Androgamer

C APTCHAs – those weird, distorted words that prove you’re human before you buy overpriced tickets to Adele’s upcoming tour. You know ’em, I know ’em, some people call them reCAPTCHA, but none of us like ’em. They’ve been around a while now and until a couple weeks ago I dismissed them as a neat, annoying idea to prevent bots and scammers from running wild on the interwebs. But here’s the surprise kicker: a lot of times the CAPTCHAs are actual words from actual text. My five seconds of attention combined with the five seconds of attention of everyone else unwittingly adds up to a boatload of computing power. This is old news for some but I sure as sh*t didn’t know about it. Here’s the story of how it all got started and the certified genius who made it happen. The problem In 2000, 22-year-old Luis von Ahn was a graduate student at Carnegie Mellon. He worked alongside his professor, Manuel Blum, on developing a test that humans can pass but not computers. One practical application being...

The outage occurred in mid-October and it impacted the Mumbai metropolitan area, causing significant disruption to traffic management systems and trains. It took two hours to restore power just for essential services, and up to 12 hours to restore power in some of the affected areas. Authorities immediately said sabotage could not be ruled out and the Mumbai Mirror reported on Friday that a cyber police unit found evidence suggesting that the incident may have been caused by a cyberattack. According to the  Mumbai Mirror , investigators found multiple suspicious logins into the servers linked to power supply and transmission utilities. It’s believed that manipulation of these servers may have triggered the outage. The activity was traced to several South Asian countries and investigators are trying to determine if it was part of a coordinated effort. The paper learned from its sources that threat actors — in many cases profit-driven cybercriminals — have been targeting power utilit...

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via   SIM swapping , a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control. Conor Freeman  of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018. Freeman was named as a member of a group of alleged SIM swappers called “The Community” charged last year with wire fraud in connection with SIM swapping attacks that netted in excess of $2.4 million. Among the eight others accused are three former wireless phone company employees who allegedly helped the gang hijack mobile numbers tied to their targets. Pros...

  Modern telephony is full of anachronisms. For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up. But when was the last time you saw, let alone used, a phone that actually had a dial? And we still use idioms such as “ringing off the hook” to describe a day where we never seem to stop receiving calls, even though household phones haven’t actually had hooks since about 1912 and you’d probably have to go to a museum to see one. Hooks weren’t a necessary part of the early telephone system, of course – in the exchange, calls were switched using jack plugs – but a gravity-operated switch that activated when the receiver was replaced or removed was a clever user interface choice. You needed somewhere to store the receiver when you were no longer using it at the end of a call, so providing a place to hang it up that simultaneously disconnected the receiver from the circuit was a smart desi...

  Drawing little attention to themselves, multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web servers. ENV  files, or  environment files , are a type of configuration files that are usually used by development tools. Frameworks like Docker, Node.js, Symfony, and Django use ENV files to store environment variables, such as API tokens, passwords, and database logins. Due to the nature of the data they hold, ENV files should always be stored in protected folders. "I'd imagine a botnet is scanning for these files to find stored credentials that will allow the attacker to interact with databases like Firebase, or AWS instances, etc.," Daniel Bunce, Principal Security Analyst for SecurityJoes, told  ZDNet . "If an attacker is able to get access to private API keys, they can abuse the software," Bunce added. MORE THAN 1,100 ENV SCANNERS ACTIVE THIS MONTH AL...

  A Manchester United spokesman said cyber attacks were becoming more common. Manchester United have been hit by a cyber attack on their systems but say they are not “currently aware of any breach of personal data associated with our fans and customers”. The club, who host West Bromwich Albion at Old Trafford on Saturday, confirmed the hacking on Friday evening and said all systems needed for the match remained secure. In a statement, United said: “Manchester United can confirm that the club has experienced a cyber attack on our systems. The club has taken swift action to contain the attack and is currently working with expert advisers to investigate the incident and minimise the ongoing IT disruption. Paul Pogba 'very important for us' says Solskjær after Deschamps comments   Read more “Although this is a sophisticated operation by organised cyber criminals, the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality....

