Next gen cyber attacks could be through Internet images using Stegosploit tool which allows hackers to embed malware in an image
Security Researcher Saumil Shah has developed a Stegosploit tool wherein hackers can embed executable JavaScript code within an image to trigger a drive by download.
Internet is becoming a major source of media and eventually emerging
as a hub of various advertisements. Hence, we can see so many
innocent images scattered all over the Internet be it any of the social
networking sites or the search engines. Security researcher Saumil Shah
feels that it is this field which the next generation Cyber attackers
could exploit.
Saumil Shah, a security researcher from Net Square security, recently presented his Stegosploit project at Hack In The Box Conference held in Amsterdam. During the conference he demonstrated an updated method of his digital steganography
project known as Stegosploit Tool, which allows hackers to embed
executable JavaScript code within an image to trigger a drive by
download.
What does all this mean?
In layman terms it would simply mean that going forward there are
chances that people might download potentially dangerous malware into
their devices just by viewing an innocent looking image, even without
clicking or downloading that image. While a person views an image, the
hidden malware could get downloaded in the computer or smartphone or
Tablets without the knowledge and consent of the user. Now, this
malicious program or the malware can be very dangerous as it can steal
user’s confidential data like photographs, login credentials, financial
information etc. The worst part here is that antivirus and the malware
detection scanners of present times are not equipped to detect these
types of cyber attacks yet, thus even though the devices are protected
with the safety programs they are useless in a scenario if the attackers
choose to attack through the Stegosploit tools.
Steganography: This is a technique of transmitting
some messages in hidden form, in such a way that the message becomes a
part of something else such as an image or article or shopping list or
even cover text. This technique is being used since 1499 and one
striking example of Steganography would be when some hidden message is
written with an invisible ink between the visible lines of an innocent
friendly letter.
Usually in case of cryptography, the encrypted message arouses much
interest; however in case of steganography the secret message does not
trigger any attention and thus gets saved from unwanted scrutiny, this
is why steganography is preferred over cryptography.
History has revealed that people have used a combination of
cryptography and steganography in the past to transmit secret messages
to the ‘right people’.
In his demonstration Shah said that steganography method “hides the
message in plain sight”. On the contrary, the technique developed by
Shah i.e. “Stegosploit tool” is an advanced method of the steganographic
method wherein the exploits will not only be delivered in plain sight
but also in style.
Besides being a security researcher, Shah also has a passion for photography.
It was five years back when Shah decided to combine his passions of
hacking and photography; thus he started experimenting steganographic
techniques in the images.
Using this Stegosploit tool, Shah has been taking
known exploits in Chrome, Safari, Explorer and other HTML5 Canvas
supporting browsers and coded these exploits into the image layers. Shah
has dubbed the resultant files as Imajs (image + JavaScript) which
loads as JavaScript in a browser and renders as an image as well as an
executable. Thus Shah was able to hide two different kinds of content in
one single file delivering malicious content in the images.
During encoding process, the image may appear to be totally unaltered
depending on which layer the JavaScript has been embedded. The Stegosploit
technique is able to distribute the executable code around the inside
of an image file which makes it next to impossible to be detected by the
current antivirus programs. To detect this hidden code, the antivirus
needs to scan each and every byte in an image which would directly
affect the speed of the internet.
It was in the month of March when, Shah gave the first demonstration
of his Stegosploit tool at SyScan. Then, the technique could render the
malware by using two images; one would contain the executable code and
the other would contain a code to decode it. However, Shah has further
worked on his technique and now both the executable as well as the
decoder codes can be embedded within a same image. The technique is
possible with PNG as well as JPEG images. Further, as long as the size
of the file remains unchanged it can be added to any webpage including
Twitter, Imgur, Instagram, dating profiles and many more.
People who view photographs and images online would be easily
victimized as the malware gets downloaded just by viewing and does not
need to be clicked or downloaded. This can be a greatest technique which
cyber attackers can exploit in the near future. Shah is pretty
confident that we will witness these attacks soon, though as of now
there aren’t any cases of hackers using this technique yet.
दोस्तों आज हम गूगल का शॉर्टकट तरीके से प्रयोग करना सीखेेंगे।
गूगल पर किसी भी गाने के बोल खोजने के लिए सबसे पहले गाने का नाम टाइप करें। फिर स्पेस देकर : lyrics लिखें।
आपको सीधे टेक्स्ट रिजल्ट्स प्राप्त होंगे।
अगली पोस्ट में और शॉर्टकट के बारे में जानकारी उपलब्ध होगी
धन्यवाद
Rooting is a process that allows you to attain root access to the Android operating system code (the equivalent term for Apple devices id jailbreaking). It gives you privileges to modify the software code on the device or install other software that the manufacturer wouldn't normally allow you to.
Kingo Android Root offers every Android user the easiest one-click method to root any Android devices. How to use this universal Android root software to root your Android device? Here we go.
Make sure you get everything right beforehand.
Article Taken from : http://www.kingoapp.com
Kingo Android Root offers every Android user the easiest one-click method to root any Android devices. How to use this universal Android root software to root your Android device? Here we go.
Make sure you get everything right beforehand.
- Device powered ON
- At least 50% battery level
- Internet connection necessary
- USB Cable (the original one recommended)
Step 1: Free download and install Kingo Android Root.
