Wednesday, 25 June 2014

How To Get Full Free Android Apps and Games Without Rooting and Without Having an Account

Not everybody has an access to an email or gmail account. Surprising as it may be, some people who owns an android phone doesn’t even have an access to a Google account, though there are only a few of them. However, some people don’t really get the most out of their Google accounts on PlayStore for a number of reasons. One thing is that they don’t have a credit/debit card associated with their Google wallet to purchase stuff on PlayStore, or they just don’t want to spend money on little things that they can find there. There are tons of free stuff on the PlayStore, but the best usually comes with a price.
So how do you get to try them out without having to go into the trouble of setting up a bank account or a credit/debit card just to get them? You can try getting these apps in an alternative way. Most of the paid apps are available on sites like android.mob.org and http://apkmania.co and most of them doesn’t require your device to be rooted at all. Just make sure that your phone’s specifications meet with the app’s requirement, especially the GPU (Graphics Processing Unit) with certain games like Modern Combat 4, Dead Space, Asphalt 8 etc.
In order to download an app, usually, you’ll be needing to download the APK file and the Cache file, which you usually put on the “SDCard/Android/Obb” folder on your phone. Also, be sure to have your phone accept installation from Unknown Sources. You can toggle this in the Settings menu of your phone.
To do this, download any desired app by going to any of the sites mentioned above. It is very recommended to do this on your desktop or laptop, instead of using your phone as you might be barraged by endless streams of advertisement (that’s the price you pay for being a freebooter). Once you get both the APK file and the Cache file (usually inside a zip file, just extract the folder that contains the obb file), transfer them on your phone. You can do this by connecting your phone to the computer directly and enabling USB Storage mode.
Once done, disconnect your phone to the computer, launch your File Explorer app (most android sets have this) and browse to the directory on your SD Card where you put the files. Install the apk file first, then once done, copy the associated folder into SDCard/Android/Obb folder.
After this, you can simply launch the game. Some games require root access, but in case they do, you can just root your phone by following this extremely simple guide.
Still, if you have access to these premium apps, remember to keep supporting the authors of these applications, so the Android industry wouldn’t die out. This guide is just for educational and trial purposes only.
Image Source: YouTube(OpenSourceGangster)

Android App Danger : Thousands of Secret Keys Mean ‘Security Risk’ In Your Android App

Android App Danger : Thousands of Secret Keys Mean “Security Risk” In Your Android App
Reports have surfaced about Android apps that could be very troubling for many Android OS users. Thousand of secret keys have reportedly been found in Android apps that can mean a security risk for those who use the apps. Since apps posted and sold in the Google Play Store do not require any review, no one can be certain if the apps being bought and downloaded are secure or risk-free.
Google has downplayed this risk, ever since the Google Play Store went online, and many Android users feel that the risk is worth getting so many wonderful apps for their Android devices. Still, concerns about Android security always crop up now and then, especially if there have been reports of hacking, and other illegal activities that point to certain Android apps, as the culprit.
This concern is what prompted a team of researchers from Columbia University, to explore the vulnerability and security issues in Android apps. Jason Nieh, a computer science professor, and Nicholas Viennot, a PhD candidate at the university, analyzed over 880, 000 apps in the Google Play Store, and their findings were a bit troubling.
Nieh and Viennot managed to decompile such a massive amount of apps (from the existing 1.1 Million apps in the google Play Store) by using a scalable tool called PlayDrone.
PlayDrone was specially designed for such a task, and it enabled the team to use “hacking techniques” in order to go around the security protocols implemented by Google, download the Android apps, and analyze their sources and content.
Nieh and Viennot discovered that the app developers “often” store secret keys in the app software, just like a “username and password” key, which “can be used” to steal the data of the user and other information from online accounts like Facebook and Amazon.
These “secret keys” are not only employed by small “ suspicious” developers, but even by recognized “Top Developers” that Google Play recommends.
As of this writing, Google has not released any statement about this report, but we can be pretty sure that they will be implementing some drastic solutions in the next few days, to maintain the integrity and security of the Android OS and the Google Play Store.
Do check out our previous reports on Android Security risks and solutions at:
Opera Browser Update For Android Arrives, Brings In Tab Swipe Features, Security Fix, and More
Android 4.4.3 KitKat for Nexus 5: Major Bug Fixes for Camera, Wi-Fi, Email Sync, Random Boot and Security

