Hillary Clinton's Phone Intercepted by German intelligence Agency

After the allegations that the U.S. National Security Agency (NSA) not only conducted mass surveillance on German citizens, but also spied on German Chancellor Angela Merkel’s own personal mobile phone for years, surveillance has become a big issue for Germany. So big, that Germany itself started spying on U.S.

According to the reports came from the German media on Friday, the German foreign intelligence agency known as Bundesnachrichtendienst (BND) hacked into at least one call during Hillary Clinton's time in office as US Secretary of State.

However, the time and location have not been disclosed, but Clinton's phone calls were interrupted during her phone conversations, according to the joint investigation done by German newspaperSüddeutsche Zeitung and German regional public broadcasters NDR and WDR.

Although, after the story broke, some sources from the German government have denied the allegations of Clinton’s phone calls interception and said that the call was picked up accidentally.

But, another source told the German newspaper that the call recording had not been destroyed immediately, which proves that it wasn't done accidentally.

While investigating, German media sources also found that the German government ordered the German intelligence agency BND to spy on an unnamed NATO partner state.

The news might not be shocking as in February 2014, the German government planned to resume active Counter Espionage Operations against both the US and several Western associate countries, after Suffering from spying by the US intelligence agency NSA and its British counterpart GCHQ. Del Spiegel reports that the operations would include actively tracking of the US agents, operating under diplomatic cover on German soil.

German Chancellor Angela Merkel, whose private mobile phone was also allegedly bugged by the NSA, also warned earlier that U.S. Spying operations are unacceptable. But according to many media reports,US snooping is ongoing.

The US-German relations became even more worse when in May 2014, Germany arrested a 31-year-old BND officer who admitted of working as a double agent and passing on more than 200 documents to US intelligence agencies in return for a total of 25,000 euros ($34,000) over a period of two years.

But, whom to be blamed, sooner or later this has to happen. NSA’s various spying programs gave reasons to all other countries to do the same and start their own Counter-Surveillance programs.

'Google Is Worse Than the NSA' — Rupert Murdoch

The United States National Intelligence Agency (NSA) or the largest Internet giant Google - According to you, which one is the worse?

NSA? But, according to the popular Media tycoon Rupert Murdoch (@rupertmurdoch), Google is worse than the NSA.

Murdoch, founder of global media holding company News Corporation - the world's second-largest media conglomerate, currently lives in Australia and is once more making the sort of news he'd prefer to be remembered for.

The 83-year old tweeted on Sunday, in which he labeled Google worse than the National Security Agency (NSA). The missive was as follows: “NSA privacy invasion bad, but nothing compared to Google.”

In past, Murdoch accused Google of stealing the content of his newspapers (yet never putting in place a robots.txt file that would prevent search engines crawling it) and has always criticised Google as allowing the theft of movies by indexing torrent sites.

In 2012, he was all riled up about piracy and said Google - the Piracy leader: “Piracy leader is Google who streams movies free, sells [advertisements] around them. No wonder pouring millions into lobbying.”

Back in April, he also tweeted: “Google attack on NSA extreme nerve. Google has more data on all of us and uses it. No evidence of NSA doing this. Ethical company?”

As usual, Murdoch's preferred Twitter style is to fire up something nasty and then disappear himself for few days.

So we don't have any idea about his complaint with the Internet giant, and also why he thinks Google is worse than the US spying agency NSA, which collects data on individuals it has no reason to suspect deserve any investigation whatsoever.

As of now, Rupert Murdoch is chief executive of News Corp. and 21st Century Fox, who closed a newspaper in Britain due to hacking of people’s phones and other controversies, to go after Google. He faces FBI and US government investigations into bribery and corruption and on 21 July 2012, resigned as a director of News International.

Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'

A Senior cryptography expert has claimed multiple issues with PGP email encryption - an open sourceend-to-end encryption to secure email.

Before continuing, I would like to clarify that covering this topic doesn't mean you should stop using PGP encryption, instead we are bringing to you what Security researcher has argued about its fundamental implications. 

PGP or Pretty Good Privacy, a program written in 1991, uses symmetric public key cryptography and hashing that allow both Privacy and Security, as well as Authenticity. Privacy and Security ensure users to exchange messages securely and Authenticity proves the origin of those messages.

But PGP is a complicated multi-step process, which requires users to keep track of the public keys of other users in order to communicate. Despite clumsiness of the PGP implementation, the popular Internet giants such as Google and Yahoo! have looked forward to integrate it into their popular email services.

