The final version of Apple’s new mobile operating system IOS7 was out on 18th October and within few hours people were able to find the security flaws in its lock screen, These security flaws could compromise the user’s data and money as people can access the photo library, email, place calls and more without accessing the phone/tablet.
How to open programs Via Windows Explorer
You can open programs via windows explorer and make it function as Run (Win + R). The “Address bar” functions as the “Run Command”.
This might be a simple trick, but it might end up saving lot of time.
In the Address bar of the windows explorer type the program name to open the program. For e.g. type “notepad” and press “Enter” to open “notepad”
Also you can open the files in the current folder via specific program via the address bar
Consider that you have a txt file in a folder, you can open the file via notepad by typing “notepad filename.txt”
For e.g. in the below picture we have “lotsinlife.txt” in the current folder. To open the file vial notepad, type “notepad lotsinlife.txt”.
You can do the same with other programs and files.
Android JB 4.2+ Exchange plain text password bug
The default email client in android jelly ban 4.2+ seems to store the Exchange account password in plain text, It's not storing the cipher text of the password. In general the account information's are stored in the accounts .db file under /data/system/users/0/. The accounts.db file can be accessed via the sqllite editor or default android viewer
In the accounts.db file there is a account table under which the following fields are stored [id, name, type, password].
FYI... the accounts.db file can be accessed only on rooted android. So people who have rooted their mobile should be careful in granting root access to the apps.(refer here ).
To verify which applications are revealing the user passwords, I have logged in to the widely used clients Gmail App, Android default email client, Facebook App, Whats app, Skype, Dropbox, Outlook.com App and Verizon app from Google Nexus 4 with Jellybean 4.2.2.
- The Gmail App generally stores the app specific authentication token (2 - form authentication)
- Skype and verizon stores the ciper text in the accounts.db file.
- Outlook.com,Whatsapp and facebook doesn't store any.
To verify the exchange bug in Android default email client I created a temporary fake email "androidexchangebug@outlook.com" with password "ItsExchangePwd1", and logged in to it via the default email client and outlook.com app.
As you can see below the default Android email client (com.android.exchange) stores the password as plain text without any encryption. The outlook app (com.outlook.Z7.eas) doesn't store any password in accounts.db file.
The android bugs can be reported via the information mentioned here. I have reported the bug to google via security@android.com
Manage root access on rooted Android
The rooted android mobile provides the user great deal of flexibility in configuring the mobile the way he want's, But it also opens up the mobile to wide range of attacks if not managed not properly. Mallicious apps can get root access and access user information. So User must be careful which apps can get the elivated previlages.
The Super User permissions can be managed by two popular apps
Here I am giving and demonstration how the root access for the apps can be managed on a rooted mobiles using superSU app.
Click on any of the app to modify the root access in the listed apps under SuperS. After opening it you will be asked to choose the access type.
Under the access type you have
- prompt
- Grant
- Deny
Subscribe to:
Posts (Atom)