Saturday, June 4, 2016

Ten hidden controls of the iPhone headphones

Ten hidden controls of the iPhone headphones

The iPhone headphones (or any headphones with a mic and remote) can control your iPhone, iPad, or iPod Touch in up to 10 different ways.
It's never too late to discover that those boring, all-white headphones Apple threw in with your iPhone can do a lot more than adjust the volume.
In fact, any headphones that include a remote (or have a remote adapter attached) can be used to control your iPhone, iPad, or iPod Touch in up to 10 ways.
There are all the ways you can use your headphones as a remote controller, allowing you to perform useful functions without taking your iDevice out of your pocket.

1.If you're listening to music, toggle pause or play by tapping the center button once.

2.To fast-forward a song, tap the center button twice and long-press on the second tap.

3.To rewind a song, tap three times and long-press on the third tap.

4.To skip a song, double tap.

5.To go to the previous song, triple tap.

6.If you have an incoming call, tap the center button once to answer. Tap again to hang up.

7.To ignore an incoming call, long-press the center button. You'll hear two beeps to confirm that the       caller was sent to voice mail.

8.If you're on the phone and you get a new call, tap the center button once to switch calls. To end that new call, hold the center button down for 2 seconds.

9.You can achieve supersteady shots by using your headphones as a shutter release. Tap the volume-up button to capture a photo.

10.For iPhone 4S owners: prompt Siri by long-pressing the center button.

Saturday, March 19, 2016

Bootkit & Nemesis

What Is a Bootkit, and Is Nemesis a Genuine Threat?

The threat of picking up a virus is very real. The omnipresence of unseen forces working to attack our computers, to steal our identities and raid our bank accounts is a constant, but we hope that with the right amount of technical nous and a smattering of luck, everything will be okay.
However, as advanced as antivirus and other security software is, would-be attackers continue to find new, devilish vectors to disrupt your system. The bootkit is one of them. While not entirely new to the malware scene, there has been a general rise in their use and a definite intensification of their capabilities.
Let’s look at what a bootkit is, examine a variant of the bootkit, Nemesis, andconsider what you can do to stay clear.

What Is A Bootkit?

To understand what a bootkit is, we’ll first explain where the terminology comes from. A bootkit is a variant of a rootkit, a type of malware with the ability to conceal itself from your operating system and antivirus software. Rootkits are notoriously difficult to detect and remove. Each time you fire-up your system, the rootkit will grant an attacker continuous root level access to the system.

A rootkit can be installed for any number of reasons. Sometimes the rootkit will be used to install more malware, sometimes it will be used to create a “zombie” computer within a botnet, it can be used to steal encryption keys and passwords, or a combination of these and other attack vectors.
Boot-loader level (bootkit) rootkits replace or modify the legitimate boot loader with one of its attackers’ design, affecting the Master Boot Record, Volume Boot Record, or other boot sectors. This means that the infection can be loaded before the operating system, and thus can subvert any detect and destroy programs.
Their use is on the rise, and security experts have noted a number of attacks focused on monetary services, of which “Nemesis” is one of the most recently observed malware ecosystems.

A Security Nemesis?

No, not a Star Trek movie, but a particularly nasty variant of the bootkit. The Nemesis malware ecosystem comes with a wide array of attack capabilities, including file transfers, screen capture, keystroke logging, process injection, process manipulation, and task scheduling. FireEye, the cybersecurity company who first spotted Nemesis, also indicated that the malware includes a comprehensive system of backdoor support for a range of network protocols and communication channels, allowing for greater command and control once installed.

In a Windows system, the Master Boot Record (MBR) stores information relating to the disk, such as the number and layout of partitions. The MBR is vital to the boot process, containing the code which locates the active primary partition. Once this is found, control is passed to the Volume Boot Record (VBR) which resides on the first sector of the individual partition.
The Nemesis bootkit hijacks this process. The malware creates a custom virtual file system to store Nemesis components in the unallocated space between partitions, hijacking the original VBR by overwriting the original code with its own, in a system dubbed “BOOTRASH.”
“Prior to installation, the BOOTRASH installer gathers statistics about the system, including the operating system version and architecture. The installer is capable of deploying 32-bit or 64-bit versions of the Nemesis components depending on the system’s processor architecture. The installer will install the bootkit on any hard disk that has a MBR boot partition, regardless of the specific type of hard drive. However, if the partition uses the GUID Partition Table disk architecture, as opposed to the MBR partitioning scheme, the malware will not continue with the installation process.”
Then, each time the partition is called, the malicious code injects the awaiting Nemesis components into Windows. As a result, “the malware’s installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware,” leaving an uphill struggle for a clean system.
Funnily enough, the Nemesis malware ecosystem does include its own uninstall feature. This would restore the original boot sector, and remove the malware from your system — but is only there in case the attackers need to remove the malware of their own accord.