A respected research professor Matthew Green, who lectures in computer science and cryptography at Johns Hopkins University in Maryland, argued that it's "time for PGP to die", describing the high-quality software as "downright unpleasant".

KEY MANAGEMENT ISSUES

According to the researcher, PGP key management "sucks." As Green says, "Transparent (or at least translucent) key management is the hallmark of every successful end-to-end secure encryption system."

Also, he says that there is "the need to trust a central authority to distribute keys," and as we know that Google, Yahoo and other major email providers will soon offer PGP encryption for their users, i.e., in other words, they will become the central authority to distribute the keys among their users.

So, one possible consequence of this is that users could be tricked into accepting a false replacement key from a key server or in some other way confuse their key management to the point of corrupting a communication path that used to be safe and allowing a man in the middle into the game. Assume, just in case if these central authorities are given order by law enforcement agencies or government to perform this task, your game is over.

SECRECY ISSUES

Green also complained that there's no forward secrecy, which means that if my private key is obtained by any intruder, it can be used to decrypt all my previously encrypted files and personal messages as well. But according to the researcher, the criticism is of "terrible mail client implementations."

“Many PGP-enabled mail clients make it ridiculously easy to send confidential messages with encryption turned off, to send unimportant messages with encryption turned on, to accidentally send to the wrong person's key (or the wrong subkey within a given person's key),” he wrote. “They demand you encrypt your key with a passphrase, but routinely bug you to enter that passphrase in order to sign outgoing mail -- exposing your decryption keys in memory even when you're not reading secure email.”

It's surprising that we have come a long way since the 1990s, but the usability of PGP has improved just a little. The Federal Government was so alarmed of people communicating securely using PGP email encryption that they started a criminal investigation of Phil Zimmerman, who offered PGP in 1991.

KEY USABILITY ISSUES

Researcher says that the problem lies in the nature of “PGP public keys” themselves, which are large and contain lots of extraneous information, therefore are really difficult to either print the keys on a business card or manually compare them.

“You can write this off to a quirk of older technology, but even modern elliptic curve implementations still produce surprisingly large keys,” Green wrote in his personal blog post. “Since PGP keys aren't designed for humans, you need to move them electronically. But of course humans still need to verify the authenticity of received keys, as accepting an attacker-provided public key can be catastrophic.”

“PGP addresses this with a hodgepodge of key servers and public key fingerprints. These components respectively provide (untrustworthy) data transfer and a short token that human beings can manually verify. While in theory this is sound, in practice it adds complexity, which is always the enemy of security.”

At the beginning of the month, Yahoo! announced to support end-to-end encryption using a fork of Google's secure end-to-end email extension. The outcome is that both Gmail and Yahoo! Mail are moving towards support PGP for encrypting mail. "As transparent and user-friendly as the new email extensions are, they're fundamentally just reimplementations of OpenPGP - and non-legacy-compatible ones, too," Green states.

According to Green, the solution of the problem is to stop plugging encryption software into today's plaintext email systems, and instead build networks that are designed from the base level to protect messages from eavesdroppers. He suggested TextSecure and DarkMail as potentially interesting projects that are looking forward to this direction.

Google Map Tracks Your Every Move. Check Your 'Location History' to Verify It

Google has been involved in several controversies including among the companies that was claimed to cooperate with US surveillance agencies on their global data-mining programmes, and just yesterday the popular Media tycoon Rupert Murdoch labeled Google worse than the NSA, saying “NSA privacy invasion bad, but nothing compared to Google.”

Now another, but already known controversy over the Internet giant has raised many concerns over privacy of users who carry their smartphones with them. We all have sensors in our pockets that track us everywhere we go i.e. Smartphones.

GOOGLE TRACKS YOU EVERYWHERE YOU GO

Today, with the help of these sensors, Google is tracking our every foot steps and placing a red dot on its map to keep track of users’ records, Junkee.com reports.

“You can yourself check your every move from here. You just need to log in with the same account you use on your Smartphone, that’s it. The map will display all the records of everywhere you've been for the last day to month on your screen,” Elizabeth Flux, editor of Voiceworks magazine wrote.

You can check your Location History Here.

LOCATION TRACKING - A WORRYING ISSUE

Location is one of the most sensitive elements in everyone’s life. Where people go in the evening, at vacations - every data is a part of one’s private life and the existence of that data creates a real threat to privacy. The absence of notifying users only means an ignorance to the privacy of users.

