Over 900 million Android phones affected by QuadRooter flaw

A new flaw called QuadRooter has been identified by researchers at security firm Check Point revealing a set of four vulnerabilities on Qualcomm-powered handsets. It’s been reported that over 900 million Android phones are affected including BlackBerry’s DTEK50 which claimed to be the most secure Android smartphone.

hacking-passwords

Apart from DTEK50, Google’s Nexus 5X, Nexus 6, and Nexus 6P are also affected as well as the Samsung Galaxy S7 and S7 Edge — even my personal LG V10 is also at risk.

Once exploited, this flaw grants attackers full access to the phone (or tablet) including the camera and microphone and could get expose private information. Google has released a QuadRooter Scanner app to know if these vulnerabilities exist on your device but it doesn’t really do anything to prevent it.

However, all is not lost when you find out that your device is affected by this flaw. For attackers to fully take control of your handset, they must still trick you, the user, to install a malicious app that wouldn’t require any special permissions.

This means that you have to be careful with the apps that you install and give permission to access your phone.

So far, a fix is available by updating your system software from manufacturers since Qualcomm has already issued patches for the three out of four flaws — with the last one coming this September.

The bottom line is that we have to stay vigilant and keep an eye out for suspicious programs asking for permission to gain access to the contents of our devices.

{Source}

The post Over 900 million Android phones affected by QuadRooter flaw appeared first on YugaTech | Philippines Tech News & Reviews.

Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker


Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn't just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI's net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. 

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

My review on this book

While reading this book I feel the thrill of the true story about this man. Always hungry of new information and technology around him. Always one step ahead on the people who chase him. The funny part is how he simply manipulate his victims in doing what he want them to do even after being fooled many times. A honest man and not boastful of his hacks. Another big plus is most the hacks depended as much on "social engineering", his main weapon. Plus an awesome skills on phreaking. Mitnick was more relax and confident at social engineering people as he was writing code. You must read his book!

Rootcon X: Call For Papers


Call For Papers

Let the freshest hacks be submitted and share them among the hacker community.

Guidelines

Where to submit? - Submit your paper to cfp [at] rootcon [dot] org

Email Subject - email your talks with subject line of RC10 CFP Submission - [TOPIC NAME]

Submission Deadline - will be before June 13, 2016

Minimum Time: 30 minutes

Maximum Time: 45 minutes

Topics of interest but not limited to:

- Real-life hack (responsible disclosure)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

ROOTCON 10 Call For Papers Form

(*) Denotes Mandatory Field

Please copy the needed information together with the agreement and paste them on a .txt format.

Speaker's Bio

This part should contain a little info about yourself, what you do, etcetera - to be posted on the site.

Personal Information

* Speaker Name :

* Title and Company (if applicable):

* Email Address :

* Mobile Number :

* Backup speaker name :

* Email Address :

* Mobile Number :

* Have you talked on previous ROOTCON events or any organized events under ROOTCON ? Yes or No.:

Presentation Information

This part should contain info about your presentation.

* Name of Presentation: (name goes here)

* Abstract: (A sketchy summary of your presentation which we can post on the website, giving the attendee an idea what your presentation is about in a nutshell.)

* Time: AM, PM or Anytime will do

* Day: Day 1 or Day 2? (Applicable to speakers that has only one topic)

Audience Participation needed? Yes or No.

LCD Projector? Yes or No.

Internet access? Yes or No, if yes specify wireless or wired.

White Board? Yes or No.

* Any other equipment requirements? Please specify.

* Location: Metro Manila, Others please specify.

Copyright Agreement

I warrant that the above presentation is of my own work, or if copied, permission has been obtained from the author for publications on ROOTCON 10, and that I will give credits accordingly.

I will grant permission to ROOTCON to post my presentation on the ROOTCON Relics after the event.

Speaking Remuneration Agreement:

1. As a ROOTCON speaker, you will be entitled to the following benefits:

a. Free registration to ROOTCON 10 will enjoy all benefits included on registration. (This will include Swags, Food, etc)
b. Speakers coming from within the Philippines (domestic) will be free of airfare and accommodation (ROOTCON preferred hotel and airline).
c. Speakers coming from outside the Philippines (international) will be free of accommodation (ROOTCON preferred hotel).
d. One ROOTCON speaker token.
e. One Speaker Badge
f. And of course free booze all throughout the conference.
g. Access to ROOTCON 10 post-con party.
h. Certificate of attendance (speaking engagement) by request.

2. ROOTCON will be responsible for providing all equipments and setup needed for the presentation as stated on the Equipment Needs.

3. ROOTCON will not be responsible for all other expenses not included on the Equipment Needs and on the benefits stated above.

4. Creation of the presentation will be done by the speaker himself. ROOTCON members can assist the speaker such as preparing the LCD Projector, white board, prepare the stage, setup of the microphone and assistance during the demo. Other requests should be addressed to the ROOTCON organizing committee.

5. ROOTCON will not disclose speakers personal and contact information unless stated by the speaker.

6. ROOTCON must not be held liable for the safety of their speakers before, during and after the event.

7. Speaker will be held liable in creating his/her disclaimer if the presentation contains hacking exposure.

8. In the event the speaker changes his topic, he must inform the cfp [at] rootcon dot org one (1) month before the event; new topic will be subject to approval.

9. Speakers are advised to check-in at the hotel one (1) day before the event. This is to meet the organizing committee, give you proper orientation about the venue, prepare your equipments and discuss other important matters before the event.

10. On the event proper, the speakers should be at the venue an hour or two prior to his or her presentation.

11. Speaker who wishes to decline or backs out from his speaking engagement, he should inform cfp [at] rootcon dot org one (1) month before the event.

12. Substitution is allowed provided that the original speaker will look for his own substitute and inform the organizing committee the complete profile of the new speaker (substitute) one month before the event.

13. ROOTCON will only pay the additional hotel accommodation if the speaker has pending tracks on the following day

14. To maintain the quality of topics, all topics are selected according to awesomeness level.

15. Final Presentation materials should be sent to cfp [at] ROOTCON /./ org, one month before the CON. This is for security reasons in any case the speaker lost his .ppt presentation due to laptop corruption or any other unexpected circumstances.

I, (insert your name here), have read the above and understand and agree to the terms as detailed in the Speaking Remuneration Agreement and Copyright Agreement.

In the event the Speaker failed to comply with the Speaking Remuneration Agreement and Copyright Agreement, ROOTCON reserves its right to revoke any benefits entitled to the speaker.

More info here.

I bought a Kindle

I'll be posting reviews soon on the books about internet security that I have read. So, stay tuned.



Amazon link of the kindle I bought.

Touchscreen display

Kindle now includes a touchscreen interface, which makes it easier to use features like X-Ray, Goodreads, built-in dictionary, highlighting, and more. And with a glare-free screen that looks like real paper, you can read as easily in bright sunlight as in your living room.

Easy on the eyes

Every time your eyes switch from a bright screen to a dimmer, ambient room, your eyes have to adjust, which may result in fatigue. With Kindle, the page is the same brightness as everything else in the room, so there’s no adjustment needed.

Weeks-long battery life

Kindle does not require power to maintain a page of text, allowing you to read for weeks on a single charge.

Lighter than a paperback

Kindle is lighter than most paperback books, making it easy and comfortable to hold in one hand for extended periods of time.

Reads like the printed page


Kindle uses actual ink particles and proprietary, hand-built fonts to create crisp text similar to what you see in a physical book. The blacks and whites on the screen are uniform, improving text and image quality.