UEFI Secure Boot

The Nemesis bootkit has largely affected financial organizations in order to gather data and siphon funds away. Their use doesn’t surprise Intel senior technical marketing engineer, Brian Richardson, who notes “MBR bootkits & rootkits have been a virus attack vector since the days of “Insert Disk in A: and Press ENTER to Continue.” He went onto explain that while Nemesis is undoubtedly a massively dangerous piece of malware, it may not affect your home system so readily.

Windows systems created in the last few years will have likely been formatted using a GUID Partition Table, with the underlying firmware based on UEFI. The BOOTRASH virtual file system creation portion of the malware relies on a legacy disk interrupt that won’t exist on systems booting with UEFI, while the UEFI Secure Boot signature check would block a bootkit during the boot process.
So those newer systems pre-installed with Windows 8 or Windows 10 may well be absolved of this threat, for now at least. However, it does illustrate a major issue with large companies failing to update their IT hardware. Those companies still using Windows 7, and in many places still using Windows XP, are exposing themselves and their customers to a major financial and data threat.

The Poison, The Remedy

Rootkits are tricky operators. Masters of obfuscation, they are designed to control a system for as long as possible, harvesting as much information as possible throughout that time. Antivirus and antimalware companies have taken note and a number of rootkit removal applications are now available to users:
Even with the chance of a successful removal on offer, many security experts agree that the only way to be 99% sure of a clean system is a complete drive format – so make sure to keep your system backed-up!

10 Best Android Apps

10 Best Android Apps Not in the Play Store

There are well over a million apps in the Play Store, covering just about every topic imaginable. But there are others that haven’t made it into Google’s app store for one reason or another, and some of them are well worth investigating.
These apps are easy to install, so long as you know where to find them. Remember that in most cases you won’t be alerted when they are updated, so it’s a good idea to check back with the download location from time to time to ensure you’re always running the latest version.
Now, let’s take a look at the best apps you won’t find in the Play Store.

Amazon Underground

The official Amazon app is one of the most popular shopping apps on the Play Store, with tens of millions of downloads. But if you’re still using it instead of the Amazon Underground app, you’re missing out.

Download Amazon Underground direct from Amazon instead, and you’ll get the real deal. This app gives you all the usual shopping features along with access to the Amazon Appstore. More importantly, it includes Underground Apps, a selection of $20,000 worth of apps, games, and in-app purchases available for free.
With choice picks ranging from some of the best Android games like Monument Valley, Threes!, and Star Wars: Knights of the Old Republic, to powerful productivity suites like Office Suite Professional (normally $14.99), Amazon Underground is essential for all Android users.

Amazon Video

Once you’ve got Amazon Underground installed, you can also download Amazon Video.

This enables you to watch your Amazon Prime Instant Video subscription on anyAndroid phone or tablet. Without it, access to the streaming service is limited to Amazon’s own Fire tablets and Apple’s iPhone and iPad.

Humble Bundle

Another way to get paid games on the cheap, Humble Bundle offers regular bundles of games at a price that you set yourself.

Each bundle consists of ten games. You get three if you pay more than a dollar; seven if you pay more than the average price across all users; an eighth for paying more than $6; and two more get unlocked once the total revenue for the bundle reaches a certain level.
When you make a purchase, you also get to choose how your money is used — you can split it between the game developers, a charity of your choice, and Humble Bundle itself.
You can download the Humble Bundle app direct to your device, which you can use to download and update your purchased games, but you must buy them through the website first.

Real Money Poker Apps

If poker’s your thing, you won’t find it on the Play Store. Or, at least, none of the official apps from real money services. While they’re prevalent on Apple’s App Store, Android users need to sideload them.
Virtually all popular poker services have mobile apps, including PokerStars.

They’re not always easily found on their respective websites, but a simple Google search will help you locate the Android app for your chosen service. Just be sure to only download it from the official site, and not anywhere else.

Xposed Framework Installer

The Xposed Framework Installer is the must-have app for rooted Android phones. It gives apps — or modules, as they’re called — the ability to make system-level changes to your device, of the kind you would have previously needed to flash a custom ROM to achieve.
Installing Xposed on Android 4.4 (or lower) devices is as simple as installing an APK file; on 5.0 Lollipop and higher it requires an extra step.
Xposed Modules customize, tweak, and enhance your phone in pretty much every way imaginable. Some of the best Xposed Modules, including the permissions manager XPrivacy, can be downloaded through the Play Store. Others, such as theawesome GravityBox, need to be installed separately.