However, your records goes to the Google only if you have enabled ‘location services’ in your smartphone devices. If you have disabled this service in your phone then you will find no location data on the map.

Infact, if users disable their devices’ location service, apparently it somehow go switched back ON, if in case, any app wants access to their GPS location. So, it’s quite difficult to remain at the safer track.

In 2009, MPs criticised the Internet giant Google for its "Latitude" system, which allowed people to enable their mobile to give out details of their location to trusted contacts. At the time MPs said that Latitude "could substantially endanger user privacy", but Google pointed out that users had to specifically choose to make their data available.

WHY TRACKING

Google track on users, long been said, for the purpose of targeted advertisements. But tracking opens the door to surveillance not only by advertisers but governments as well.

Many third parties already track smartphones and tablets by picking up their user data for various purposes, mostly commercial or ad-related. Advertisers and retail stores can record location data about users in order to either serve certain location-related ads, or to better customize store layouts to maximize in-store impulse purchases.

TURN OFF LOCATION SERVICE

But, If Privacy matters you a lot, then turn Off location service on your device, and better avoid those apps that ask for your location data.

To disable the location service, select Settings > Privacy > Location and then untick the box next to Use my location.

After former NSA contractor Edward Snowden revealed about the Global Surveillance programs, Privacy has become an important issue for every individual. Despite implementing any ‘privacy’ settings, all our personal information is being collected and stored somewhere.

Teen Patti free chips tricks

Hello Friends!!
Today I am going to share something about teen Patti. This game is very popular in India. All are crazy for chips. And right now there is a huge business of selling teen Patti chips. I don’t care about these all stuff. All I want is to provide free chips to my readers.

So there are two tricks by which you can get free chips.

Side show trick

In this trick you have to make someone fool. The only Requirement is, you should play with two users on same table.

I observed Generally two friends playing on same table and steel someone’s chips. So there is a trick for you guys

There is a bug in teen Patti,

if a user request for side show to other user ,the other user has to stand up and sit again and accept the side show. If the card is pair of A or less then that user will be forcely packed due to bug. And the pot chips will be given to your friend.

If you are thinking that how is it possible to accept side show after siting on table but as I already said it is bug .try yourself now.

Note : the person who is requested side show must have less than pair of A. Otherwise he will not packed forcefully .

Unlimited bonus trick

This is boaring and time consuming process. There is another bug in this game. Everybody knows after 12 am you get daily bonus.

If you play from account “play as guest” then after 12 am when you received your bonus, don’t play any game just close the game and then again start it and play as guest. You will receive daily bonus again. This will work as much as you can restart your game.

Note: if you play any game from guest account after getting bonus, you will not get bonus on next restart. And then you have to wait for next day.

Thank you

How To Download Android APK’s Apps and Games Directly to your PC?

1.First of all go to APK Downloader By Evozi

2.Just paste the URL of the app which you want to download, in my case i’m downloading the Google Analytic App Note that you can download only the free apps through this trick.

3.Hit “Generate Download Link and you’ll get the details and the download link, Click the download link  and enjoy! 

Every good thing has a limitation,similarly you can’t use this trick to download many apps, after downloading 2-3 apps, you will get an errors saying that “You exceeded the maximum download limit of the day”.Don’t worry, we have a solution for this! In the same site,you’ll find the Google Chrome Extension which performs the same function, go download it here- APK Downloader For Chrome.

After downloading it, install the extension.And you’ll be redirected to the settings page.

Just put in your E-Mail which is used by the Google Play store. Follow the manual process mentioned there or just download the Android Device ID App By Evozi to find your GSF ID KEY and click the Sign In button. Now go to the Google Play store and find any of the app which you wanted to download, you’ll see a small icon of the APK Downloader in the to extreme right of the field in which you put the URL’s.

Click on that icon, once you click it, the APK File gets downloaded on to your PC.Copy the APK file to your Android Device,install it and enjoy! With this method you can keep downloading all the apps you need directly to your PC and later on transfer it to your phone. This will save your data pack in the mobile. Stay tuned for many more Tricks 

Worldview-3 — Satellite That Could Allow Google and U.S Government to See Your Face from Space

Majority of my articles are related to government spying, privacy and security issues of your online stuffs and also measures that you can adopt in protecting yourself from being spied on. But, your all efforts will soon be of no use - someone is about to secretly track your every footstep.

