DROIDSHEEP

DROIDSHEEP SESSION HIJACKING ANDROID APPLICATION: 
Droidsheep is free alternate of faceniff which is available on download droidsheep website for free.Its one click hijacking tool which supports

- amazon.de
– facebook.com
– fl ickr.com
– twitter.com
– linkedin.com
– yahoo.com
– live.com
– google.de (only the non-encrypted services like “maps”)


Limitations of Droidsheep

DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data

What do you need to run DroidSheep?
- You need an android-powered device, running at least version 2.1 of Android
- You need Root-Access on your phone (link)
- You need DroidSheep (You can get it in the “GET IT” section)


you can download Droidsheep android application here

Anti-Android Application for Hacking Network

Security researcher recently at the Defcon 19 conference has demonstrated new android application-ANTI which aims at the white hat sort that looks to find vulnerabilities that can be patch to make the network or device more secure. So clearly the app can also be used to hack networks and steal data without authentication. The app allows the user to scan for WiFi networks, open networks, and run a trace route to find IP addresses for servers. Once the target the user wants to attack is found they can execute attacks using vulnerabilities in out of date software.

“We wanted to create a penetration testing tool for the masses, says Itzhak “Zuk” Avraham, founder of Tel-Aviv-based Zimperium. “It’s about being able to do what advanced hackers do with a really good implementation. In your pocket.” 

 Anti application is equipped with  few exploits: One aimed at a bug in Windows–the same flaw exploited by the Conficker worm in 2009–another targeting default SSH passwords in jailbroken iPhones, and a third exploiting a vulnerable, older version of Android. Zimperium has also built a Windows trojan that allows Anti to perform automated commands on hijacked machines like taking a screenshot, ejecting a CD, or opening the calculator, a common penetration-testing demonstration.

Android is taking a serious entry in penetration testing with application like nmap, metasploit, faceniff(which proved revolution)

We will keep u updated as soon as videos & other presentations of defcon 19 are made public.

source

Mobile Security:Hakin 9 E-Book

Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet as a FREE download. It is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications.

• Passware Forensic Kit 10.3 Review by MICHAEL MUNT
• SpyShelter Application review by DAVID KNIFE
• How to use Netcat by MOHSEN MOSTAFA JOKAR
  Netcat is a network utillity for reading and writing network connections that support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP ports on a target system and hackers use it with telnet to gain shell access to the target system.
• Security – Objectives, Process and Tips by RAHUL KUMAR GUPTA
  In a world where business is moving towards e-commerce and happening over the Internet, B2B, B2C, and C2C applications have always been an area of major security concern due to the pitfalls of HTTP security and the number of integration points.
• The Backroom Message That’s Stolen Your Deal by YURY CHEMERKIN
  Do you want to learn more about bigwig? Is someone keeping secrets from you? Need to silently record text messages, GPS locations and call info of your child or employee? Catch everybody at whatever you like with our unique service.
• Smartphones Security and Privacy by REBECCA WYNN
  All the threats that attack your enterprise computer centers and personal computer systems are quickly encompassing mobile devices.
• Defending Cell Phones and PDA’s by GARY S. MILIEFSKY
  We’re at the very early stages of Cell Phone and PDA exploitation through ‘trusted’ application downloads, Bluetooth attacks and social engineering. With so many corporations allowing these devices on their networks or not knowing how to block their gaining access to corporate and government network resources, it’s a very high risk situation.
• Special report: My RSA Conference 2011 Trip Report by GARY S. MILIEFSKY
  Annual Trek to the Greatest INFOSEC Show on Earth. What’s New and Exciting Under the Big Top of Network Security.
• Mobile Malware Trends and Analysis by JULIAN EVANS
  Over the past few years there has been much speculation about when mobile malware will start to proliferate, but as yet it doesn’t appear to have happened. Over the past 12 months though there has been some interesting developments concerning mobile malware. This feature will look at some of these and also highlight some of the mobile trends. Firstly let us look at the mobile malware life cycle.
• Why are Zero-Days Such a Big Deal? by MATTHEW JONKMAN
  Sounds like a stupid question at first. They’re a big deal because they’re vulnerabilities, and vulnerabilities are bad. Right? So why do we freak out about zero-days?
• Death Knell Sounds For Traditional Tokens by Andrew Kemshall
  There is an often used phrase that the stars have aligned but, in 2011, it is the technology that has come together to hammer the final nail into the physical tokens’ coffin. The cynical among you would argue that this statement has been made before and yes, I concede that tokens have survived and are still prevalent, so, why is this year different? Let’s examine the evidence.

Don’t know why netcat is referred to a Trojan in here though! Inorder to download the free magazine, you need to be registered with the site. So, what are you waiting for? Go ahead and register yourselves and download the free e-book here.

Mobile Security:Hakin 9 E-Book

Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet as a FREE download. It is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications.

