OS X Yosemite: Is it Insecure?

New Features in Yosemite May Jeopardize Your Privacy

OS X Yosemite

OS X Yosemite

Earlier today, the next iteration of OS X has been released to the mass of Mac users worldwide. The new Yosemite update brings a cleaner, flatter look to the already stylish interface Mac users are so used to, but its more interesting feature is the ability to sync not just iCloud storage, but phone calls and text messaging between IOS devices and the computer itself.

 

The new feature seamlessly allows the user to send and receive calls and text messages on their computer, using the phone as the relay for the information. This Yosemite exclusive service is provided at no extra charge, but with the leak a few years ago detailing how every message sent through iMessage was logged on Apple’s servers, are users giving up their call and text privacy for extra convenience? Will calls and texts sent through this service be logged and seen by Apple personnel? As the internet collectively jumps in excitement over this new feature, I believe this is a glaring issue that is being overlooked.

 

Just a few months ago, there was a high-profile iCloud leak of celebrity nude photographs, showing the public that even Apple’s flagship cloud service is not truly bulletproof. Yet, when the same system is touted a slightly different way, people seem to forget the negatives and risks associated with such a service.

 

It is always wise to realize that one can never have a free lunch, and that trade-offs in privacy are usually given off for the sake of convenience. There is nothing wrong with such a service as long as the end user understands and acknowledges that they agree to what they are getting themselves into. However, this is probably all outlined within those pesky Terms of Service agreements, and who really reads those anyway?

How Tim Ferriss Hacked Kickstarter

How Tim Ferris raised $10,000 in 10 days

Tim Ferris Hacked Kickstarter

Kickstarter

 

Best-Selling author of the Four Hour Work Week, Tim Ferriss, is at it again using his unique business expertise to capitalize on a service in the least amount of time possible, with the least effort. This time, it’s Kickstarter.

Using the innovative techniques BranchOut used to grow to 25 million users over 16 months, Tim Ferriss has developed a detailed business strategy for Kickstarter to mirror this success.

This includes email templates, spreadsheets, open-source code for the website, and custom analysis software used to monitor his campaign across social media and the press.

He has also outlined his journey on this project in his classic story format that is both informative and easy to read.

Despite so much material made for this campaign, Tim employs a “Minimum Effective Dose” approach to all of his ventures; the least amount of work to produce the desired outcome.

Outlined in his book the Four Hour Work Week, a “20/80” rule is established that details how only 20% of the effort achieves 80% of an outcome. Efficiency is Tim Ferriss’ specialty.

Do you believe this minimalist approach is the right approach to business? For Tim Ferriss, it seems to be his bread and butter.

The full story can be found here: http://fourhourworkweek.com/2012/12/18/hacking-kickstarter-how-to-raise-100000-in-10-days-includes-successful-templates-e-mails-etc/

Google Slashes Prices for Google Drive: $9.99 for 1TB

Google Drive

Google Drive

Google has just announced that they are slashing their storage prices for Google Drive, most notably the price drop of a terabyte of storage falling from $49.99 to $9.99.

The price drop, according to the blog post, is aimed at targeting the general public with hopes that more will use Google Drive as a storage medium for personal pictures and documents. The post goes on to say how one terabyte is equal to “a selfie twice a day for the next 200 years and still have room left over for… shall we say… less important things.” hinting that Google wishes their Drive service to be seen as more than just a medium for businesses and students to work on projects together. Are people willing to accept the cloud when it comes to personal files?

With the growing popularity of Google’s online services, acceptance of the cloud may be a reality very soon for the general public. Business have already accepted cloud services a great deal, citing reduction of cost and responsibility of system maintenance as acceptance factors.

Google Drive is an easy way for people to share any type of file with one another, regardless of file extension. With so many options to share personal photos and thoughts online in the form of social media, however, why would people then opt to use Google Drive as a storage medium for social items, especially ‘selfies’, if they also have to pay for the service? Simple, if one wants to share a large number of photos, documents, or files, all someone has to do is share those files with another Google account and they become available to another person. This is a much better alternative for image sharing than Facebook or Instagram because it can handle large numbers of file shares with ease and speed, while giving the owner of those files greater control over who has access to them. Does the owner truly decide who can access those files though, given that they are stored on the cloud? 

