Researchers Get $11,171 for reporting multiple vulnerability to eBay Magento eCommerce web application

Posted by SiddhartH SolankI
Magento eCommerce was vulnerable to many critical vulnerabilities like XSS, CSRF, SQL and many more vulnerabilities so, they have started bug bounty program to secure their web applications.
bounty
Indian security researcher named Atul Shedage have found multiple XSS and CSRF vulnerabilities in the Magento eCommerce.  He was the very first security researcher to find and report these vulnerabilities. He have reported these vulnerabilities through Bugcrowd.

He has already been acknowledged by most famous companies like Google, Facebook, Apple and many more! He got 14th rank in the Bugcrowd and he have reported more then 50 bugs through Bugcrowd.

He have reported these bugs on 12th march 2014 and he got bounty on 20 April 2014 so the details of his findings is not thorough. You can check out the snapshot.
Read More

How to control your PC from anywhere using your android device

Posted by SiddhartH SolankI
Do you ever wanted to Operate your PC remotely? or you ever forgot your important documents in your PC ? then here we will be discussing about how to actually access your PC from anywhere using your Smartphone.  Now to Control your PC from the remote place all you need is two things one is Google’s Chrome Remote desktop for Chrome  and Chrome remote desktop for your android device.

Using this Google’s Chrome Remote Desktop you can easily access your PC from the remote areas you can also open the task manager and in short you can manage your whole computer from the remote place.



Read More

Samsung Galaxy S5 Fingerprint Scanner bypassed easily

Posted by SiddhartH SolankI
Samsung’s Galaxy s5 is surely quite awesome device having lots of new features and one of the new feature of the Samsung’s Galaxy s5 is Figure print scanner actually it adds one security layer.

Samsung Galaxy S5 Fingerprint Scanner bypassed easily

Somehow the Samsung’s Galaxy s5’s new security layer called the fingerprint scanner can be bypassed easily using the lifted fingerprint. And any one can get the unauthorized access to your Samsung’s Galaxy s5 device just by lifted fingerprint with wood-glue based dummy finger.

Moreover Samsung’s Galaxy s5 is not asking for the password to access your Paypal Account application so once the attacker got the access in your Smartphone then they can easily make transactions and he can also buy products using your Samsung’s Galaxy s5 Smartphone.

Samsung’s Galaxy s5 allows infinite attempts to unlock the device and  Apple’s I phone 5s also have the same feature but it requires strong password the occasion you boot a device and Samsung’s Galaxy s5 dose not have such security.

And of coerce one need the physical access to your device and if your phone is stolen, then the thief will be able to access your phone and can perform any tasks.
Read More

Flicker is Vulnerable to Remote Code execution and SQL Injection Flaws

Posted by SiddhartH SolankI

Flicker is very large photo sharing and photographs management system and its owned by the Yahoo!

Flicker vulnerable to sql injectin and remote code execution

Security Researcher named Ibrahim Raafat have found that the Flicker is suffering from the SQL injection and Remote code execution vulnerabilities. He have found Two parameters which where vulnerable to the SQL injection named $page_id and $items.

 

Flickr from SQL Injection to RCE

By exploiting this vulnerability he was able to get the MYSQL root password. He have reported  both RCE and SQL injection vulnerabilities to the yahoo and now its patched.

 

According to the Ibrahim Raafat, most of the web applications are vulnerable to the Blind SQL injection and after the deep research you can find the Direct SQL injection in the web application.

Read More

Heartbleed Bug Exposes Your Passwords to Hackers !!

Posted by SiddhartH SolankI
Heartbleed vulnerability is an extreme bug in the most popular OpenSSL encryption technology.  The OpenSSL technology is used by most of the web applications to encrypt the communication like it encrypts our username, password, credit card numbers, bank information, email address and much more personal information.
Heartbleed-bug-Exposes-Passwords
Heartbleed was discovered by the security team at Codenomicon and then the Neel  Mehta of Google Security have reported this major vulnerability to the OpenSSL team.

Heartbleed vulnerability have affected many web applications as they are using OpenSSL encryption technique to protect the communication.

Some of the companies that where vulnerable to this Heartbleed bug have successfully updated their server with a patch to fix the Heartbleed  bug.

How to protect your self from the Heartbleed vulnerability ?

To protect your self from the Heartbleed vulnerability all you have to do is to change all your passwords. You have to change the passwords of your emails, facebook, twitters and every web applications which uses the OpenSSL encryption technology.
Read More

700+ websites get hacked by Modi ‘fan’ to support Narendra Modi

Posted by SiddhartH SolankI
Narendra Modi, Gujarat's chief minister and the next PM candidate of the India. And he has so many supporters from the youngsters and now a days he is also gets the supports from the hackers.

Narendra Modi Fan Here

Hacker have hacked and defaced 700+ Indian websites to support and promote Narendra Modi.

The list of the hacked website is here.

You can check out the defacement image in the above snapshot. The message written in the defaced website is “ whatever you fail to detect, will cause your downfall..
Narendra Modi fan is here to tell you the truth.. no one is here like Narendra Modi and thats why sonia gandhi and rahul always barking about Narendra Modi and you all know about aam aadmi party who don’t know what they have to do and waht not always one word dharne par bheth jayenge lol!  we just defaced this site to give you a message vote for MODI!  ”
Read More

Pakistani Hacker arrested for hacking into a Cellular Company’s Database

Posted by SiddhartH SolankI
Pakistani hacker arrested by the Pakistan's Federal investigation agency (FIA) for hacking into a cellular company's database and for exposing the database on his website.

Pakistani-Hacker-arrested-hacking-Telecom-Company-database
Hacker have hacked the database of the Warid Telecom and then he have exposed the database of the Warid Telecom on his website earlysms.com.

Senior manager of Warid Telecom have found that the information of their customer till 2006 had been shard over the internet and then they have filed complaint about it.

earlysms.com website was being hosted by hosterpk and with the help of the hosting company FIA have successfully traced the IP, Email and Phone number of the hacker and he was traced in the shop located at Ghalla Mandi, Noorpur, Kasur.

The FIA team have have found the Warid Data in his computer and then team have seized Two desktop computers, hard drives and other portable drives and they have arrested Mubashar Shahzad. 

The website where the hacker have exposed the database of the telecom company has now been shut down.
Read More

Facebook have introduced free voice calling feature to its Messenger App

Posted by SiddhartH SolankI
Facebook have updated its messenger this week and now the new version of the Facebook Messenger allows you to make a free call, create group chat and its also allows you to forward the message to the other contacts.

Facebook-free-calling-feature 
Facebook acquired the WhatsApp for $16 billion, many WhatsApp users wondered that what will happen to the WhatsApp by the way it was went down many time ! But now the WhatsApp users don’t have to worry about anything because the Facebook have introduced the Free Call feature to its messenger.

This new Facebook Free calling feature is inbuilt in the Facebook Messenger and you can see the blue color icon with your contact’s name and you can easily make a call to your Facebook contacts and all they need is WIFI connection. They should have good internet connection.

The quality of the call is average but they will improve the quality in the next version of the messenger, you can download the Facebook Messenger from the android app store.

This feature was available for the IOS users only but from the last week its available for the Android users too! but still this Facebook Free calling feature is not available for the windows users!  
Read More