• Passware Forensic Kit 10.3 Review by MICHAEL MUNT
• SpyShelter Application review by DAVID KNIFE
• How to use Netcat by MOHSEN MOSTAFA JOKAR
  Netcat is a network utillity for reading and writing network connections that support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP ports on a target system and hackers use it with telnet to gain shell access to the target system.
• Security – Objectives, Process and Tips by RAHUL KUMAR GUPTA
  In a world where business is moving towards e-commerce and happening over the Internet, B2B, B2C, and C2C applications have always been an area of major security concern due to the pitfalls of HTTP security and the number of integration points.
• The Backroom Message That’s Stolen Your Deal by YURY CHEMERKIN
  Do you want to learn more about bigwig? Is someone keeping secrets from you? Need to silently record text messages, GPS locations and call info of your child or employee? Catch everybody at whatever you like with our unique service.
• Smartphones Security and Privacy by REBECCA WYNN
  All the threats that attack your enterprise computer centers and personal computer systems are quickly encompassing mobile devices.
• Defending Cell Phones and PDA’s by GARY S. MILIEFSKY
  We’re at the very early stages of Cell Phone and PDA exploitation through ‘trusted’ application downloads, Bluetooth attacks and social engineering. With so many corporations allowing these devices on their networks or not knowing how to block their gaining access to corporate and government network resources, it’s a very high risk situation.
• Special report: My RSA Conference 2011 Trip Report by GARY S. MILIEFSKY
  Annual Trek to the Greatest INFOSEC Show on Earth. What’s New and Exciting Under the Big Top of Network Security.
• Mobile Malware Trends and Analysis by JULIAN EVANS
  Over the past few years there has been much speculation about when mobile malware will start to proliferate, but as yet it doesn’t appear to have happened. Over the past 12 months though there has been some interesting developments concerning mobile malware. This feature will look at some of these and also highlight some of the mobile trends. Firstly let us look at the mobile malware life cycle.
• Why are Zero-Days Such a Big Deal? by MATTHEW JONKMAN
  Sounds like a stupid question at first. They’re a big deal because they’re vulnerabilities, and vulnerabilities are bad. Right? So why do we freak out about zero-days?
• Death Knell Sounds For Traditional Tokens by Andrew Kemshall
  There is an often used phrase that the stars have aligned but, in 2011, it is the technology that has come together to hammer the final nail into the physical tokens’ coffin. The cynical among you would argue that this statement has been made before and yes, I concede that tokens have survived and are still prevalent, so, why is this year different? Let’s examine the evidence.

Don’t know why netcat is referred to a Trojan in here though! Inorder to download the free magazine, you need to be registered with the site. So, what are you waiting for? Go ahead and register yourselves and download the free e-book here.

Android Trojan Highlights Risks of Open Markets

Android enthusiasts have long championed Google’s “open” philosophy towards the smartphone platform. The recent appearance of a new Trojan horse in unofficial Android app venues, however, may cause users to think twice about how open they want the platform to be.

The app in question, Android.Walkinwat, appears to be a free, pirated version of another app, “Walk and Text.” The real version is available for purchase in Google’s official Android Market for a low price ($1.54).

If you download the fake app (from unofficial markets for Android apps) and install it, it redirects you to the actual app on the Android marketplace — but in the background, it sends the following embarrassing SMS message to your entire phone book:

Hey,just downlaoded [sic] a pirated app off the internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Dont steal like I did!

Egregious spelling and grammatical errors aside, the text message serves as a reminder of the risks to those willing to go outside of the official Market for apps.

“Someone downloaded the app, inserted their malware, and uploaded it onto other non-official marketplaces,” Symantec mobile team product manager John Engels told Wired.com in an interview.

In other words, if you go outside the official Market, things may not be what they seem, and there’s no guarantee that what you download is what you actually want.

Google maintains clear content policies on all apps that are uploaded to the official Android Market, and developers know well enough in advance what those policies are, and how not to break them. Whenever an app in clear violation of Google’s policies shows up in the Market — like, say, a piece of malware — Google’s Android engineers are often quick to quash it.

But if you’re not one for pesky rules and regulations and want to see what the non-Google-sanctioned markets have to offer, all it takes to access them on an Android device is for you to uncheck a box on a settings page, allowing your phone to install apps from “unknown sources.”

To a certain degree, this isn’t a huge issue for the novice user. Many outside applications are hosted on file sharing websites that users like your grandmother probably aren’t frequenting. And unless they’ve tried to install these outside applications by sideloading them, they’ve probably never unchecked the unknown source’s permissions box to begin with.

But last week’s debut of Amazon’s new App Store may have changed that. In order to install Amazon’s App Store on an Android device, you first must uncheck that permissions box. While there may be no immediate risks associated with downloading apps from Amazon’s App Store, it opens the door for users to allow other unofficial — and therefore riskier — apps to be installed on their devices, from other sources.

“As soon as you flip that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” security researcher Charlie Miller told Wired in a previous interview.

“The threat will persist so long as people continue to download pirated software from peer-to-peer networks,” Webroot threat research analysts Armando Orozco and Andrew Brandt told Wired.com.