Google will soon get an eye in the space that will be enough powerful to see your face, thanks to the new satellite, WorldView-3 satellite, which is scheduled to launch later today (11:30 a.m. PST) from California's Vandenberg Air Force Base atop an Atlas 5 rocket by Lockheed Martin Commercial Launch Services, according to Motherboard.

DIGITAL EYE IN SPACE

WorldView-3 satellite is developed by a US-based company DigitalGlobe, one of the world’s leading global content providers of high-resolution earth imagery, supplying most online mapping services to the US government and NASA.

The satellite contains :

• Exelis-built 1.1 meter aperture telescope 
• Primary visible/SWIR sensor
• Ball Aerospace-developed CAVIS instrument, which stands for Clouds, Aerosol, water Vapor, Ice, and Snow.

The Ball Aerospace will monitor the atmosphere and provide appropriate data when atmospheric conditions obscure objects on Earth.

HIGHEST RESOLUTION IMAGERY

Two months ago, the U.S. government imposed legal restrictions on high-detail satellite imagery, although military satellites were free to use higher resolutions. Companies like DigitalGlobe were limited to capturing satellite imagery from 50 centimeters square of ground space per pixel, but are now free to capture satellite imagery up to 25 cm resolution — twice as detailed as the previous limit.

Now, today's launch of WorldView-3 satellite will offer DigitalGlobe customers images with four times the resolution of current machines. Its short-wave infrared sensors will also be able to capture images regardless of cloud or smoke cover. It will be able to photograph 680,000 square kilometres every day.

WHO WILL HAVE ACCESS TO IT

In short, it means that regular DigitalGlobe customers including Google, Microsoft, NASA, and multiple US federal agencies such as National Geospatial-Intelligence Agency — played a pivotal role in the seizure of Osama Bin Laden, will eventually be able to zoom in far closer than they are currently able to, and make out much more detail.

NEXT GENERATION SATELLITE
DigitalGlobe, which already has five satellites in orbit, is currently lobbying the US government for even further relaxation of the resolution restrictions, down to 10 cm per pixel maximum.

“At 25 centimeters, the images will be detailed enough to classify the make of a car,” the report states. “If the restrictions relax further, the plate number or owner’s face could come into clear view.”

GOOGLE WANTS YOUR MORE CLOSURE LOOK
Google, which recently acquired satellite company Skybox for $500m, also has plans to collect its own high-resolution satellite images in the future, with launch of 24 of its own satellites by 2018, which will capture images of the entire planet three times per day at a distance closer than 1 meter of resolution, and 90 seconds of video at 30 frames-per-second. The company has already launched two of its own satellites via Russian rockets.

Adobe Releases Critical Security Updates for Flash Player, Acrobat and Adobe Reader

Adobe has released security updates to fix seven vulnerabilities in its Flash and Air platforms and one in its Reader and Acrobat which, according to the company, is being exploited by attackers in wild "...in limited, isolated attacks targeting Adobe Reader users on Windows."

The vulnerabilities could allow an attacker to "take control of affected systems" marked critical by the company.

A new, out-of-band patch addresses a zero-day vulnerability (CVE-2014-0546) in Adobe Reader and Acrobat that offers an attacker the possibility to bypass sandbox protection and has been leveraged in "limited, isolated attacks" against Windows users.

"These updates resolve a sandbox bypass vulnerability that could be exploited to run native code with escalated privileges on Windows," Adobe warned.

The lone vulnerability in Adobe Acrobat and Reader was reported by Kaspersky Lab Global Research and Analysis Team director Costin Raiu and Vitaly Kamluk.

However, details of the vulnerability were not disclosed, but Raiu said in a blog post that exploits have been observed in a rare number of targeted attacks, and that it’s still important for everyone to patch as soon as possible.

“At the moment, we are not providing any details on these attacks as the investigation is still ongoing,” Raiu said. “Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible.”

The Apple OS X versions of Acrobat and Reader are not vulnerable. Only Reader and Acrobat versions 11.0.07 and earlier for Windows are affected, according to the company.

The other security update patches seven vulnerabilities in Flash Player, most of which are rated critical by the company, but none of the Flash vulnerabilities are being exploited in the wild, Adobe said.

Five of the updates resolved memory leakage vulnerabilities that can be used to bypass memory address randomization. Rest two patches address a security bypass vulnerability and a use-after-free flaw that could allow an attacker to remotely execute code on the affected system.

