Incomplete Security patch !! Millions are Vulnerable

Wanna hack someone's Android smartphone by sending just an MMS message?

Yes, you can, because Google's patch for the Stagefright vulnerability in hundreds of Millions of Android devices is BUGGY.

Last week, Google issued an official patch for Stagefright vulnerability that affects 95 percent of Android devices running version 2.2 to version 5.1 of the operating system, an estimated 950 Million Android devices in use worldwide. But, the patch is so flawed that hackers can still exploit the Stagefright vulnerability (CVE-2015-3824) anyways.

"The [original] patch is four lines of code and was (presumably) reviewed by Google engineers prior to shipping," researchers at Exodus Intelligence wrote in a blog post published Thursday. "The public at large believes the current patch protects them when it, in fact, does not."

Buggy Patch Issued by Google

 

The patch doesn't fix the vulnerability, allowing booby-trapped MP4 videos that supplied variables with 64-bit lengths to overflow the buffer and crash the smartphone when trying to open that multimedia message. The firm notified Google of the issue on August 7th, two days after their Stagefright presentation at the Black Hat conference, but it didn’t receive any reply from the company regarding their release of an updated fix.

Therefore, the firm released code showing how to crash the smartphone exploiting Stagefright vulnerability because the search giant is still "distributing the faulty patch to Android devices via over-the-air updates." The flawed patch has been assigned the vulnerability identifier CVE-2015-3864, according to the Exodus researchers, but at the moment it is hard to say when a right fix for the loophole will be available.

"Google employs a tremendously large security staff, so much so that many members dedicate time to audit other vendor's software," but if it can't "demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?," the Exodus researchers wrote.

When reached out for comment, a Google spokesperson confirmed the findings and said the company had distributed the second patch to its OEM partners, however, its own Nexus 4/5/6/7/9/10 and Nexus Player will receive the patch as a part of its September patch update.

So, in order to get rid of this problem, you need to keep an eye for this new patch to fix the old flawed-patch.

Simple TEXT Message to HACK ANY ANDROID Phone Remotely

Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message.

Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets.

Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium.

 

 

 The vulnerability actually resides in a core Android component called "Stagefright," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs.

 

A Text Message Received...Your Game is Over

The sad news for most of the Android users is that the fix will not help Millions of Android users that owned older versions of the operating system that Google no longer supports, opening doors for hackers to perform Stagefright attack.

Drake has developed and published a scary exploit that uses a specially crafted text message using the multimedia message (MMS) format.

All a hacker needs is the phone number of the victim’s Android device. The hacker could then sends the malicious message that will surreptitiously execute malicious code on the vulnerable device with no end user action, no indication, nothing required.

"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited," reads the Zimperium blog post published Monday.

"Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised, and you will continue your day as usual—with a trojaned phone."

Stagefright: Scary Code in the Heart of Android

The same vulnerability can also be exploited using other attack techniques, such as luring victims to malicious websites.

 

 

 

 

 

Drake will present his full findings, including six additional attack techniques to exploit the vulnerability, at Black Hat security conference in Las Vegas on on August 5 and DEF CON 23 on August 7, where he is scheduled to deliver a talk titled, Stagefright: Scary Code in the Heart of Android.

Almost all Android devices containing Stagefright are in question. According to Drake, all versions of Android devices after and including version 2.2 of the operating system are potentially vulnerable, and it is up to each device manufacturer to patch the devices against Stagefright attack.

 

 

When will I expect a Fix?

Google has patched the code and sent it to device manufacturers, but devices require over-the-air updates from companies such as Samsung or Motorola to update their customers' phones. Given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices against Stagefright attack.

However, Silent Circle has patched the issue in its Blackphone, as has Mozilla, which uses Stagefright code in Firefox OS.

