Another Bug in WhatsApp Web.

                     A famous messaging application owned by Facebook known as #WhatsApp has introduced a new feature known as #WhatsApp Web. Recently a new bug has been discovered by a 17 year old security researcher. He reported two security holes in the WhatsApp web client that in some way exposes its user's privacy.

                      The new version of WhatsApp Web allows the user to view a user's profile image even if the user are not on the contact list of the user. This bug can be exploited if the user has set the profile picture can be viewed by out of contacts people as well. In normal messaging app if the privacy is set to contacts only other user can not see the profile picture.

                       But this does not work for WhatsApp Web. This is one of the security bug prevails in the WhatsApp Web. The second security hole point exist in the photo syncing functionality. He reveals that whenever a user deletes a photo that was sent via the mobile version of WhatsApp application, the photo appears blurred and can not be viewed.

                        However the same photo which has been deleted from mobile WhatsApp version can be accessible by WhatsApp Web as the photo does not get deleted from its web client. WhatsApp is expected to patch this vulnerability soon.

P.S : The post is to create awareness and not to create  any negative impact.

                      

Whatsapp PLUS - A Fake Whatsapp App.

        Whatsapp is one of the famous messaging services that has been used by millions of users across globe and is owned by Facebook. Recently there is a rumor that Whatsapp is working on advanced version of whatsapp and it is named as Whatsapp PLUS. Whatsapp denied the news saying that it is not working on any project named as #Whatsapp PLUS.

          Whatspp PLUS is a third party messaging application and has nothing to do with original Facebook owned Whatsapp. It is not believed that Whatsapp PLUS have a safe source code that can secure the users who are using it. Whatsapp PLUS provides additional features like

1. Seeing last seen of others even when you blocked yours.
2. 700 new themes
3. Advanced file sharing option.
4. Options to edit font and colours.
5. New emojis and many more.

           Whatsapp PLUS is also available in Play store for download and many advanced users prefer this due to the many features that it has. But recently few days before the original Whatsapp blocked it users stating that they have installed a third party non reliable application.

            They have blocked the user for a time period of 24 hours and stated in its FAQ page that "You have installed a new third party application named Whatsapp PLUS or WhatsAppMD. It is against the Whatsapp license agreement". Thus they are redirected to the official app store to download the original Whatsapp application.

              They also stated that the source code of the Whatsapp PLUS does not seem to be secure and they claim that they could have sent the private messages and documents without the authorization of the user. It is highly recommended for the users by Whatsapp not to install such a third party application named similar to Whatsapp since they are not original application from Whatsapp.

P.S : The post is to create awareness and not to create any negative impact.

PirateSnoop - A New Browser to access Blocked Site.

        Recently many pirate sites has been blocked on torrent. It has been a very famous news around US and Europe and from that many pirate sites can not be accessed through browser. 

        There is an alternative called PirateBay Broser from TOR network for browsing blocked sites. But according to a developer TOR has been blocked in many sites and so there is a need for new browser to access blocked sites.

        RARGB, one of the most used torrent site has launched a new browser that can access any blocked website named as #PirateSnoop. The browser also offers the VPN ( Virtual Private Network ) option to hide the identity of the user surfing the Internet.

         The browser can evade all the blockades and can be used to access the blocked torrent sites and the browser is identical to chrome browser and except that a pirate flag will be there on the right hand side of the address bar. RARGB has emerged as 7 th most used torrent site and has been blocked recently.

        PirateSnoop uses HTTPS traffic instead of HTTP and it utilises its own proxy for the migration from HTTP to HTTPS and it also has an option of displaying the user's IP address if they are not using the VPN option in the browser.

        As of now many blocked sites has been accessed by this browser, though there are certain omissions and there are working towards the upgradation of the browser. The browser can be downloaded from here using torrent downloader and chrome extension is also available.

P.S : The post is to create awareness and not to be misused.

New Wi-Fi Hacking tool - WiFiPhisher.

                Every one started using Wi-Fi connection to access the Internet using Laptops, Mobile Phones, Tablets and even Desktop PCs. It is the responsibility of the owner of the Wi-Fi to protect it with atmost security. Recently a tool has been developed that can hack any secure Wi-Fi network using Phishing technique.

                A Greek Researcher developed this tool and it uses both Phishing and Social Engineering to carry out the attack. The success rate depends on how fool the user is. The tool uses some technique as same as Fern, The Cracker available in Kali Linux Distribution. He has released the code for the tool online for public usage.

                Lets have a look at the working of this tool. The tool will create a fake Access Point first. The fake access point is alike a normal access point but created only for exploitation purpose. Then secondly the Fake Access point will try DoS ( Denial of Service ) attack over the legitimate access point and causes the user to disconnect from the Access Point. Then the Fake AP will force the system to connect to that access point which is a fake one.

                If the user gets connected and the user give request to open up any webpage in the Internet through the Fake AP. The users will be displayed with a page in which they are asked to enter their WAP Password since the router firmware has been updated. If the user enters the password then it will be sent to the attacker and he / she can connect to the router whenever needed.

                For simple understanding consider you are connected to your home AP ( Access Point ) named sample. The attacker will create a Fake AP named sample and it will force you to disconnect from sample through DoS attack. Then your system will get connected to sample ( Fake ) and if you enter an URL. You will be shown a page like this

               If you enter the password you sample AP password will be sent to the attacker. The tool is named as #WiFiPhisher and there are some criticism that fake AP cannot be created with the password. But it works on Kali Linux Distributions and the code is available here.

                THE TOOL MUST BE USED FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANY DAMAGE DUE TO THE TOOL.

P.S : The post is to create awareness and strictly not to be misused.