The affected versions are as follow:

• Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.394 and earlier versions for Linux
• Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh
• Adobe AIR 14.0.0.137 SDK and earlier versions
• Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions
• Adobe AIR 14.0.0.137 and earlier versions for Android

The company urged its users to apply the updates within three days on Windows, Mac, and Linux platforms. Users may update Acrobat and Reader with the Help > Check for Updates menu option. Flash Player users may download the latest version from Adobe. Users of Internet Explorer and Google Chrome on Windows 8 and above will receive browser updates from those companies with fixed versions of their integrated Flash Player.

Microsoft has also rolled out nine security updates to address at least 37 security holes in Windows and related software, including Internet Explorer, Windows Media Center, One Note, SQL Server, and SharePoint.

The company has also made some important changes this month. Microsoft announced that it will soon begin blocking out-of-date ActiveX controls for Internet Explorer users, and will support only the latest versions of the .NET Framework and IE for each supported operating system.

Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all.

In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of “secretly” stealing users’ information — including SMS messages and photos —from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider.

Security Researchers from F-Secure Antivirus firm has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to "api.account.xiaomi.com"  server located in China, including following information:

• IMEI Number of your phone
• IMSI Number (through MI Cloud)
• Your contacts and their details
• Text Messages

China-based smartphone company Xiaomi recently marked a successful entry into the Indian market this month. Earlier this year, the company also announced its Redmi Note, which, just like Xiaomi’s other handsets, was an affordable with almost all features that an excellent smartphone provides. However, the handset might be doing more than what it has been advertised.

Kenny Li of Hong Kong forum, IMA Mobile, recently noticed something odd with its Redmi Note smartphone. He discovered that the device continued to make connections with IP addresses in Beijing, China. The device kept trying to make the connection, even after switching off the company's iCloud-like MiCloud service.

Although it was pointed out that the transmissions occur only over Wi-Fi, though the device does stay in contact with the servers via small "handshakes" while using cellular data. Li then tried erasing the version of Android and installed a new version of Android, But the problem still persisted.

Previously China has accused companies like Google, Facebook, Microsoft, and Apple for spying on countries. So, what China is doing? The same.

Xiaomi, which is also known as Apple of China, has yet to respond to the allegations that the Redmi Note secretly sends user data to a China-based server.

If the allegations on the Xiaomi handset come true, it wouldn't be the first time a Chinese smartphone was found spying on its users. It had happened before as well, China has been known for its Digital Spying and privacy invasion.

Recently, a German security firm claimed that a popular Chinese Android Smartphone, the Star N9500, came pre-installed with a Trojan that could allow manufacturer to spy onto their users’ comprising their personal data and conversations without any restrictions and users knowledge.

Later in mid-June, the breach on the Star N9500 could allow an attacker to record phone callsautomatically, read emails and text messages, and remotely control the phone’s microphone and camera, in order to turn users’ smartphone into a bugging device that allows hackers to hear anything you are saying near by the phone. It could also be used for theft, including granting access to the user’s online banking service.

UPDATE
In a blogpost, Hugo Barra from Xiaomi company denies all the spying allegations made by F-Secure and other security experts.

"MIUI does not secretly upload photos and text messages. MIUI requests public data from Xiaomi servers from time to time. These include data such as preset greeting messages (thousands of jokes, holiday greetings and poems) in the Messaging app and MIUI OTA update notifications, i.e. all non-personal data that does not infringe on user privacy." he said.

Xiaomi's Mi Cloud Service is able to backup and manage users' personal information in the cloud, as well as can sync details with other devices.

Hugo announced that from today users' will be able to turn OFF Mi Cloud Service manually from the device settings after getting new device updates from the company.

"We have scheduled an OTA system update for today (Aug 10th) to implement this change. After the upgrade, new users or users who factory reset their devices can enable the service by visiting “Settings > Mi Cloud > Cloud Messaging” from their home screen or “Settings > Cloud Messaging” inside the Messaging app — these are also the places where users can turn off Cloud Messaging." he added.

Researcher Uncovers Vulnerability Oracle Data Redaction Security Feature

Oracle’s newly launched Data Redaction security feature in Oracle Database 12c can be easily disrupted by an attacker without any need to use exploit code, a security researcher long known as a thorn in Oracle's side said at Defcon.

Data Redaction is one of the new Advanced Security features introduced in Oracle Database 12c. The service is designed to allow administrators to automatically protect sensitive data, such as credit card numbers or health information, during certain operations by either totally obscuring column data or partially masking it.