Kingo offers the best one-click Android root software for free. Just download and install it now.Step 2: Double click the desktop icon of Kingo Android Root and launch it.
After launching Kingo Android Root, you will see its interface as shown below.Step 3: Plug your Android device into your computer via USB cable.
If your device driver is not installed on your Computer, Kingo will install it for you automatically. Make sure you get Internet conenction so that device driver can be downloaded. If you are using Windows 8, you may need to change some settings first. When running Kingo Android Root on Windows 8, the issue you may most likely encounter is driver installation looping.How to solve driver installation looping on Windows 8 when running Kingo Android Root?
Step 4: Enable USB Debugging mode on your Android device.
USB Debugging mode enabled is a necessary step of Android rooting process.What is USB Debugging Mode?
USB Debugging Mode is one thing that you cannot skip to know if you are an Android user. The primary function of this mode is to facilitate a connection between an Android device and a computer with Android SDK (Software Development Kit). So it can be enabled in Android after connecting the device directly to a computer via USB.
USB Debugging Mode, in some versions of Android, is also called Developer Mode. Then it is relatively easy for you to understand that this USB Debugging Mode establishes a direct connection between an Android Device and a computer and readies it for deeper-level actions. You may come across a pop-out notification as it shows below:
What is USB Debugging for?
USB Debugging Mode is definitely important, as you can see. But why? What capabilities that it carries make this mode so important? What is USB Debugging for?
You've probably got the idea that USB Debugging Mode grants you a level of access to your device. What kind of access, you may ask. This level of access that USB Debugging Mode grants is important when you need system-level clearance, such as when coding a new app. This mode, also called Developer Mode, allows newly programmed apps to be copied via USB to the device for testing. Depending on the OS version and installed utilities, the mode must be turned on to let developers read internal logs.
But it does more than that. There are a few non-development-related benefits from this new level of access that can give you much more freedom of control over you device. For example, with Android SDK, you gain direct access to your phone through your computer and that allows you to do things or run terminal commands with ADB. These terminal commands can help you restore a bricked phone. So this mode is a useful tool for any adventurous Android owner.
Of course, the background knowledge is always complicated for those non-experts. This is exactly what Android Update exists for. Android Update incorporated all these complicated features and tools to make it easy for you.
How to enable USB Debugging mode?INPORTANT: Pay attention to your device screen for a prompt window. Tick "Always allow from this computer". If you don't, you will probably get yourself an OFFLINE DEVICE.
Step 5: Read notifications carefully before rooting your device.
Android rooting is nothing big. However, it is not exactly a small issue either. Rooting your device may open a door for you, and yet with risks.Android rooting is a modification process to the original system, in which the limitations are removed and full-access is allowed and thus resulting in the ability to alter or replace system applications and settings, run specialized apps and even facilitate the removal and replacement of the device's operating system with a custom one. Rooting your device will immediately void your warranty...
Step 6: Click "ROOT" to root your device.
Kingo Android Root will employ multiple exploits on your device, which will probably take a couple of minutes. In the rooting process, your device may be rebooted several times. Do not be panic, it is perfectly normal. And once it begins, please DO NOT touch, move, unplug or perform any operation on your device. Step 7: Root succeeded, click "Finish" to reboot your device.
Hopefully your device is well supported and successfully rooted by Kingo. Until your device reboots itself, do not operate.Step 8: Check the root status of your device.
Normally, you will find an app named SuperSU installed on your device after successful rooting. Article Taken from : http://www.kingoapp.com
The ways to enable USB Debugging mode, which is accounted for the key step in Android rooting
process, vary from one Android version to another. USB Debugging is
required by adb, which is used for rooting, backing up, installing a
custom ROM, tacking screenshots from computer and more.
To disable USB Debugging and other developer options when you don't need them, slide the switch at the top of the screen to OFF.
Article Taken from : http://www.kingoapp.com
1. Android 2.0-2.3.x
Settings > Applications > Development > USB Debugging.
2. Android 3.0- 4.1.x
Settings > Developer Options > USB Debugging.
3. Android 4.2.x and higher.
In
Android 4.2 and higher versions, the Developer Options menu and USB
Debugging option have been hidden. In former 4.X versions of Android,
USB Debugging option is under Developer Options menu.
- Click Menu button to enter into App drawer.
- Go to "Settings".
- Scroll down to the bottom and tap "About phone" or "About tablet",
- Scroll down to the bottom of the "About phone" and locate the "Build Number" field.
- Tap the Build number field seven times to enable Developer Options. Tap a few times and you'll see a countdown that reads "You are now 3 steps away from being a developer."
- When you are done, you'll see the message "You are now a developer!".
- Tap the Back button and you'll see the Developer options menu under System on your Settings screen.
- Go to Settings>Developer Options>USB Debugging. Tap the USB Debugging checkbox.
First, you need to enable "Developer Options Menu".
Now, you can enable USB Debugging mode.
4. Android 5.0 Lollipop
To enable USB Debugging on Android 5.0 Lollipop is the same as Android 4.2.x.
- Settings > About Phone > Build number > Tap it 7 times to become developer;
- Settings > Developer Options > USB Debugging.
To disable USB Debugging and other developer options when you don't need them, slide the switch at the top of the screen to OFF.
Article Taken from : http://www.kingoapp.com
Subscribe to:
Comments (Atom)