Whether you are a supporter of the cloud or not, it seems to be growing in acceptance over time. Google’s price cuts on their storage service may serve as a catalyst, driving some users to switch sides. 

 

Pebble SDK 2.0 is Out, Have App Developers Just Scratched The Surface?

Pebble Watch

Pebble Watch

The smartwatch that first launched on Kickstarter has taken the world by storm, forcing larger companies like Samsung and Sony to enter what was a non-existent smartwatch market a few years ago. Although there are new contenders in the Smartwatch market, with rumors of Google and Apple working on their own version of this wearable technology, the Pebble has remained relevant and sought after by early adopters of this new idea.

Pebble was designed from the ground up to be an open platform for development, giving the public the tools to create their own smartwatch apps from the beginning. However, since the devices release, there were major deficiencies in what an app could do on the Pebble including: one-way communication only, no persistent storage, and no access to dynamic memory. With the release of Pebble firmware 2.0 and the new 2.0 SDK, however, these deficiencies have been corrected, unleashing the true power of the unique device.

With two-way communication now available for Pebble developers, does this mean users may have a full texting app available on their watch in the near future? A proof-of-concept was shown on the Pebble Forums (http://forums.getpebble.com/discussion/10273/watchapp-sdk2-keyboard-demo) for a fully functional keyboard on the Pebble watch. Only a few more functions would need to be added to such a program, as well as a companion app on the phone, to make texting from your watch a reality.

With limited speed in typing out messages, will the idea be pushed to the wayside or will Pebble users channel their inner Bond and take to communication on their watches with open arms?

While we wait to find out, rest assured, the future is here.

Total_Noob leaves Playstation Vita Scene, Official Developer Scene More Fragmented

Playstation Vita

Playstation Vita

The Playstation Vita has seen few hacks and jailbreaks over the past few years since the system’s release.
Most of the hacks targeted the PSP emulator within the Vita’s system, however, only whispers of a native Vita hack have been heard, and so far not much has been accomplished when trying to exploit the native areas of the Vita system.

Development for the Playstation Vita is severely fragmented, unfortunately, stiffling collaboration between developers and keeping any serious breakthroughs in the dark to the general population. It seems the famous Geohot legal battles, in which Sony sued infamous hacker Geohot for jailbreaking the PS3, have left lasting impression that has made any kind of Playstation hacking scene shattered and cowering under Sony’s shadow.

A brave few still venture on trying to reverse engineer the Playstation Vita though. Yifan Lu, Total_Noob, and others have been hard at work giving the world PSP emulator kernel exploits and homebrew, while attempting to reverse engineer the main system relentlessly from all angles.
However, Total_Noob, famous for his PSP emulator exploits
on the Vita, has now left the scene due to personal reasons. This leaves a select few within the Playstation Vita community left. Without any collaboration, any strides and breakthroughs may be made without anyone’s knowledge or input…assuming such breakthroughs are possible with only a handful of developers still working on hacking the system.

Will more developers emerge from the shadows to lend their hand? Only time will tell.

Over One Billion Dollars Total Pledged on Kickstarter

kickstarter logo

kickstarter logo

Today, Kickstarter has reached a milestone of over $1 billion pledged to indie projects since their inception. Amazingly, more than half of total pledges were made in the last year.

In honor of such an achievement, Kickstarter has made a page (https://www.kickstarter.com/1billion) thanking contributors for the pledges, including notable individual contributors who have made exceptional contributions for the indie funding site.

Notable contributors include Neil Gaiman, author of coraline, who has been named Kickstarter’s ‘Most Influential’ backer; and Hope Leman, who has been named ‘Most Helpful’ for contributing to projects in every category.

Oculus Rift

A Popular Kickstarter Campaign – the Oculus Rift

Those contributors are not alone, however, as kickstarter reports that over one-and-a-half million people have backed more than one project on Kickstarter.

The ‘thank-you’ page is packed with interesting statistics include a distribution of pledges based on day of the week (in which Wednesday peaks over all others), and an equivalency chart showing how $1 billion dollars stacks up against the cost of other real-world products.

