Welcome, Guest |
You have to register before you can post on our site.
|
|
|
Welcome Guest!
|
Welcome to the Promo2day Community, where we feature software giveaways, computer discussion, along with a fun, safe atmosphere! If your reading this it means you are not yet registered.
You will need to Register before you can make posts, chat or enter the forum giveaways.
Be sure to also visit the Help/FAQ page.
|
Chinese App Creates Another App Store Inside Apple's iOS App Store |
Posted by: tarekma7 - 02-24-2016 , 12:20 PM - Forum: Phones & Tablets News
- No Replies
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
![[Image: 5seMdjx.jpg]](http://i.imgur.com/5seMdjx.jpg)
Chinese devs hide app store inside an educational iOS app
The Chinese developers of an app called 开心日常英语 (Happy Daily English) have found a way to go around Apple's review process and embed a fully functional iOS app store inside their application and had it hosted on the official iOS App Store itself.
The developers of this app, a Chinese company named XY Helper, have done this by creating a fully working iOS app that exhibits two different behaviors based on the user's geographical location.
For non-Chinese users, the app would be a simple educational app that taught Chinese users English, but for Chinese users, the app would transform itself into an app store that allowed them to install rogue, pirated or cracked apps using various tricks, without requiring users to go through the side-loading process.
Double-faced behavior fools Apple's reviewers
The app got approved and added to Apple's website when the iOS App Store reviewers accessed the app, from somewhere outside China, and didn't notice anything strange, seeing its educational interface.
But as Palo Alto security researchers are explaining, this app followed all the legal procedures not to give itself away, and then installed third-party apps on user phones without triggering any alarms.
Its bag of tricks includes the re-implementation of a tiny Windows Apple iTunes client. This allowed users to download and even purchase apps from third-party stores using a realistic Apple interface.
The store-in-store app (codenamed ZergHelper by security researchers) also recorded some of Apple's Xcode IDE functions, so ZergHelper would automatically generate app development certificates, right from Apple's server. These certificates would then be used on a per-client basis to sign the rogue applications it would be installing.
For some users, the app captured their Apple IDs
The app also asked users to re-type their Apple IDs in order to generate these certificates in their names. For some users, ZergHelper reused Apple IDs so that it wouldn't attract too much attention.
On top of this, ZergHelper was coded in Lua, a programming language that allowed the developers to dynamically update the app, but without going through Apple's app review process. This technique allowed the developers to change the app's behavior without the risk of being discovered during subsequent updates, something akin to the JSPatch library.
The malicious store-in-store app existed on the official App Store from October 30, 2015, to February 19, 2016. Palo Alto says it noticed ZergHelper distributing over 50 apps rogue apps.
Source
|
|
|
Baidu Browser Acts like a Mildly Tempered Infostealer Virus |
Posted by: tarekma7 - 02-24-2016 , 12:16 PM - Forum: Security News
- Replies (1)
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
Baidu Browser collects user's personal information
The Baidu Web browser for Windows and Android exhibits behavior that could easily allow a security researcher to categorize it as an infostealer virus because it collects information on its users and then sends it to Baidu's home servers.
Baidu Browser is the Chinese clone of Google Chrome, with Baidu being a Web search company in China, just like Google, and the browser a spin-off from the Chromium project, just like Google Chrome.
An intrusion of user privacy
According to Citizen Lab researchers, the browser engages in the now-obligatory habit of collecting user details, which many software and Web-based services also do, "for analytics purposes."
The problem is that the Baidu Browser collects and then sends this information via unencrypted or easily decryptable connections.
During tests, researchers say that the Android version collects data about the user's operating system, the phone's IMEI, browsing history, search terms history, the phone's last GPS coordinates, and nearby wireless networks and local MACs.
On the other hand, the Windows version also collects data like the user's search history, browsing history, MAC address, CPU model, hard disk drive model and serial number, and file system volume number.
The browser collects and sends this information on startup, when the user starts typing content in their address bar, and on any page view.
Information collection behavior narrowed down to an SDK
Obviously, this is an intrusion of the user's privacy and something you wouldn't expect your browser to be collecting. This very same behavior is often found in infostealer (information stealer) malware that's usually deployed to collect information on targets before deploying more complex threats like ransomware, Bitcoin miners, spyware, or banking trojans.
Citizen Lab researchers narrowed down the information leakage issues to a common SDK, Baidu Mobile Tongji (Analytics) SDK, used for both the Android and Windows versions.
Together with mobile security firm Lookout, the researchers identified this SDK inside 22,548 app packages. Back in November 2015, researchers from Trend Micro identified a similar Baidu SDK, which could be found in 14,112 Android apps and included features that could be abused to install backdoors on all infected devices.
Insecure updates allow MitM attacks
But Baidu Browser's issues didn't stop here. Researchers also discovered that the browser checks and downloads updates but does not use code signatures. This practice exposes users to MitM (Man-in-the-Middle) attacks that allow an attacker to send malicious files to users disguised as a Baidu update.
Researchers say that they informed Baidu of all their issues, which the company started to address through updates to both the Android and Windows version on February 14, 2016. Some information leaks are still active.