How To Crack and Hack Wi-Fi Passwords

Disclaimer: Before you proceed, we would like to be clear first, that, cracking and hacking your neighbor’s Wi-Fi password is very unethical. This is just a temporary solution for an urgent need to connect to a wireless internet connection. We do not recommend doing this for extended periods. We will not be held responsible for any damage that may occur (especially on your credibility and your relationship with your neighbor), so do this at your own risk.
WiFi Hacking Guide
There are several ways on how to crack your neighbor’s (or anybody else’s) Wi-Fi password. The problem is, not every method is as easy as clicking a few buttons. Some even require some extensive work, which you might find not worth the trouble anymore. Wi-Fi connectivity has become a basic necessity in our lives and you would be able to find wireless hotspots, almost everywhere. The sad thing is, not all of these hotspots are without any sort of security measures. Of course, why would you try to connect to a network which is not intended to be shared with you? There are times when you just need to, especially when your own internet connection is down.
One of the best and easiest softwares to use is Aircrack-NG. It does the job of cracking the password by tracking out all the packets from the desired network.
Once everything in the disclaimer is clear to you, and you still want to proceed with hacking some Wi-Fi password, you can now start by downloading the CommView app. This is an essential part of the whole cracking and hacking process. It will ensure that wireless card you are using can go into monitor mode in order to properly capture packets. Simply download, install and run the application. After a few minutes, you should be able to see a list of all nearby Wi-Fi networks and some details on the security they use. You should be looking for WEP security enabled Wi-Fi networks ONLY as this guide will only work for that method.
Also make sure that you target a network with the highest signal (of course, low signal means slower internet connection). Once everything is set and you have decided which network you want to connect to, just click Capture. Be sure to set the Maximum Directory Size to 2000 and Average Log File Size to 20. Also enable logging tab on top and auto saving.
Once you’re done (or at least you got 100,000 packets), you will need to export them for Aircrack-NG’s use. To do this, go to Log Tab, and click on concatenate logs. Simply select all the logs that have been saved. Once done, navigate to the directory where the logs have been saved. Open the log file and Export it by selecting File>Export>Wire shark tcdump and save the .cap file anywhere you desire.
Now the final part of this hacking process is to open up the .cap file in Aircrack-NG. Just run the GUI, select WEP, choose the .cap file you saved, and click Launch. It will show you the wireless key after a while, but there are times where it will request a few more packets. Just repeat the process above.

 

ACER hacked by Pakistan Cyber Army



Yes ! you read right , ACER hacked because of their own stupidity. Yesterday we report that Pakistan Cyber Army hacked Acer Europe Server and 40,000 Users Data, Source Codes & Server Compromised .http://www.blogger.com/img/blank.gif


Today we investigate on this and try to find out that how exactly Pakistan hackers got the FTP access . Here in above image you can see the screenshot taken by us from a ASP forum of Acer-Euro. Acer ASP Support Team posted some Hot Fix Release and give FTP access to other members , so that they can download that Hot Fix. This was posted on January 11, 2008 . Pakistan hackers got this and explore the FTP and In "PB" directory they get "Country Wise Customer Data.zip" file, which include the 40000 users data managed according to country wise.


Now this Data breach is only because of ACER's own Stupidity. The link of Forum post is "http://asp.acer-euro.com/FORUM/Topic472-8-1.aspx".

Aldi Bot - Buy a Botnet just in 10 Euros

 

Researchers of German security firm G Data have discovered that a bot builder dubbed "Aldi Bot" is currently being offered for that much on underground forums. The Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do with the discount supermarket chain and it is not clear why its author chose to name the bot after Aldi – it is thought it may relate to the bot's discount pricing. Company says "We’ve encountered a bot sale, which, in case it finds followers, can cause a massive glut of malware all over. The so-called “Aldi Bot” first appeared in late August and has been sold for the initial price of €10! Parts of the bot’s code oddly look like ZeuS code…"
The Aldi Bot can read (saved) passwords from the Firefox web browser, Pidgin IM client and JDownloader download tool, and send them to a command and control server which is included in the €10 price tag. The Aldi Bot can also carry out Distributed Denial-of-Service (DDoS) attacks, as the bot's author demonstrates with a YouTube video showing an attack on the German Bundeskriminalamt (equivalent to the UK CID) web site. The bot can also be set up as a SOCKS proxy to use infected computers as proxies for protocols of the bot herder's choosing. Infecting systems with the discount malware does, however, require additional measures, such as exploit packs on infected web sites.

