IOS7 lock screen security flaws

The final version of Apple’s new mobile operating system IOS7 was out on 18th October and within few hours people were able to find the security flaws in its lock screen, These security flaws could compromise the user’s data and money as people can access the photo library, email, place calls and more without accessing the phone/tablet.

Get full access to Photo library:



Place Calls from lock screen (forbes)

This hack takes advantage of a flaw in the emergency calling system that lets you make phone calls to 911 when you are in trouble. You can replicated by just taping “Emergency on the lock screen to access the emergency calling screen. Dial a number and rapidly tap on the call button until the phone opens a blank screen with an Apple logo. Then dial the number you wanted to call .

How to open programs Via Windows Explorer

You can open programs via windows explorer and make it function as Run (Win + R). The “Address bar” functions as the “Run Command”.

This might be a simple trick, but it might end up saving lot of time.

image

 

In the Address bar of the windows explorer type the program name to open the program. For e.g. type “notepad” and press “Enter” to open “notepad”

image 

Also you can open the files in the current folder via specific program via the address bar

Consider that you have a txt file in a folder, you can open the file via notepad by typing “notepad filename.txt”

For e.g. in the below picture we have “lotsinlife.txt” in the current folder. To open the file vial notepad, type “notepad lotsinlife.txt”.

image

You can do the same with other programs and files.

Bing Background 02/11/2013 - 02/16/2013

Bing Background 02/11/2013 - 02/16/2013 

Download

Android JB 4.2+ Exchange plain text password bug

The default email client in android jelly ban 4.2+ seems to store the Exchange account password in plain text, It's not storing the cipher text of the password.  In general the account information's are stored in the accounts .db file under /data/system/users/0/. The accounts.db file can be accessed via the sqllite editor or default android viewer


In the accounts.db file there is a account table under which the following fields are stored [id, name, type, password].

FYI... the accounts.db file can be accessed only on rooted android. So people who have rooted their mobile should be careful in granting root access to the apps.(refer here ). 

To verify which applications are revealing the user passwords, I have logged in to the widely used clients Gmail App, Android default email client,  Facebook App, Whats app, Skype, Dropbox, Outlook.com App and Verizon app from Google Nexus 4 with Jellybean 4.2.2. 
  • The Gmail App generally stores the app specific authentication token (2 - form authentication)
  •  Skype and verizon stores the ciper text in the accounts.db file.
  • Outlook.com,Whatsapp and facebook doesn't store any.


To verify the exchange bug in Android default email client I created a temporary fake email "androidexchangebug@outlook.com" with password "ItsExchangePwd1", and logged in to it via the default email client and outlook.com app.

As you can see below the default Android email client (com.android.exchange) stores the password as plain text without any encryption. The outlook app (com.outlook.Z7.eas) doesn't store any password in accounts.db file.



       

The android bugs can be reported via the information mentioned here. I have reported the bug to google via security@android.com



Manage root access on rooted Android


The rooted android mobile provides the user great deal of flexibility in configuring the mobile the way he want's, But it also opens up the mobile to wide range of attacks if not managed not properly. Mallicious apps can get root access and access user information. So User must be careful which apps can get the elivated previlages. 

The Super User permissions can be managed by two popular apps


Here I am giving and demonstration how the root access for the apps can be managed on a rooted mobiles using superSU app. 



Click on any of the app to modify the root access in the listed apps under SuperS. After opening it  you will be asked to choose the access type.

Under the access type you have 
  • prompt
  • Grant
  • Deny
Based on the type of app choose the appropriate action. For the apps which can access you directories select Prompt. So whenever the app tries to access your files you will be prompted whether to provide grant access or not.

Bing Background 02/02/2013 - 02/10/2013

Bing Background 02/02/2013 - 02/10/2013



Download


Archive:




Bing Background Images 01/19/2013 - 01/27/2013

 Bing Background 01/19/2013 - 01/27/2013

Download



Archive: