iPhone 5 and 4 Hacked with same Exploit

iPhone 5 is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam.
As we reported that Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.
The vaunted security of the iPhone (4S) took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable.
“We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack,” Pol said. The duo won $30,000 for their efforts.
A good thief can hack into your personal data given enough time, we estimate that may mean a full working day of hacking.

Android 4.0.4 multiple Zero-Day Vulnerabilities

The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam.
Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption.
“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” MWR InfoSecurity said in a statement. “The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”
The attacker, for instance, gets access to all SMS messages, pictures, emails, contact information and much more. The payload is very advanced, so attackers can “basically do anything on that phone,” the researchers said.
How this Works:
1.) The first, a memory corruption flaw, was exploited via NFC (by holding two Galaxy S 3s next to each other) to upload a malicious file, which in turn allowed the team to gain code execution on the device.
2.) The malware then exploited a second vulnerability to gain full control over the device using privilege escalation. This undermined Android’s app sandbox model, allowing the attackers to install their customised version of Mercury, the company’s Android assessment framework.
3.) Mercury was then used to exfiltrate user data on the device (such as contacts, emails, text messages, and pictures) to a remote listener.
Researchers also said that,”Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android’s linker) and /system/bin/app_process, which is responsible for starting applications on the device. Other protections which would make exploitation harder were also found to be absent.”
MWR Labs, which won $30,000 for its hack, is planning a more technical blog post detailing the process of finding and exploiting this bug.
Also, a Dutch research Joost Pol , CEO of Certified Secure, a nine-person research outfit based in The Hague hack into Apple’s iPhone 4S from scratch, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.
They used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a “clean, working exploit.”
During the Pwn2Own attack, Pol created a web site that included an amusing animation of the Certified Secure logo taking a bite of the Apple logo. The drive-by download attack did not crash the browser so the user was oblivious to the data being uploaded to the attacker’s remote server. “If this is an attack in the wild, they could embed the exploit into an ad on a big advertising network and cause some major damage.”
The duo destroyed the exploit immediately after the Pwn2Own hack. “We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge,” Pol said.He provided the vulnerability and proof-of-concept code that demonstrates the risk to contest organizers at HP TippingPoint Zero Day Initiative (ZDI).

Android 4.0.4 multiple Zero-Day Vulnerabilities

The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam.
Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption.
“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” MWR InfoSecurity said in a statement. “The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”
The attacker, for instance, gets access to all SMS messages, pictures, emails, contact information and much more. The payload is very advanced, so attackers can “basically do anything on that phone,” the researchers said.
How this Works:
1.) The first, a memory corruption flaw, was exploited via NFC (by holding two Galaxy S 3s next to each other) to upload a malicious file, which in turn allowed the team to gain code execution on the device.
2.) The malware then exploited a second vulnerability to gain full control over the device using privilege escalation. This undermined Android’s app sandbox model, allowing the attackers to install their customised version of Mercury, the company’s Android assessment framework.
3.) Mercury was then used to exfiltrate user data on the device (such as contacts, emails, text messages, and pictures) to a remote listener.
Researchers also said that,”Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android’s linker) and /system/bin/app_process, which is responsible for starting applications on the device. Other protections which would make exploitation harder were also found to be absent.”
MWR Labs, which won $30,000 for its hack, is planning a more technical blog post detailing the process of finding and exploiting this bug.
Also, a Dutch research Joost Pol , CEO of Certified Secure, a nine-person research outfit based in The Hague hack into Apple’s iPhone 4S from scratch, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.
They used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a “clean, working exploit.”
During the Pwn2Own attack, Pol created a web site that included an amusing animation of the Certified Secure logo taking a bite of the Apple logo. The drive-by download attack did not crash the browser so the user was oblivious to the data being uploaded to the attacker’s remote server. “If this is an attack in the wild, they could embed the exploit into an ad on a big advertising network and cause some major damage.”
The duo destroyed the exploit immediately after the Pwn2Own hack. “We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge,” Pol said.He provided the vulnerability and proof-of-concept code that demonstrates the risk to contest organizers at HP TippingPoint Zero Day Initiative (ZDI).