They say sticking to the Android Market is your safest bet, but if you’re still compelled to go outside the official box for your apps, whether it be to Amazon’s App Store or another unofficial market, you should “scrutinize the permissions the App requests, and don’t install it if it wants access to certain functions (like the ability to send SMS messages) that the app shouldn’t need to access.”

But doesn’t staying within the confines of the Android Market defeat the purpose of choosing a platform with such an “open” philosophy? If you want a stricter, closed system with stringent regulation on its apps via a review process, you might as well buy an iPhone.

“Android users enabling sideloading doesn’t necessarily lead to piracy or installation of apps from unsafe sources,” says Alicia diVittorio, a spokewoman for Lookout Mobile Security. “In fact, it’s great to have another source for consumers to download apps from a reputable brand like Amazon.”

Indeed, Amazon’s Appstore isn’t a great deal different from Apple’s App Store: Both companies require an intense review and approval process before making any developer’s submitted applications available for purchase.

Essentially, there’s an inherent risk that comes with downloading apps for a device with an attitude of openness like the Android. Even the official Market is susceptible to infiltration by malware, as evidenced by the swath of malicious apps pulled from the store earlier this month.

But in a relatively free and open domain such as Android’s, the risk remains the price of admission.

Android Trojan Highlights Risks of Open Markets

Android enthusiasts have long championed Google’s “open” philosophy towards the smartphone platform. The recent appearance of a new Trojan horse in unofficial Android app venues, however, may cause users to think twice about how open they want the platform to be.

The app in question, Android.Walkinwat, appears to be a free, pirated version of another app, “Walk and Text.” The real version is available for purchase in Google’s official Android Market for a low price ($1.54).

If you download the fake app (from unofficial markets for Android apps) and install it, it redirects you to the actual app on the Android marketplace — but in the background, it sends the following embarrassing SMS message to your entire phone book:

Hey,just downlaoded [sic] a pirated app off the internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Dont steal like I did!

Egregious spelling and grammatical errors aside, the text message serves as a reminder of the risks to those willing to go outside of the official Market for apps.

“Someone downloaded the app, inserted their malware, and uploaded it onto other non-official marketplaces,” Symantec mobile team product manager John Engels told Wired.com in an interview.

In other words, if you go outside the official Market, things may not be what they seem, and there’s no guarantee that what you download is what you actually want.

Google maintains clear content policies on all apps that are uploaded to the official Android Market, and developers know well enough in advance what those policies are, and how not to break them. Whenever an app in clear violation of Google’s policies shows up in the Market — like, say, a piece of malware — Google’s Android engineers are often quick to quash it.

But if you’re not one for pesky rules and regulations and want to see what the non-Google-sanctioned markets have to offer, all it takes to access them on an Android device is for you to uncheck a box on a settings page, allowing your phone to install apps from “unknown sources.”

To a certain degree, this isn’t a huge issue for the novice user. Many outside applications are hosted on file sharing websites that users like your grandmother probably aren’t frequenting. And unless they’ve tried to install these outside applications by sideloading them, they’ve probably never unchecked the unknown source’s permissions box to begin with.

But last week’s debut of Amazon’s new App Store may have changed that. In order to install Amazon’s App Store on an Android device, you first must uncheck that permissions box. While there may be no immediate risks associated with downloading apps from Amazon’s App Store, it opens the door for users to allow other unofficial — and therefore riskier — apps to be installed on their devices, from other sources.

“As soon as you flip that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” security researcher Charlie Miller told Wired in a previous interview.

“The threat will persist so long as people continue to download pirated software from peer-to-peer networks,” Webroot threat research analysts Armando Orozco and Andrew Brandt told Wired.com.

They say sticking to the Android Market is your safest bet, but if you’re still compelled to go outside the official box for your apps, whether it be to Amazon’s App Store or another unofficial market, you should “scrutinize the permissions the App requests, and don’t install it if it wants access to certain functions (like the ability to send SMS messages) that the app shouldn’t need to access.”

But doesn’t staying within the confines of the Android Market defeat the purpose of choosing a platform with such an “open” philosophy? If you want a stricter, closed system with stringent regulation on its apps via a review process, you might as well buy an iPhone.

“Android users enabling sideloading doesn’t necessarily lead to piracy or installation of apps from unsafe sources,” says Alicia diVittorio, a spokewoman for Lookout Mobile Security. “In fact, it’s great to have another source for consumers to download apps from a reputable brand like Amazon.”

Indeed, Amazon’s Appstore isn’t a great deal different from Apple’s App Store: Both companies require an intense review and approval process before making any developer’s submitted applications available for purchase.

Essentially, there’s an inherent risk that comes with downloading apps for a device with an attitude of openness like the Android. Even the official Market is susceptible to infiltration by malware, as evidenced by the swath of malicious apps pulled from the store earlier this month.

But in a relatively free and open domain such as Android’s, the risk remains the price of admission.