Search the Community
Showing results for tags 'messages'.
A new social network has been launched, vowing more transparency, security, and privacy than Facebook and other social media giants. Backed by the hacktivist group Anonymous, it will encrypt all messages, shielding data from governments and advertisers. At first glance, Minds.com appears similar to any other social network. It provides a person's followers with the latest updates, allowing their friends to comment and promote posts. But the major difference exists behind the scenes. Minds.com doesn't aim to profit from gathering data. In fact, its goal is the opposite – to encrypt all messages so they can't be read by governments or advertisers. The social network will also reward users for interacting with posts. This can be done by voting, commenting or uploading. The rewards will come in the form of points, which can be exchanged for “views” of your posts. Simply put, the more active you are, the more your posts will be promoted by the social network. Mai mult aici:Anonymous backs new encrypted social network to rival Facebook — RT News https://www.minds.com/
Pushers of the Dridex banking malware have gone old-school for some time now, moving the malware through phishing messages executed by macros in Microsoft Office documents. While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social engineering that urges the user to enable macros—with directions included—in order to view an important invoice, bill or other sensitive document. The cat and mouse game between attackers and defenders took another turn recently when researchers at Proofpoint discovered that a recent spate of phishing messages contained macros-based attacks that did not execute until the malicious document was closed. The technique, which involves the inclusion of an AutoClose method, which helps the malware sample evade detection. “The user is enticed to enable macros and open the attachment, and when they open it, they see a blank page and, under the hood, nothing bad happens,” said a Proofpoint advisory. “Instead, the malicious action occurs when the document is closed. The macro payload, in this case, listens for a document close event, and when that happens, the macro executes.” The use of this type of VBscript function, Proofpoint said, is effective against sandbox detection capabilities. Malware that delays execution isn’t necessarily a new evasion tactic, but attackers have been getting innovative about side-stepping security protections in place. For example, sandboxes and intrusion detection software became wise to short delays in execution times. By executing only when the document closes, this current string of Dridex seems to have taken the next step. “As sandboxes have adjusted to also ‘wait,’ the ability of the malicious macro to run when the document closes expands the infection window and forces a detection sandbox to monitor longer and possibly miss the infection altogether,” Proofpoint said. “No matter how long the sandbox waits, infection will not occur, and if the sandbox shuts down or exits without closing the document, the infection action will be missed entirely.” Dridex, once it’s implanted on the compromised machine behaves like most banking malware. It waits for the user to visit their online banking account and injects code onto the bank’s site and captures user credentials via an iframe. Dridex and its cousin Cridex are members of the GameOver Zeus family, which is also adept at wire fraud. GoZ uses a peer-to-peer architecture to spread and send stolen goods, opting to forgo a centralized command-and-control. P2P and domain generation algorithm techniques make botnet takedowns difficult and extend the lifespan of such malware schemes. Previous Dridex campaigns have spread via Excel documents laced with a malicious macro. Earlier this month, researchers at Trustwave found a spike of phishing messages using XML files as a lure. The XML files were passed off as remittance advice and payment notifications, and prey on security’s trust of text documents to get onto machines. These older Dridex campaigns targeted U.K. banking customers with spam messages spoofing popular companies either based or active in the U.K. Separate spam spikes using macros started in October and continued right through mid-December; messages contained malicious attachments claiming to be invoices from a number of sources, including shipping companies, retailers, software companies, financial institutions and others. Source