Android 4.0.4 multiple Zero-Day Vulnerabilities

The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam.
Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
NFC is a technology that allows data to be sent over very short distances. For mobile devices, the protocol allows digital wallet applications to transfer money to pay at the register. While the technology has been slow to take off, despite the adoption by Google for its Wallet payment application, a number of recent high-profile announcements have boosted its adoption.
“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” MWR InfoSecurity said in a statement. “The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”
The attacker, for instance, gets access to all SMS messages, pictures, emails, contact information and much more. The payload is very advanced, so attackers can “basically do anything on that phone,” the researchers said.
How this Works:
1.) The first, a memory corruption flaw, was exploited via NFC (by holding two Galaxy S 3s next to each other) to upload a malicious file, which in turn allowed the team to gain code execution on the device.
2.) The malware then exploited a second vulnerability to gain full control over the device using privilege escalation. This undermined Android’s app sandbox model, allowing the attackers to install their customised version of Mercury, the company’s Android assessment framework.
3.) Mercury was then used to exfiltrate user data on the device (such as contacts, emails, text messages, and pictures) to a remote listener.
Researchers also said that,”Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android’s linker) and /system/bin/app_process, which is responsible for starting applications on the device. Other protections which would make exploitation harder were also found to be absent.”
MWR Labs, which won $30,000 for its hack, is planning a more technical blog post detailing the process of finding and exploiting this bug.
Also, a Dutch research Joost Pol , CEO of Certified Secure, a nine-person research outfit based in The Hague hack into Apple’s iPhone 4S from scratch, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.
They used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a “clean, working exploit.”
During the Pwn2Own attack, Pol created a web site that included an amusing animation of the Certified Secure logo taking a bite of the Apple logo. The drive-by download attack did not crash the browser so the user was oblivious to the data being uploaded to the attacker’s remote server. “If this is an attack in the wild, they could embed the exploit into an ad on a big advertising network and cause some major damage.”
The duo destroyed the exploit immediately after the Pwn2Own hack. “We shredded it from our machine. The story ends here, we’re not going to use this again. It’s time to look for a new challenge,” Pol said.He provided the vulnerability and proof-of-concept code that demonstrates the risk to contest organizers at HP TippingPoint Zero Day Initiative (ZDI).

5 Cons of Windows 8

Will Windows 8 work on the desktop? It’s a worrying element of Windows 8

I’m excited about Windows 8, generally, though there are worries. I’m worried about how the operating system’s new Metro UI interface works on the desktop. I’m worried about app development. I’m worried about how productive the new interface is.

1. Unnecessary Size

Using large icons in a tablet environment is fine, because the experience needs to be made simple. However increasing the complexity of the input method (mouse and keyboard) means the use experience should increase in complexity. Modern UI introduces large and colorful tiles that takes up the whole of the screen when clicked, and on large monitors that seems like wasted space.

2. Reducing The Operating System’s Speed

Windows 8 is fast, and uses less resources, though the speed of the OS seems reduced when you’re using a mouse. Instead of swiping you’re scrolling, and activating the charms bar in the right-hand side becomes a rather fiddly process.

3. Form Over Function

Long-term Windows users may move over to Windows 8 and asks why the Metro desktop is going to be used, with the apps — the titles — reducing productivity. Users can still Alt + Tab, though cannot launch apps through the search bar like in the traditional start screen. If Microsoft is to convince users to switch to Metro, then productivity and presentation have to be balanced.

4. Inevitable Preference

With two versions of Windows 8 running simultaneously, there is inevitably going to be a preference for users. Enterprise users, for example, will probably want an experience similar to Windows 7/Windows XP. Metro is not that similar experience.

By extension, if users preferring the desktop side of Windows 8 constantly get bumped back to the Modern UI side then users could become disillusioned.

5. Big Bet on Modern UI

Microsoft is clearly pushing its new tile-based user interface, perhaps preceding a Modern UI-only world. For that to work developers have to be onboard, and the install base needs to be able available to legitimise development.