Tasker (Extended Trial)

Tasker is one of the most powerful apps available for Android, and it is available through the Play Store. However, this automation tool has a very steep learning curve and isn’t something you can properly evaluate within Google’s 2-hour refund window.
So, before you choose to buy it, head over to the Tasker website and grab the trial version. It lasts for seven days, and you can even uninstall and reinstall it to extend your trial period further.
For a head start, check out our guide to using Tasker.


MiXPlorer is a true hidden Android gem.
It is as comprehensive a file explorer as you can get, with a powerful search function, support for compressed file formats, integration with 19 cloud providers, built-in image and media players. Plus it has a text editor, full root capabilities, and lots more — all wrapped up in a customizable, Material-inspired design.

It’s completely free, and must be downloaded from the official support thread at xda-developers. The app continues to get updated on a regular basis too.


If you struggle to get a good night’s sleep, there’s a chance your smartphone use is to blame. Phone and tablet screens emit blue light at a frequency that tricks our brains into thinking it’s still daytime.
Short of not using your phone after sunset, the solution can be to use an app that filters the harmful blue light. It should help you sleep better and will reduce eyestrain as well.
The best blue-light filtering app for Android is CF.lumen, as it works in both root and non-root modes. You can download the app from the Play Store, through which you can unlock the advanced features via an in-app purchase. But if you download it straight from the source you can activate the Freeload mode, which enables you to unlock the Pro features without paying. Of course, if you like it, you should probably pay for it to support the developer.
That link also has versions that work on older devices — the Play Store one is Android 5.0 and later only.


Viper4Android is a very powerful audio equalizer app for rooted devices. You can use it to create and customize audio profiles for your phone’s internal speakers, as well as your headphones and Bluetooth audio devices.

It isn’t the easiest to use, but if you’re willing to invest the time to learn it, it can produce great results. The official version of this open source app can bedownloaded from here, while a thread with more information can be found over at
The version of V4A found in the Play Store is not the official one, by the way.

BlackBerry Priv Keyboard

It’s common for Android device manufacturers to install exclusive extra software on their phones. A lot of the time, this is a bad thing — it’s annoying bloatware that you’d rather remove — but occasionally, the apps are worthwhile and evendesirable to users of other devices.
In these cases, you can trust the developers at Android enthusiast site XDA-Developers to pull the apps and make them more widely available.

The best recent example is the rather splendid keyboard app for the BlackBerry Priv. It’s fast and intelligent, very cleanly designed, and comes packed with the kind of shortcuts and tricks that were the hallmarks of the classic BlackBerry devices.
Remember, this is all very unofficial, so it’s liable to disappear, and you may encounter bugs with the software. Download from here.

Other Apps

Many of the apps that aren’t in the Play Store are absent for a reason. This usually means that they breach the Store’s terms of service in some way.
Sometimes this can be for innocuous reasons, such as the ban on third party app stores. Other times, it can be because they sit in a legal gray area. There are plenty of apps like this, some of which are pretty good. Videoder is a YouTube downloader that clearly breaches YouTube’s ToS, but may be legal under “fair use” laws.Transdroid is a stylish torrent management client, and Mobdro is a video-streaming app that works along similar lines to the controversial Popcorn Time.
Just remember that downloading from unofficial sources doesn’t give you the protections you get when when getting apps from the Play Store, and if you venture too far from the mainstream, you should be sure you know exactly what you’re downloading and where it came from.

Saturday, November 28, 2015


Li-Fi Tested For 1st Time In Real World And It’s 100 Times Faster Than Wi-Fi

Li-Fi is finally moving out of the research labs to the real world environments. This super-fast alternative to Wi-Fi has been tested in a commercial context by Velmenni, an Estonian startup.
This technology uses visible light to transmit high-speed data. Earlier this year, Li-Fi was tested in the labs and it achieved speeds of 224 gigabits per second. Now, in Estonia, in the first time field testing, it has been reported that Li-Fi achieved a data transmission rate of 1GB per second i.e., 100 times the current average Wi-Fi speeds.
Li-Fi dates back to 2011, when it was invented by Harald Haas of the University of Edinburg. Using a single LED, he demonstrated that it could transmit more data than a cellular tower. Now, testing it in the real-life scenarios, Velmenni has designed a smart lighting solution for an industrial environment.
Deepak Solanki, CEO of Velmenni told IBTimes UK: “We are doing a few pilot projects within different industries where we can utilise the VLC (visible light communication) technology.”
Li-Fi allows greater security to the data on local networks as light can not pass through walls and ensures lesser interference due to other devices. Professor Haas, the Li-Fi inventor, has said in the past, that every future LED bulb could be used to beam ultra-fast internet via Li-Fi.
It should be noted that Li-Fi might not completely replace the existing Wi-Fi technology as ripping off all the existing Wi-Fi infrastructure doesn’t seem very economical. However, it can be used to complement Wi-Fi as a parallel network.
Watch the TED talk video of professor Haas, where he explains Li-Fi:

