system version and functional platform are some critical facets that must be present in a smartphone. The new improved Samsung Galaxy S6 fares considerably better than its predecessors due to its simplified ToucWiz user interface. It further entails an impressive processing power along with a waterproof design. Top-notch specifications and a stylish metallic body in vibrant colors that will surely leave you spoilt for choice. The popular Android platform within the device ensures optimum functionality. Home screens within these phones consist of animated features and customizable characteristics. Such features work perfectly when you are making in-app purchases. Disabling pre-installed applications also become a possible aspect. The perfect display Changing and enhancing the sound quality within headphones and accentuating the display are other facets within technically advanced Samsung phones. The 5.1-inch screen size and 576 PPI or pixel density within such optimum contrivances are commendable attributes. The 2K High-Definition screen presents sharpness and clarity that do not present a blinding effect. However, the 2,560-pixel resolution is approximately 2,5 times sharper than other average phones. A display technology of Super AMOLED with added display support makes such gadgets an ideal buy. Multi-touch facets help you in making the right selection, in a seamless manner. Proximity sensor and Ambient Light sensor ensure the further accentuation of display techniques. Incorporation of features A relatively new mechanism that has taken the world by storm is wireless charging. This wonderful feature is present within the Samsung Galaxy S6 that ensures hassle-free charging of the device at any time and from anywhere. There is no added requirement of carrying any problematic portable chargers. Another integral factor is an integration of optimal network connectivity. Incorporation of both 2G and 3G networks within the phone will effectively resolve connectivity issues. Another ideal feature is the 4G LTE mobile network available in these devices. Now, obtaining better network accessibility becomes an easy aspect. This lightweight phone weighs approximately 170 grams and will fit in the palm of your hand without much trouble.