  The 90s called. They want their vulnerability back. Image: Durpal Project // Composition: ZDNet The team behind the Drupal content management system (CMS) has released this week security updates to patch a critical vulnerability that is easy to exploit and can grant attackers full control over vulnerable sites. Drupal, which is currently the fourth most used CMS on the internet after WordPress, Shopify, and Joomla, gave the vulnerability a rating of " Critical ," advising site owners to patch as soon as possible. Tracked as  CVE-2020-13671 , the vulnerability is ridiculously simple to exploit and relies on the good ol' "double extension" trick. Attackers can add a second extension to a malicious file, upload it on a Drupal site through open upload fields, and have the malicious executed. For example, a malicious file like  malware.php  could be renamed to  malware.php.txt . When uploaded on a Drupal site, the file would be classified as a text file rather than...

  Mercy Iowa City hospital has revealed a data breach that may have compromised the personal and health information of 60,473 patients. According to a letter sent earlier this month, the security incident was discovered in June when an unauthorized party sent out phishing emails from a staff member’s account. “On or about June 24, 2020, Mercy discovered that one employee’s email account had been used to send out spam/phishing emails,” the letter  reads . “Upon conducting an investigation, Mercy determined that an unauthorized third party gained access to one Mercy employee’s email account from May 15, 2020 until June 24, 2020.” During the investigation, the hospital established that personal information could have been viewed by the unauthorized third party, including Social Security numbers, driver’s license numbers, date of birth, medical treatment information and health insurance information of over 60,000 Iowans. “Mercy is not aware of any fraud or identity theft to any in...

 Don't know coding but still want to make android apps. these will help you making an app without any coding knowledge. #1 AppsGeyser : AppsGeyser is a FREE service that converts your content into an App and makes your money. Your app will have all you need including messaging, social sharing, tabs and full support for HTML5 enhancements. But forget about the app, Apps geyser helps you to build a business and profit from mobile! #2 Appypie : Appy Pie is the fastest growing cloud based Mobile Apps Builder Software (App Maker) that allows users with no programming skills, to create Android and iPhone applications for mobiles and smartphones. #3 Buzztouch : Buzztouch is an open source “app engine” that powers tens of thousands of iPhone, iPad, and Android applications. Buzztouch is used in conjunction with the iOS and Android software developer kits (SDK’s). #4 Appyet : Using AppYet, anyone can create a professional Android app. There’s no programming knowledge required, only take a f...

STEP 1: Use dd to extract image of your targets FileVault2 encrypted disk: sudo dd if=/dev/disk2 of=/path/to/filevault_image.dd conv = noerr, sync STEP 2: Install fvde2john from Here  STEP 3: Use hdiutil to attach to dd image: hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount /Volumes/path/to/filevault_image.dd STEP 4: Obtain the EncryptedRoot.plist.wipekey from "Recovery HD" partition https://github.com/libyal/libfvde/wiki/Mounting#obtaining-encryptedrootplistwipekey mmls /Volumes/path/to/filevault_image.dd fls -r -o 50450752 /Volumes/path/to/filevault_image.dd | grep -i EncryptedRoot icat -o 50450752 image.raw 130 > EncryptedRoot.plist.wipekey STEP 5: Verify and note the disk mount point for Apple_Corestorage: diskutil list .../dev/disk3s2 Apple_Corestorage STEP 6: Use EncryptedRoot.plist.wipekey with fvdeinfo to retrieve the hash: sudo fvdetools/fvdeinfo -e EncryptedRoot.plist.wipekey -p blablah /dev/disk3s2 Will return hash FINAL STEP: Load this hash into...

Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions.  OpenUSD stands for “Open Universal Scene Descriptor.” Pixar uses this software for several types of animation tasks, including swapping arbitrary 3-D scenes that are composed of many different elements. Aimed at professional animation studios, the software is designed for scalability and speed as a pipeline connecting various aspects of the digital animation process. It is mostly expected to process trusted inputs in most use cases. This stands at odds with security considerations.  The USD file format itself is used as an interchange file format inside Apple’s ARKit (Augmented Reality), SceneKit (3-D scene composition) and ModelIO (3-D modeling and animation) frameworks. Apple’s decision to use USD as the basis of its augmented reality platform makes it a potentially interesting attack surface. With the expansion of AR applications on both macOS and iOS p...