Ouya

Another Popular Kickstarter Campaign – The Ouya

Kickstarter has helped bring innovative new ideas to life by allowing indie developers the means to gain funding for their new ideas. Popular Kickstarter projects include the Oculus Rift and the Ouya.

Installing Arch Linux on the Internal SSD of the Series 3 Samsung Chromebook

Installing Arch Linux on the Internal SSD of the Series 3 Samsung Chromebook

Series 3 Samsung Chromebook

The $249 Samsung ARM Chromebook, with a 1.7GHz dual core ARM processor and 2gb, has decent specs for the price. Being ARM based, the device has no fan, keeps cool, and sports a ridiculous battery life. However, with Chrome OS loaded on to this beast of a netbook, utility is lacking. There are a few guides circulating about “dual booting” a linux environment with Crouton, or booting a linux environment from SD/USB. But what if you want to boot linux without Chrome OS holding root privileges, or having things sticking out of your computer? There is a way, but you will need an SD card, some guidance, and the guts to wipe your pristine Chrome OS installation.

If you would like to boot linux off your internal SSD, continue reading.

NOTE: I AM NOT RESPONSIBLE FOR ANY DAMAGE YOU DO TO YOUR DEVICE, YOUR WARRANTLY IS NOW VOID. CONTINUE AT YOUR OWN RISK.

I accomplished this task with Arch Linux. For other linux distributions, you may need to consult their installation instructions for this particular chromebook and adjust accordingly.

Note: if you botch the arch linux installation on the internal SSD, google provides a handy tool to reinstall Chrome OS via a USB drive. You can probably always get Chrome OS back, so as long as you dont overwrite the BIOS somehow, you should be fine. If you do botch the installation on the internal SSD, you may need to reinstall chrome OS and start at the beginning (hey, I never said this was fast!).

For starters, follow the Arch Linux installation instructions found on their website here. This guide will walk you through enabling developer mode and installing arch linux for boot on an SD card or USB device.

Boot into the Arch Linux installation once to inflate the standard linux directories. Poweroff, and boot back into Chrome OS.

For the internal SSD installation to work, you will need the cgpt program used in the Arch Linux installation instructions. Unfortunately, only Chrome OS has it, fortunately, you can just copy it over to your Arch Linux installation!

Once you have logged back into Chrome OS with your SD card inserted, pop a crosh terminal with CTRL+ALT+T.

Type shell to invoke a standard shell.

Type sudo su to gain root privileges.

Type cd /media/removable/ to navigate to the directory your SD card
is mounted. There should be 3 SD card folders.

Type ls SD\ CARD\ 1 to list the first partition on your SD card, you are looking for a standard linux root directory (contains such folders as /usr/, /etc/, /mnt/, /dev/, and so on…).

If the standard linux root directory is not found, invoke the previous command, incrementing the number at the end until you find the directory you are looking for. Remember which number you used, you will need to know which partition to access later.

The cgpt program on Chrome OS should be found under /usr/bin.

Type cp /usr/bin/cgpt /media/removable/SD\ CARD\ $/usr/bin/ Where $ = the partition number where you found your standard linux directory.

Type cp -r /usr/bin/old_bins/ /media/removable/SD\ CARD\ $/usr/bin/old_bins/ Where $ = the partition number where you found your standard linux directory.

Why the whole old_bins folder? Cgpt requests it when it runs, it needs it to work.

Now that you have cgpt on your arch linux installation, the fun begins. Boot back into the Arch Linux on your SD card.

Now, after logging in as root and gaining an internet connection (very important!), update pacman with a pacman -Syu . it might complain about not mounting /boot in the fstab, thats not an issue at the moment, but if you want to fix that, open up /etc/fstab with a text editor and uncomment the line that corresponds to the device type that carries your Arch Linux (/dev/sda for USB, /dev/mmcblk1 for SD) before you run the pacman command.

Now, follow the Arch Linux installation tutorial from the Arch Linux site like you did before when you installed Arch Linux on an SD card (or USB). However, this time, start after the tutorial pops a linux shell, and (VERY IMPORTANT) where the tutorial states ‘/dev/sda’ or ‘/dev/mmcblk1′, replace it with ‘/dev/mmcblk0′. In the places where the tutorial states ‘/dev/mmcblk1p*’ where * is any number, simply substitute the ‘/dev/mmcblk1′ part for ‘/dev/mmcblk0′.

Once you have installed Arch Linux on your internal SSD (yep, that easy!), before you update pacman like before, uncomment the /boot for /dev/mmcblk1 in /etc/fstab and change ‘/dev/mmcblk1′ to ‘/dev/mmcblk0′. Then reboot and update pacman.

Thats about it! Enjoy Linux on your Chromebook!

If I have made any errors, please tell me in the comments and I will update this post accordingly!

The Secret Weapon Against Malware – A Rescue CD

Rescue Disk

©2002-2014 tzen-stock

Sooner or later, your computer may become infected with a form of malware that not only has access to all of your data, it can also hide itself from the most aggressive anti-malware software (an infection this deep is commonly referred to as a ‘rootkit’). When the malware has completely compromised you system in this manner, usually the only option is to reinstall the operating system – completely wiping everything in the process.

What if I told you there was another way? A way in which you could clean your system, kill the malware, and potentially leave your operating system and personal data unaffected? All of this is possible with a rescue CD.

 

What is a Rescue CD?

 

A Rescue CD is a bootable CD that allows you to scan, repair, and clean your operating system without loading your operating system in to memory.

The key idea to understand is that malware only becomes malicious when it is loaded in to RAM when the computer, and operating system, boots up. If the malware does not get a chance to be loaded into RAM, it has no chance of performing any malicious acts.

A Rescue CD allows a full, in-depth scan of an infected system without risking any active defensive measures performed by the malware. Just pop the CD in, follow the instructions and your computer will be clean!

 

…maybe. A Rescue CD is not a magic bullet, and may not work for all types of infections. It is definitely worth a shot, however, before performing a reinstallation.

 

Give it a try!
My recommendation is the Kaspersky Rescue Disk 10.

Acer Aspire One D270: The Ultimate Mobile Penetration Tester’s Hackbook

Acer Aspire One D270

Acer Aspire One D270

The days of the netbook have come to an end with a sudden surge of Google’s answer to cheap computing – the Chromebook. Although these new computers are cheap and linux-based, they lack many critical features for the on-the-go penetration tester. Lack of packet injection and monitor-mode supported wifi chipsets, non-standard BIOS’s, and the stripped down ChromeOS distribution of Linux may frustrate some users who prefer a more powerful setup while they are on the road. Therefore, I’d like to pay respects to a discontinued model of netbook that is in plentiful supply on craigslist, and has the hardware and design to match the needs required by security students and professionals. I introduce, the Acer Aspire One D270.

The Hardware:

• Processor:

x86 Intel Atom Dual-Core 1.6GHz

• Wifi chipset:

The wifi chipset in this netbook is an Atheros card, a well known brand within the network security community that supports packet injection as well as monitor-mode. Atheros cards are one of the most supported cards when it comes to penetration testing.

6-Cell Lithium Battery:

The battery life of this netbook can last anywhere from 2 – 6 hours on a single charge depending on workload endured. If you are trying to bruteforce a hash, don’t expect the battery to last long though.

Modular Design:

This netbook was designed without soldered on ram chips and hard drives, most parts can be replaced, and the system is very repairable. Any 2.5″ drives will fit into this netbook, as well as any DDR3 SODIMM RAM chips. However, the motherboard has a RAM limit of 2GB, so any chips larger than this capacity will not be fully utilized. The keyboard is also fully replaceable.

The Firmware:

• BIOS:

A standard BIOS is implemented in this netbook, any PC user should feel right at home. Note that there is no overclocking support in the default BIOS.

The Software:

• Windows:

Ships with Windows 7 Starter. Can run sluggish under windows and it is not recommended to upgrade to a larger version of windows based on limited hardware performance.

• Linux:

Runs as smooth as butter. All hardware is supported with no configuration on a stock linux kernel.