Top ten operating systems for ethical hackers and security researchers

A comprehensive list of most popular operating systems among hackers all around the world.

Back in August, we had posted a list of top ten hacker tools. Now we have advanced it one step further to bring you the best operating systems for hackers.

This time it is about operating systems, which have almost every necessary tool provided within. But before we dive deep, it would be great to know why a machine with a hacking oriented OS installed in it is way better than a machine running a casual OS with some platform based hacking tools. It is because a dedicated machine has benefits of hardware utilisation, anonymity (it is a major issue of interest ), and software efficiency.
Here is the list of top ten. Note that these are based on Linux kernel hence are free and open source:

1- Kali Linux:

Kali Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub.You can get it


Backbox is a linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. BackBox is a lightweight OS and requires less hardware capacity. The power of this distribution is given by its Launchpad repository core constantly updated to the last stable version of the most known and used ethical hacking tools. The integration and development of new tools inside the distribution follows the commencement of open source community and particularly the Debian Free Software Guidelines criteria.

3-Parrot Security OS:

Parrot Security is an operating system based on Debian GNU/Linux mixed with Frozenbox OS and Kali linux in order to provide the best penetration and security testing experience. it is an operating system for IT security and penetration testing developed by the Frozenbox Dev Team. It is a GNU/Linux distribution based on Debian and mixed with Kali.
Parrot uses Kali repositories in order to take latest updates for almost all the tools, but it also has its own dedicated repository where all the custom packets are kept. This is why this distro is not just a simple Kali “mod” but entire new concept which relies on Kali’s tool repositories. As such, it introduces a lot of new features and different developing choices.Parrot uses MATE as a Desktop Environment. Lightweight and powerful interface is derived from famous Gnome 2, and thanks to FrozenBox highly customizable with captivating icons, ad-hoc themes and wallpapers. System look is proposed and designed by the community members and also members of Frozenbox Network, who are closely following the development of this project. 
Click here to download.


Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams and companies. Each of these works might come under a different licence. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the deft install CD.
It can be downloaded here.

5-Samurai Web Security Framework:

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
You can simply click here to download.

6-Network Security Toolkit:

Network Security Toolkit (NST) is a bootable live CD based on Fedora Core. The toolkit was designed to provide easy access to best-of-breed open source network security applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of open source network security tools.
What we find rather fascinating with NST is that we can transform most x86 systems (Pentium II and above) into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, a virtual system service server, or a sophisticated network/host scanner.
NST can be downloaded here.


It is said the necessity is the mother of all invention, and NodeZero Linux is no different. There team is built of testers and developers, who have come to the census that live systems do not offer what they need in their security audits. Penetration Testing distributions tend to have historically utilized the “Live” system concept of linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot, and run from media such as discs and USB’s drives. However all that this maybe very handy for occasional testing, its usefulness can be depleted when your testing regularly. Its there believe that “Live System’s” just don’t scale well in a robust testing environment.
All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
Download here.


GnackTrack is an open and free project to merge penetration testing tools and the linux Gnome desktop. GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu.
Backtrack is not only a single player in the field of ethical hacking, so you can try some other distribution as well, if you are Gnome lover than must try this, however backtrack 5 is also available on Gnome platform. Just like backtrack, Gnacktrack comes with multiple tools that are really helpful to do a effective penetration testing, it has Metasploit, armitage, wa3f and others wonderful tools.
Download here.


Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It’s currently being built using the Ubuntu 10.10 and work on reference BackTrack.
Download here.

10- Backtrack

The other well known linux based Operating system is backtrack that is being used from few pwevious years and best known as the OS for network cracking and pentesting. And its also the one of the best OS that can perform various network hacks with privacy. Download here.


Bugtraq isnt a operating system but  an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
Bugtraq team is experienced freaks and developers, It is available in Debian, Ubuntu and OpenSuSe in 32 and 64 bit architectures.