The NSA Is Building the Countrys Biggest Spy Center (Watch What You Say)

 

 The spring air in the small, sand-dusted town has a soft haze to it, and clumps of green-gray sagebrush rustle in the breeze. Bluffdale sits in a bowl-shaped valley in the shadow of Utah’s Wasatch Range to the east and the Oquirrh Mountains to the west. It’s the heart of Mormon country, where religious pioneers first arrived more than 160 years ago. They came to escape the rest of the world, to understand the mysterious words sent down from their god as revealed on buried golden plates, and to practice what has become known as “the principle,” marriage to multiple wives.

Today Bluffdale is home to one of the nation’s largest sects of polygamists, the Apostolic United Brethren, with upwards of 9,000 members. The brethren’s complex includes a chapel, a school, a sports field, and an archive. Membership has doubled since 1978—and the number of plural marriages has tripled—so the sect has recently been looking for ways to purchase more land and expand throughout the town.

But new pioneers have quietly begun moving into the area, secretive outsiders who say little and keep to themselves. Like the pious polygamists, they are focused on deciphering cryptic messages that only they have the power to understand. Just off Beef Hollow Road, less than a mile from brethren headquarters, thousands of hard-hatted construction workers in sweat-soaked T-shirts are laying the groundwork for the newcomers’ own temple and archive, a massive complex so large that it necessitated expanding the town’s boundaries. Once built, it will be more than five times the size of the US Capitol.

Rather than Bibles, prophets, and worshippers, this temple will be filled with servers, computer intelligence experts, and armed guards. And instead of listening for words flowing down from heaven, these newcomers will be secretly capturing, storing, and analyzing vast quantities of words and images hurtling through the world’s telecommunications networks. In the little town of Bluffdale, Big Love and Big Brother have become uneasy neighbors.
The NSA has become the largest, most covert, and potentially most intrusive intelligence agency ever.

Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.

But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

For the NSA, overflowing with tens of billions of dollars in post-9/11 budget awards, the cryptanalysis breakthrough came at a time of explosive growth, in size as well as in power. Established as an arm of the Department of Defense following Pearl Harbor, with the primary purpose of preventing another surprise assault, the NSA suffered a series of humiliations in the post-Cold War years. Caught offguard by an escalating series of terrorist attacks—the first World Trade Center bombing, the blowing up of US embassies in East Africa, the attack on the USS Cole in Yemen, and finally the devastation of 9/11—some began questioning the agency’s very reason for being. In response, the NSA has quietly been reborn. And while there is little indication that its actual effectiveness has improved—after all, despite numerous pieces of evidence and intelligence-gathering opportunities, it missed the near-disastrous attempted attacks by the underwear bomber on a flight to Detroit in 2009 and by the car bomber in Times Square in 2010—there is no doubt that it has transformed itself into the largest, most covert, and potentially most intrusive intelligence agency ever created.

In the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.

Hotel Cardkey Locks Said To Be Vulnerable To Bypass Hack

 Locks used in more than 4 million hotel rooms can be defeated with some inexpensive hardware and some software, a security researcher demonstrates for Forbes.

 



You may not be as safe in your locked hotel room as you think.
Keycard door locks from Onity -- used in more than 4 million hotel rooms around the world -- are susceptible to vulnerabilities that could lead to a security bypass, according to Cody Brocious, a 24-year-old Mozilla developer and security researcher. Brocious, who is expected to present his findings at the Black Hat security conference tomorrow, showed Forbes how he is able to open hotel doors with a gadget he built with materials costing less than $50.

Brocious' device spoofs a portable programming device used to control door locks, Forbes explains. In a demonstration, Brocious shows how a plug inserted into a DC port on the underside of the lock could spring the hotel door lock.

"I plug it in, power it up, and the lock opens," he said.

However, the technique did not always work on locks installed on real hotel room doors. In fact, it only worked once and only after Brocious reprogrammed the device -- an unreliability he attributed to timing issues with how the device communicates with the lock.

The vulnerability occurs because the exposed port allows any device to read the lock's memory, where a string of data is stored that will trigger its "open" mechanism. He also said that his former employer reverse-engineered Onity's front desk system and sold it to a locksmith training company last year for $20,000.
"With how stupidly simple this is, it wouldn't surprise me if a thousand other people have found this same vulnerability and sold it to other governments," Brocious said. "An intern at the NSA could find this in five minutes."