But according to David Litchfield, a self-taught security researcher who found dozens and dozens of critical vulnerabilities in Oracle’s products, a close look at this Data Redaction security feature help him found a slew of trivially exploitable vulnerabilities that an attacker don't even need to execute native exploit code to defeat the feature.

David Litchfield is a security specialist at Datacomm TSS and the author of The Oracle Hacker’s Handbook, For many years, he was one of the top bug hunters in the game and specialized in digging into the Oracle’s database products and breaking them.

Data redaction feature is actually a "great idea", Litchfield said during a talk at the Black Hat USA 2014 conference on Wednesday. But unfortunately, the feature is so thoroughly riddled with basic security vulnerabilities that it is trivial for attackers to bypass it.

“If Oracle has a decent security development lifecycle in place anyone would have found these flaws and stopped them in tracks, Litchfield said. “Anyone with a modicum of SQL would have found these bugs.”

The database security expert found many methods to bypass the data redaction feature and tricking the system into returning data that should be actually masked in Oracle Database 12c.

Litchfield then started giving a live demonstration of some of many flaws he had discovered in Oracle’s data redaction feature, some of which were previously documented in his paper PDF.

The first method is to use the "RETURNING INTO" clause after a DML operation. This clause allows data to be returned into a variable - a big failure on Oracle's part that he said could be used to bypass Oracle data redaction, which would have been discovered by conducting only a penetration test.

A second method he found is essentially a brute force attack on the data in a redacted column in a database.

“Another way to gain access to the data is with an iterative inference attack. It is possible to access data in a SELECT’s WHERE clause. This gives an attacker the opportunity to essentially guess or brute-force the data in a redacted column using a WHERE data LIKE predicate. Consider the following PL/SQL procedure. This simply tests the value of a given character at a given offset into the string. When it gets the first character correct it moves on to the next character and so on until all 16 characters of the credit card have been ascertained,” he said in the paper.

Litchfield said that the methods he found were so simple and so easily done that he doesn't even feel right to call them exploits.

“There are issues that are trivial to find. They’re still not learning the lessons that people were leaning in 2003,” he said. “It’s 2014 and yet I’m still able to sit down and in the space of a few minutes find a bunch of things that I can send to Oracle as exploitable.”

The data redaction bypass flaws have been patched, but Litchfield said he recently sent Oracle a critical flaw that enables a user gain control of the database, which isn't patched yet but is in the pipeline. This shows that its Java security problems still persist.

How to Weaponize your Cat to Hack Neighbours’ Wi-Fi Passwords

What do you expect from your cat to come back with?? Perhaps with a mouse or a bird – none of your use. But what if she come back with your neighbours’ wifi details? Really Interesting!

A creative security researcher has found a way to use his pet cat mapping dozens of vulnerable Wi-Fi networks in his neighborhood.

Gene Bransfield, a security researcher with Tenacity, managed to turn his wife’s grandmother’s pet cat Coco into a roaming detector for free Wifi networks by just using a custom-built collar, which was made from a Wi-Fi card, GPS module, Spark Core chip, battery and some fetching leopard print fabric.

Bransfield dubbed his experiment “Warkitteh” – on the concept of “Wardriving”, where hackers used unsecured Wi-Fi connections from a parked car. He decided to turn his cat into a hacker because he found the idea amusing, and also because cats are the one that consumes as much as 15 per cent of internet traffic, with the popularity among the internet users.

Bransfield explained his experiment “Warkitteh” at DefCon, a hacker conference that is taking place this weekend in Las Vegas, in his talk titled “How to Weaponize your Pets”.

The WarKitteh collar isn't meant to be a serious hacking tool, more of a joke to see what's possible. 

“My intent was not to show people where to get free Wi-Fi. I put some technology on a cat and let it roam around because the idea amused me,” Bransfield, who works for the security consultancy Tenacity told Wired. “But the result of this cat research was that there were a lot more open and WEP-encrypted hot spots out there than there should be in 2014.”

During a three hour trip through the neighbourhood, his pet cat Coco mapped 23 unique wifi networks, including four routers that used an old, easily-broken encryption and four routers that were left unprotected entirely and could be easily broken.

Bransfield mapped those WiFi networks in a program created by an Internet collaborator that uses Google Earth’s API, which is demonstrated in the video given below(Youtube video removed). The number of vulnerable access WiFi points were really surprising for Bransfield. According to him, several WEP connections were Verizon FiOS routers left with their default settings unchanged.