The sanctity of Apple iMessage end-to-end encryption has been challenged by white hats who in 2013 reverse engineered the protocol behind it, revealing that Apple controls the key infrastructure and could, in turn, be compelled to turn over messages via government order. CEO Tim Cook denied those charges last September in an interview, but nonetheless, confidence in the security of messages sent over iMessage hasn’t been 100 percent since. Researcher Moxie Marlinspike’s Open WhisperSystems today released version 2.0 of the free Signal app for Apple iOS, which now adds end-to-end encrypted messaging to the encrypted voice calling introduced last July with Signal 1.0. The private messaging support for iPhone is free and open source—and not the last step for Marlinspike, who is also responsible for RedPhone, an app that encrypts calls on the Android platform, and TextSecure for Android, a private text and chat app that is at the heart of today’s Signal 2.0 release for the iPhone. “We’re going to unify TextSecure and RedPhone into Signal on Android, release a desktop version of Signal, and keep working to push the envelope of secure protocols and private communication,” Marlinspike said of his planned product road map. For now, the availability of Signal 2.0 for iOS brings a measure of privacy and secure communication that’s been in question since the QuarksLab report of 2013. “It’s technically possible that someone in control of Apple’s servers could intercept your communication,” Marlinspike said, adding that Signal 2.0 now allows iPhone users to communicate privately with users on the Android platform. The protocol behind Signal 2.0 also supports forward secrecy, which essentially generates a new encryption key for each message, meaning that if a key were cracked in the future, not all messages would be in danger. Signal 2.0, Marlinspike also said, allows users to verify each other’s respective encryption keys, meaning that it would be an easy detect if an attacker was sitting in a man-in-the-middle position intercepting traffic between endpoints. For now, both ends of a conversation require Signal to be installed in order to assure secure communication, Marlinspike said. The simplicity of Signal should remove any impediment for privacy conscious users. The app uses the phone’s existing phone number and address book and does not require a separate log-in or authentication mechanism to manage. Users are able to send encrypted group messages (text, video, photos) and make encrypted phone calls worldwide without extra charges, Marlinspike said. “We cannot hear your conversations or see your messages, and no one else can either. No exceptions. You can even tap and hold on a contact’s name to see advanced identity verification options,” says Signal 2.0’s product description. “Everything in Signal is always end-to-end encrypted and painstakingly engineered in order to keep your communication safe.” The source code is available on Github for inspection, as well, Marlinspike said. Source
PHP Script to send and receive messages on WhatsApp I have been reading many tutorials for sending and receiving WhatsApp Messages via PHP but there is not a single Article Which explains properly with Steps that How To retrieve Your WhatsApp password Which is created and Stored when you create a WhatsApp Account on the WhatsApp Server which is the main Challenge as of now in other Articles. Thanks To this tool Which has Made 50% of the work Easy. https://github.com/shirioko/WART Okay So we will Quickly go through the Steps for WhatsApp Registration Tool : Go To the link https://github.com/shirioko/WART Download The Whole project by Clicking Clone to Desktop Run the WART-126.96.36.199 Exe File WART Enter Phone Number with Country Code (e.g. India Number : 91xxxxxxxxxx) P.s. Do not put any Special Symbol like (+91) for India Click on Request Code and You will Receive a Code from WhatsApp on the Entered Mobile Number. Now Verify that Code in 2nd Step and That’s it . You are here . Your password will Appear. P.s. Do not Share your password with Anyone Because it Can be used in loop for any Kind of messages. okay Now we are done with 50% of the task . Now we need to write the php Script Which will Send Messages to WhatsApp Registered Number. You will need 2 things for Sending Messages to WhatsApp through PHP : Username (WHICH IS YOUR MOBILE NUMBER WITH COUNTRY CODE) : 91xxxxxxxxxxx Password (Which You got From The WART.EXE TOOL Alright Sparky Lets Get this Done….. <?php require_once ‘./src/whatsprot.class.php’; $username = “919xxxxxxxxx”; //Mobile Phone prefixed with country code so for india it will be 91xxxxxxxx $password = “your password”; $w = new WhatsProt($username, 0, “Mayank Grover Blog”, true); //Name your application by replacing “WhatsApp Messaging” $w->connect(); $w->loginWithPassword($password); $target = ’91xxxxxxxxxxx’; //Target Phone,reciever phone $message = ‘Hello User !! This is a Tutorial for sending messages via php to WhatsApp Account’; $w->SendPresenceSubscription($target); //Let us first send presence to user $w->sendMessage($target,$message ); // Send Message echo “Message Sent Successfully”; ?> So Everything is Quite Clear in the above Script i.e. You need to set your Application Details Username as Mobile Number password Which you got from WART Tool Target as your Target Mobile Number and Lastly The message(Plain Text Which you need to send). Okay Now I know many Questions are Coming in your mind. In first line Require src/whatsprot.class.php What is This. ??? You Need to Download the WhatsApi from this Link . There You Will find the src directory with all the source files. Can we only Send Plain Text messages Or media like Images and Videos??? Yes we can send media file Also. So Next I will be writing php script to send Media file To any WhatsApp Account. SOURCE