 

 

Apple Gets Ready to Tell Consumers Why They Want a Smartwatch

 

A A  Text Size
Print Version
E-Mail Article
Apple Gets Ready to Tell Consumers Why They Want a Smartwatch
Apple doesn't rush to market with its products. It waits for the competition to pave the way -- experimenting and often failing to ignite much interest. Then, when it's Apple time, the company steps forward with a beautifully designed iWhatever and simply tells consumers: "This is what you want." It worked with the iPod, iPhone and iPad -- but will it work with an "iWatch"?

Webinar: The New PCI 3.0 Standard
Learn the steps to take to get your company ready for PCI DSS 3.0 changes coming January 2015. We cover all of the details you need to know as we head to the deadline to complete and pass your PCI DSS 3.0 audit. View the PCI Webinar Series Now.
Apple reportedly is preparing to ship multiple versions of a smartwatch this coming fall, as competition increases in the wearable technology space.
Its long-rumored smartwatch will be available in multiple screen sizes and will include more than 10 sensors that will allow it to track the wearer's health and fitness metrics, among other information, according to a Wall Street Journal report.
Apple wants to address the notion that smartwatches currently on the market do not provide significant additional functionality beyond what a smartphone can do, it seems.
Apple provided a hint of its plans for health and fitness features when it unveiled Health at its Worldwide Developers Conference earlier this month. The app aims to centralize all of a user's fitness and health information. The reveal of the app added fuel to the rumors that Apple was preparing to launch its smartwatch imminently.

New Product Lines

The company's chief executive, Tim Cook, already had promised to push into new product categories by the end of the year. The last time Apple debuted a major new product was four years ago, when it launched the iPad -- before Cook took charge of the company.
Production of the smartwatch may start within a few months at Taiwanese manufacturer Quanta Computer, with the aim of bringing the device to market by October. Quanta is expected to start trial runs later this month, the WSJ said, with total shipments of between 10 million and 15 million by the end of the year. Apple is said to be confirming the specifications before starting production.
Whenever Apple happens to debut its smartwatch, it will be late. Samsung has the Galaxy Gear smartwatch and Google has Google Glass. The Pebble smartwatch syncs with the wearer's smartphone and provides notifications including for incoming calls, text messages and emails. Meanwhile, several wearable devices track the wearer's health and fitness data, such as Nike's FuelBand and the Fitbit.

'Stronger Status Symbol'

"In effect, the smartwatch could replace the smartphone," said Rob Enderle, principal at the Enderle Group.
Apple's watch "could have a display that was nearly as large. It would be harder to lose and drop, it would be easier to use hands-free -- with voice command -- and it would be more visible, making it a stronger status symbol," he told TechNewsWorld.
"I doubt Apple will go this way though," Enderle continued, "because they want people to buy both an iPhone and an iWatch -- not cannibalize the phones. So it will likely be more of an extension of the iPhone with an exercise focus. It will likely alert you if you leave your phone behind and become a phone tracker if you misplace the phone."
Wearable technology is a key growth sector, with global sales predicted to reach 19 million units this year, more than tripling sales. Device sales will soar to 111.9 million within four years, according to IDC.
However, Apple might face a tough battle getting its smartwatch onto the wrists of consumers.

'Simply Gadgets'

"The fact of the matter so far is that consumers don't want smartwatches as they are currently designed. That's why they don't sell," said Carl Howe, vice president of research and data sciences at the Yankee Group.
"That suggests that today's products are largely technology solutions for problems that don't strike most consumers as true needs; they simply are gadgets," he told TechNewsWorld.
"New areas like this have to be defined first before there is demand. For instance, no one really wanted a car in the 1900s except the geeks of that time," Enderle said.
"Now, because the market has been defined, most everyone wants a car. Tablets were a nonstarter outside of vertical markets before the iPad, as well. But most consumers don't yet want a smartwatch because no one has brought one to market that consumers have been attracted to," he observed. "You need both a compelling product and a way to create demand for it. This isn't a 'build it and they will come' market."

Market-Defining Opportunity

The Apple brand is powerful. It created consumer desire for smartphones, and it might do the same for the smartwatch.
"Until the iPhone, consumer demand for touchscreen phones was nil. Some of that was that the products were bad, but some of that also was that they didn't do enough to solve a real consumer problem," Howe noted.
"What Apple did was to design something in which the touchscreen was a means to be able to synthesize three products in one. [It combined] an iPod, a phone and an Internet communications device into one elegant device," he said. "I suspect Apple will do something similar in future wearable products as well. Their wearability will be a feature, but they'll actually address several consumer wants and desires in one elegant product."