Facebook Fired an Intern After He Exposes How to TRACK User Location

Previously, we posted about a privacy issue in Facebook messenger; Aran Khanna, a Harvard University student, discovered ‘A Marauder’s Map’ that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook, But destiny had planned something else for him, as after publicly stating the risk associated with the app; Facebook withdrew his candidature as a summer intern.

 

Why Facebook Fired Him?

Khanna himself confessed to be an avid user of the Facebook Messenger app, as it is an integral part of his social life. However, one day, while going through his chat history he found that a location is attached to each message he has sent and received from his device.

Also, the location is shared with the ‘power of default’ even if you choose to turn the location sharing option off.

This made him look for the complete inside story, which brought him to a strange thing while writing the code.

“The latitude and longitude coordinates of the message locations have more than five decimal places of precision, making it possible to pinpoint the sender’s location to less than a meter” as said by Khanna.

He even demonstrated the whole story by putting himself into the picture, i.e. he started a conversation with one of his brother’s friend and could tell exactly where he was in his dorm and the exact location of his room!

Adding more to it, he said when a cluster of past chats were picked on the map he could tell the whole routine of the person. This goes right for the people with whom one is not friends but have a mutual group of conversation on the messenger.

                                        Privacy is not private anymore!

In another ‘test run’ with his friend, he could even track hour by hour location of the person.

 

How did he do this?

He developed a chrome extension and named it ‘Marauder’s Map’ and also made the source code available on Github.

Facebook told him that “the extension violated the Facebook user agreement by "scraping" the site”.

According to him, Facebook had issues with him for sharing the whole story stepwise on his blog and code describing how Facebook collected and shared users' Geo-location data.

He emphasized,

 “the main problem is that every time you open your phone and send a single message it is so easy to forget about your location data being attached to it.

Furthermore, it seems so harmless to assign a location with a single message, but the problem is over time the information from these messages adds up”.

The users never came to know the real meaning of ‘By Default’.

His primary concern over writing the code was to make people aware and the importance of the degree of private data being open to the world.

Lastly, being portrayed as the villain of the whole story, Facebook updated its privacy policy and fired him.

Kali Linux 2.0 Released

 

Our Next Generation Penetration Testing Platform

We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses – where many generated their very own Kali 2.0 ISOs for the first time. But the excitement doesn’t end for us just yet. With the end of the cons, we now find ourselves smack in the middle of the most significant release of Kali since 2013. Today is the day that Kali 2.0 is officially released.

So, what’s new in Kali 2.0? There’s a new 4.0 kernel, now based on Debian Jessie, improved hardware and wireless driver coverage, support for a variety of Desktop Environments (gnome, kde, xfce, mate, e17, lxde, i3wm), updated desktop environment and tools – and the list goes on. But these bulletpoint items are essentially a side effect of the real changes that have taken place in our development backend. Ready to hear the real news?  Take a deep breath, it’s a long list.

Kali Linux is Now a Rolling Distribution

One of the biggest moves we’ve taken to keep Kali 2.0 up-to-date in a global, continuous manner, is transforming Kali into a rolling distribution. What this means is that we are pulling our packages continuously from Debian Testing (after making sure that all packages are installable) – essentially upgrading the Kali core system, while allowing us to take advantage of newer Debian packages as they roll out. This move is where our choice in Debian as a base system really pays off – we get to enjoy the stability of Debian, while still remaining on the cutting edge.

 

Continuously Updated Tools, Enhanced Workflow

Another interesting development in our infrastructure has been the integration of an upstream version checking system, which alerts us when new upstream versions of tools are released (usually via git tagging). This script runs daily on a select list of common tools and keeps us alerted if a new tool requires updating. With this new system in place, core tool updates will happen more frequently. With the introduction of this new monitoring system, we  will slowly start phasing out the “tool upgrades” option in our bug tracker.