Baidu also agreed to answer a list of questions regarding the browser's behavior. The answers can be viewed here.
In May 2015, the same Citizen Lab researchers analyzed another Chinese Web browser (UC Browser) and found a slew of issues in that product as well.
Source
|
|
|
Emsisoft Anti-Malware |
Posted by: tarekma7 - 02-24-2016 , 11:45 AM - Forum: Paid
- Replies (2)
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
![[Image: eam_monitor_800.jpg]](http://www.emsisoft.com/tl_files/images/eam_monitor_800.jpg)
Emsisoft Anti-Malware offers comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits. The product includes two powerful anti-malware scanners (Emsisoft Anti-Malware, and the Bitdefender's engine) and 3 guards (file guard, behavior blocker and surf protection) to protect against new threats. Unlike conventional protection systems Emsisoft Anti-Malware does not only check files, but it also constantly monitors the behavior of all active programs and raises an alarm as soon as something suspicious happens, additionally the surf protection blocks malicious websites before they can plant malware on your system. 30 day trial/freeware - Can be unlocked to a full version by purchasing a license. Switches to freeware scanner mode on license expiry.
Current version: 11.0.0.6131 Hotfix(3)
Stable Updates [Feb, 23, 2016]
Emsisoft Anti-Malware & Emsisoft Internet Security 11.0.0.6131 Hotfix(3) released.
This update will require a computer restart.
Fix: Occasional BSOD during installation.
Homepage
Changelog
Download
|
|
|
MakeMe3D |
Posted by: tarekma7 - 02-24-2016 , 10:13 AM - Forum: External Giveaways/Contests
- Replies (2)
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
![[Image: lilowvv.png]](http://i.imgur.com/lilowvv.png)
3D technology has become very popular in recent years, mainly due to it being used in major film productions such as Avatar. Company Engelmann went a further step and allows anyone can create a 3D movie through MakeMe3D software, an application that can convert any video formats from 2D video 3D format. Creating a 3D movie will increase the sense of content as well as fun, close to the viewer. The success of the application to convert video formats thanks to the algorithms include the classification of objects and motion analysis.
MakeMe3D supports most popular video formats such as DVD, AVI, WMV, MP4, 3GP, or MPG. With the default settings, easy to customize and change resolution video tail, make the output of the film can work well on different devices like iPhone, iPad, or TV. Users can also edit the brightness, picture frame effect, increasing the quality of the output. To view the film was converted by MakeMe3D then you need to have a device that supports 3D movie playback on the TV, projector, or 3D glasses. MakeMe3D is a professional software for converting video from the usual format through 2D and 3D formats vice versa. According to her, the transition time between formats is pretty fast. With high-quality formats such as mkv full hd or it may take longer time 10-15 minutes
MakeMe3D supports converting video output compatible with multiple monitors, 3D glasses and film projection equipment, different 3D image. Includes use of technology Anaglyph glasses include different colors such as red, blue, green, red, yellow, brown …. Moreover MakeMe3D also allows you to add some other 3D effects, make your movie with the best Output
Giveaway expiration date: 2016-03-01
Get The Key:
https://www.pnlm.de/r/get/makeme3d/
Download:
http://download.engelmann.com/makeme3d.exe
|
|
|
MiniTool Power Data Recovery Personal Edition |
Posted by: tarekma7 - 02-24-2016 , 10:10 AM - Forum: External Giveaways/Freebies
- No Replies
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
![[Image: 1fhOG4Z.jpg]](http://i.imgur.com/1fhOG4Z.jpg)
It not only helps you recover deleted files, but also recovers data from damaged, reformatted hard drive as well. Furthermore, MiniTool Power Data Recovery not only recovers data from hard disk and RAID device, but also supports to recover data from CD, DVD disks, memory card, memory stick, and flash drive.
As a data recovery software suite, MiniTool Power Data Recovery includes five data recovery modules – Undelete Recovery, Damaged Partition Recovery, Lost Partition Recovery, Digital Media Recovery and CD/DVD Recovery. Each data recovery module focuses on different data loss condition.
And we provide Power Data Recovery Boot Disk for you. With our Data Recovery Boot Disk, you could recover data after system crash, hard drive crash and booting problems without Operating System.
Giveaway expiration date: 2016-02-28
https://topwaresale.com/product/minitool...-giveaway/
|
|
|
Free Xvirus Personal Firewall PRO |
Posted by: tarekma7 - 02-24-2016 , 09:53 AM - Forum: External Giveaways/Freebies
- No Replies
|
![](https://www.promo2day.com/uploads/avatars/avatar_34.jpg?dateline=1442852890) |
Description
Xvirus Personal Firewall PRO is a lightweight, easy-to-use firewall for Windows. With features such as blocking untrusted programs, network monitor, ransom checker, and cloud check, Xvirus Personal Firewall PRO provides you with everything you need for additional protection against hackers — without slowing down your computer. - Protects you from hackers
- Manage program’s access to the internet
- Easy to use and light
- Protects you from malware
- Protects you from ransomware
- Cloud Protection
Sale ends in 3 days 23 hours Price: 19.99$ Now FREE
http://sharewareonsale.com/s/xvirus-pers...oupon-sale
|
|
|
|