Friday, 20 June 2014

Pirates, cheats and IT certs

Cheating is on the rise, but IT certification programs are fighting back..


Computerworld - It didn't take long for the test center proctor to realize something was amiss. One group of people clearly stood out from the rest of the candidates taking a popular IT certification exam. They sat rigidly in their chairs, hardly moving at all, and they proceeded through the questions at a pace of six items per minute, well above the norm of one to two questions per minute. All scored well above the minimum needed to pass the test.
After the testing concluded, the test center called in Caveon LLC, a consultancy that specializes in test security, including data forensics, to review the situation. "At first blush it looks like by using a Bluetooth speaker and a video camera they were collaborating with a subject-matter expert offsite," says Caveon's vice president Steve Addicott.
Such equipment is readily available online at sites like the aptly namedspycheatstuff.com. Aspiring cheaters can buy wireless speakers that fit deep inside the ear canal, where they can't easily be seen, as well as tiny cameras that are simple to hide. The suspected cheaters in this case were most likely sitting still to give their hidden cameras a clear video image of the screen, Addicott says. The review of that particular case is still ongoing.

Cheating is trending

IT certifications have become a primary route to both salary premiums and career advancement, according to a recent Foote Partners report. So it's no surprise that, as the popularity of certifications has grown, so has cheating. "Jobs and careers are at stake here, so people will attempt all sorts of things," says Matthew Poyiadgi, vice president of Pearson Education Inc.'s Pearson VUE business unit, which manages 5,100 test centers worldwide and counts the IT certification program manager CompTIA among its clients.
And while CompTIA estimates that the level of cheating on IT certification exams is less than 5%, industry insiders say the problem is growing and that keeping up with the cheats requires constant vigilance.

How people cheat

  • Bring high-tech spy cameras and Bluetooth earpieces into test centers to show questions to and receive answers from an off-site expert
  • Purchase stolen test content from overseas "brain dump" sites and then memorize the questions and/or answers
  • Share questions and answers in online chat rooms
  • Hire an expert as a proxy to take the test for them
  • Bring low-tech cheat sheets into the test center on index cards, write answers on the palm of the hand, etc.
  • Surreptitiously use a smartphone to gain unfair advantage through use of texting, images, online searches, etc., during an exam.
-- Robert L. Mitchell
So far, cheating doesn't appear to have devalued most IT certifications in the eyes of hiring managers. For the 309 IT certifications that Foote Partners tracks, the average pay premium across 2,600 surveyed companies has gone up for the last four consecutive quarters, says CEO David Foote.
While there's no way to definitively know if a prospective hire has cheated to obtain an IT certification, employers can and should check with the certification body to make sure the person actually attained it. "Trust, but verify," says Addicott.
For the most part, he adds, hiring managers can trust that verified IT certifications were legitimately earned."Just a few rotten apples have cast doubt on the qualifications of individuals in the IT profession," he says. But, he adds, it is possible that a few individuals have benefitted from the live exam content available online and used that to gain a higher score on an exam. So an IT certification should only be one part of the hiring decision.
Other steps include checking references, reviewing employment history and asking a few carefully crafted questions designed to gauge whether the candidate really knows his or her stuff.

Where the cert developers fit in

Developers of IT certification programs, such as Microsoft and CompTIA, contract with Prometric, Pearson VUE and other independent test centers that administer and proctor tests worldwide on their behalf. These businesses also provide training services, and so must have a secure firewall between the testing and training sides of the business.
IT certification bodies and test center operators are engaged in an arms race with pirates who steal test questions and answers, and with cheaters who buy that information, share answers in chat rooms, pay "proxies" (people who will to take tests for them) and bring a range of technologies and techniques into test centers to gain an edge. IT certification organizations, worried about degradation of their credentials, are striking back by turning to more sophisticated methods to catch cheaters and mitigate piracy. And cheaters who get caught increasingly face more than just a slap on the wrist.

Android 4.4.4 fixes OpenSSL connection hijacking flaw

A new version of Android for Nexus devices is primarily a security update that patches the bundled OpenSSL library...

IDG News Service - Less than three weeks after pushing Android 4.4.3 to users of its Nexus devices, Google released a new version of the OS that incorporates a patch for a serious vulnerability identified in the OpenSSL cryptographic library.
Android 4.4.4 factory images using build version KTU84P were released for Nexus 4, 5, 7 and 10 late Thursday.

SOFTWARE ENGINEERING AND COMPUTER PROGRAMMING