 

New Flavours of Kali Linux 2.0

Through our Live Build process, Kali 2.0 now natively supports KDE, GNOME3, Xfce, MATE, e17, lxde and i3wm. We’ve moved on to GNOME 3 in this release, marking the end of a long abstinence period. We’ve finally embraced GNOME 3 and with a few custom changes, it’s grown to be our favourite desktop environment. We’ve added custom support for multi-level menus, true terminal transparency, as well as a handful of useful gnome shell extensions. This however has come at a price – the minimum RAM requirements for a full GNOME 3 session has increased to 768 MB. This is a non-issue on modern hardware but can be detrimental on lower-end machines. For this reason, we have also released an official, minimal Kali 2.0 ISO. This “light” flavour of Kali includes a handful of useful tools together with the lightweight Xfce desktop environment – a perfect solution for resource-constrained computers.

 

Kali Linux 2.0 ARM Images & NetHunter 2.0

The whole ARM image section has been updated across the board with Kali 2.0 – including Raspberry Pi, Chromebooks, Odroids… The whole lot! In the process, we’ve added some new images – such as the latest Chromebook Flip – the little beauty here on the right. Go ahead, click on the image, take a closer look. Another helpful change we’ve implemented in our ARM images is including kernel sources, for easier compilation of new drivers.

We haven’t forgotten about NetHunter, our favourite mobile penetration testing platform – which also got an update and now includes Kali 2.0. With this, we’ve released a whole barrage of new NetHunter images for Nexus 5, 6, 7, 9, and 10. The OnePlus One NetHunter image has also been updated to Kali 2.0 and now has a much awaited image for CM12 as well – check the Offensive Security NetHunter page for more information.

 

Updated VMware and VirtualBox Images

Offensive Security, the information security training and penetration testing company behind Kali Linux, has put up new VMware and VirtualBox Kali 2.0 images for those who want to try Kali in a virtual environment. These include 32 and 64 bit flavours of the GNOME 3 full Kali environment.

If you want to build your own virtual environment, you can consult our documentation site on how to install the various virtual guest tools for a smoother experience.

 

TL;DR. Where’s My Kali 2.0 Download?

The tl;dr of this release is best explained by comparison: If Kali 1.0 was focused on building a solid infrastructure then Kali 2.0 is focused on overhauling the user experience and maintaining updated packages and tool repositories. Along with the arrival of 2.0 comes a whole lot of interesting updates… You can head down to our Kali Linux 2.0 Download page to get the goodness for yourself.

 

Still TL; Still DR. How Do I Upgrade to Kali 2.0?

Yes, you can upgrade Kali 1.x to Kali 2.0! To do this, you will need to edit your source.list entries, and run a dist-upgrade as shown below. If you have been using incorrect or extraneous Kali repositories or otherwise manually installed or overwritten Kali packages outside of apt, your upgrade to Kali 2.0 may fail. This includes scripts like lazykali.sh, PTF, manual git clones in incorrect directories, etc. – All of these will clobber existing files on the filesystem and result in a failed upgrade. If this is the case for you, you’re better off reinstalling your OS from scratch.

Otherwise, feel free to:

cat << EOF > /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
EOF

apt-get update
apt-get dist-upgrade # get a coffee, or 10.
reboot

 

Metasploit Community / Pro no longer ships in Kali

At the request of Rapid7, we have removed the Metasploit Community / Pro package from Kali Linux and now host the open-source metasploit-framework package only. For all of you who require Community or Pro, you will now need to download it from Rapid7 and then register and submit your personal details in order to get a license. In addition, the Rapid7 team no longer maintains the Metasploit package in Kali, which has brought with it some substantial changes – we’ve moved to a “native” setup, where rather than bundling all the required software needed to run Metasploit in one big package, we use native dependencies within Kali to support the metasploit-framework package. This results in a faster, smoother work experience and easier integration with Metasploit dependencies. For more information about this, check out our Metasploit Framework in Kali documentation page.