5 Pros of Windows 8

5 Pros of Windows 8

Windows 8 is going to cause controversy, though it has a few good points

I’m definitely excited about Windows 8, mainly because it’s unproven. So despite not being proven, what are feature we’re excited about?

1. A New Kind Of App Development

Look, iOS and Android have — fundamentally — the same style of apps. They’re represented through circular icons that are arranged in a grid, at least by default when we’re talking about Android. Modern II, formerly Metro, is a little different. Apps are represented through tiles, rectangular on Windows 8, and primarily focus on the app’s experience when running. Take Internet Explorer 10, for example: it removes the search bar when not in use.

2. Faster Than Windows 7

Yes, Windows 8 is a super fast operating system. Just look at the boot time — it’s about two second so you’re sitting around for the couple of seconds Windows 8 is booting up doing nothing.

3. Desktop Still Exists

There will be times where using Modern UI just doesn’t cut the producitivity we need. So then the desktop environments is used, with an almost-identical Windows 7 experience. The only difference is the lack of a start orb/button; instead, hovering the mouse in bottom left-jand corner will shown a thumbnail of your Modern UI start screen.

Refinement Across Operating System

4. No Games for Windows Live

Games For Windows Live isn’t very good. Games just don’t run well, the Xbox Live integration is satisfactory, and it doesn’t look great. Games for Windows 8 changes that, bringing the New Xbox Experience. We’re also getting a store for games, and some — at least — will be playable on a Windows 8 device and the Xbox 360 (and presumably the next-generation Xbox). Providing your hardware is up to snuff.

It may also be a hint towards the experience we’re going to be getting in the new Xbox console, considering the refinements Microsoft is making annually with the dashboard.

5. A Cog In a Bigger Wheel

Microsoft wants to create an integrated ecosystem, and that’s done through the Modern UI across Windows 8 and Windows Phone 8. That also means consistent app development.

PowerPoint Presentation On Surveying

PPT On Surveying
Download

Presentation Transcript:

1. What is Surveying
Surveying has traditionally been defined as the science, art, and technology of determining the relative positions of points above, on , or beneath the earth’s surface, or of establishing such points. Surveying can be regarded as that discipline which encompasses all methods for measuring and collecting information about the physical earth and our environment, processing that information , and disseminating a variety of resulting products to a wide range of clients. Surveying processional activities involve on, above, or below the surface of the land or the sea, and may be carried out in association with other professionals.

2. History of Surveying
1.Germination About 1400 B.C.
2.The Earth’s Size and Shape 200 B.C.
3.Development of Science of Geometry 120 B.C.
4.Roman Engineer and Surveyor The first century
5.New technologies 18th and 19th century

3. Importance of Surveying
Map the earth above and below sea level Prepare navigational charts Establish property boundaries Develop data banks of land-use and natural resource information Determine facts on the size, shape, gravity, and magnetic fields Prepare charts of our moon and planets

4. Classification of Surveying
Plane Survey instruments are very simple, Consisting of a plane table, A small drawing table mounted on a tripod A table can be leveled and rotated. This provided a base for the alidade, the telescopic surveying device from which observations were made.

5. Plane Surveys
The rotation of the alidade was analogous to the rotation of a compass, it provides a horizontal angle, i.e. a compass direction. The locations of lines and points are plotted directly on the drawing paper. Setting up the table must be leveled it is oriented correctly with a reference meridian (e.g. north line). The table is moved and re-oriented at each station along the survey route.

6. Geodetic Surveys
Covers distances large enough that curvature of Earth is significant Establishes network of precisely located control points
7. National Geodetic Survey
Functions: Defines & manages the National Spatial Reference System Sets standards for geodetic surveys Maintains a database of U.S. geodetic markers

8. Specialized Types of Surveys
Control surveys Topographic surveys Land, boundary, and cadastral surveys Hydrographics surveys Route surveys As-built surveys Mine surveys Solar surveys Optical tooling Ground, aerial, and satellite surveys

9. New Technologies for Surveying and Mapping
Electronic Total Station Instruments Global Positioning System (GPS) Digital Photogrammetric Systems Land and Geographic Information system (LIS/GIS)

Thanking you.............