 

Starting up Metasploit Framework in Kali Linux 2.0

Due to the above-mentioned changes in the metasploit-framework package, there are some minor changes in how Metasploit is started in Kali – specifically, there is no longer a metasploit service. This is how you start up the Metasploit Framework with database support in Kali Linux 2.0:

# Start the Postgresql Database
/etc/init.d/postgresql start

# Initialize the Metasploit Framework Database
msfdb init

# Run msfconsole
msfconsole

Your Kali 2.0 FU Just Got an Upgrade

Kali Linux 2.0 is a serious step forward for us, as we continuously improve the distribution. We hope you enjoy the new look, features, tools, and workflow. As usual, you are invited to join our community via forums, bug tracker, Twitter, Facebook, and of course, IRC. Lastly, if you haven’t seen our Kali 2.0 Teaser video, here it is!

Download FREE Windows 10 for the IOT and Rasberry Pi 2

In the month of February 2015, second generation Raspberry Pi was made available and was commonly known as Raspberry Pi 2.

Buzz was that Windows 10 will be supporting the hardware for its compatibility with the smart objects, popularly known as the ‘Internet of Things’

So, finally the Free version of Windows 10 for Raspberry Pi 2 is here.

On Monday, public release of Microsoft’s Windows 10 for IoT Core, offering support for the Raspberry Pi 2 and the MinnowBoard Max, was made available.

Microsoft’s goal of spreading Windows 10 to a Billion user is going to get fulfilled with this specially trimmed edition for small and embedded devices, that may or may not have screens.

Also for devices with screens, Windows 10 IoT Core operating system does not have a Windows shell experience; rather you can write a Universal Windows app that is the interface and ‘personality’ for your device.

It’s neither the Windows, as we already are familiar with, nor a substitute for the Windows desktop, instead Windows 10 IoT Core is a single full-screen Universal Windows app.

A single app at a point of time will be visible to the users accessing the system while the additional software can be run in the background. Apps are loaded onto the Raspberry Pi from a Windows 10 desktop machine.

Windows 10 on the Raspberry Pi board will not run traditional Windows desktop applications, such as Microsoft Word, Internet Explorer, or Microsoft

Office. As these are incompatible with the Raspberry Pi's ARM-based hardware.

The universal Windows app are developed to run on different types of devices mainly PCs, phones, tablets, Xboxes and IoT-related machines like the Raspberry Pi.

Universal Windows apps adapt their look and feel based on which device they are running on.

Apps work intelligently, in a manner by keeping the app alive even if any feature is not compatible with a particular platform i.e. the app will work and not ultimately go unavailable, but some features may not work along.

The Universal Windows apps mechanism will generate more manpower, as the apps development would require Visual Studio 2015, Microsoft's Integrated Development Environment for its platforms whose Community edition can be downloaded for free.

Apps can be developed using a range of languages, such as C# or Visual Basic with XAML, C++ with DirectX and/or Extensible Application Markup Language (XAML), or JavaScript with HTML.

Microsoft is primarily promoting Windows 10 IoT Core as an Operating System that makes it easier to create IoT devices with or without a display.

What encouraged Microsoft to come out of cocoon was the Raspberry Pi’s low price and ability to control a range of hardware via its General Purpose Input Output (GPIO) pins with which the Windows 10 IoT core edition will go smoothly and delivering better performance.

Steve Teixeira, who heads the program management team for the Internet of Things division quoted "IoT Core is designed to have a low barrier to entry and make it easy to build professional-grade devices. It's designed to work with a variety of open source languages and works well with Visual Studio."

Since a beta version was released and previewed in May at Microsoft's Build developer conference, ‘Windows 10 IoT Core’ has been updated with significant new functionality, including WiFi and Bluetooth connectivity.

Microsoft's IoT team and Pi-owners have been busy building since the preview, also new in the official release is improved support for Python and Node.js. Additionally, a new Express Node.js project template is available.

The apps development would require an environment i.e. a PC running Windows 10, Build 10240 or later, to create and deploy apps to the Pi based systems, as well as a Raspberry Pi 2 Model B board.