Speeding up and strengthening HTTPS connections for Chrome on Android

Speeding up and strengthening HTTPS connections for Chrome on Android:
Earlier this year, we deployed a new TLS cipher suite in Chrome that operates three times faster than AES-GCM on devices that don’t have AES hardware acceleration, including most Android phones, wearable devices such as Google Glass and older computers. This improves user experience, reducing latency and saving battery life by cutting down the amount of time spent encrypting and decrypting data. 

To make this happen, Adam Langley, Wan-Teh Chang, Ben Laurie and I began implementing new algorithms -- ChaCha 20 for symmetric encryption and Poly1305 for authentication -- in OpenSSL and NSS in March 2013. It was a complex effort that required implementing a new abstraction layer in OpenSSL in order to support the Authenticated Encryption with Associated Data (AEAD) encryption mode properly. AEAD enables encryption and authentication to happen concurrently, making it easier to use and optimize than older, commonly-used modes such as CBC. Moreover, recent attacks against RC4 and CBC also prompted us to make this change. 

The benefits of this new cipher suite include:

• Better security: ChaCha20 is immune to padding-oracle attacks, such as the Lucky13, which affect CBC mode as used in TLS. By design, ChaCha20 is also immune to timing attacks. Check out a detailed description of TLS ciphersuites weaknesses in our earlier post.
• Better performance: ChaCha20 and Poly1305 are very fast on mobile and wearable devices, as their designs are able to leverage common CPU instructions, including ARM vector instructions. Poly1305 also saves network bandwidth, since its output is only 16 bytes compared to HMAC-SHA1, which is 20 bytes. This represents a 16% reduction of the TLS network overhead incurred when using older ciphersuites such as RC4-SHA or AES-SHA. The expected acceleration compared to AES-GCM for various platforms is summarized in the chart below.

As of February 2014, almost all HTTPS connections made from Chrome browsers on Android devices to Google properties have used this new cipher suite. We plan to make it available as part of the Android platform in a future release. If you’d like to verify which cipher suite Chrome is currently using, on an Android device or on desktop, just click on the padlock in the URL bar and look at the connection tab. If Chrome is using ChaCha20-Poly1305 you will see the following information:

ChaCha20 and Poly1305 were designed by Prof. Dan Bernstein from the University of Illinois at Chicago. The simple and efficient design of these algorithms combined with the extensive vetting they received from the scientific community make us confident that these algorithms will bring the security and speed needed to secure mobile communication. Moreover, selecting algorithms that are free for everyone to use is also in line with our commitment to openness and transparency.

We would like to thank the people who made this possible: Dan Bernstein who invented and implemented both ChaCha/20 and Poly1305, Andrew Moon for his open-source implementation of Poly1305, Ted Kravitz for his open-source implementation of ChaCha20 and Peter Schwabe for his implementation work. We hope there will be even greater adoption of this cipher suite, and look forward to seeing other websites deprecate AES-SHA1 and RC4-SHA1 in favor of AES-GCM and ChaCha20-Poly1305 since they offer safer and faster alternatives. IETF draft standards for this cipher suite are available here and here.

10 Hacking Tools Of Android

 

1.Hackode

Hackode : The hacker's Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

2.androrat

Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

3.APKInspector

APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualise compiled Android packages and their corresponding DEX code.

4.DroidBox

DroidBox is developed to offer dynamic analysis of Android applications.

5.Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

6.zANTI

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

7.Droid Sheep

DroidSheep can be easily used by anybody who has an Android device and only the provider of the webservice can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the webservice.

8.dSploit

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

9.AppUse – Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.

10.Shark for Root

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.

Whatsapp Account Hacking Method

Whatsapp hack to spy on some other account:

So if all of you have noticed you cannot have your whatsapp account logged in two devices. Means session is given to only one MAC address. If the MAC (Media Access Control) address of the device seeking access changes then whatsapp asks you to again verify your account.

How to Hack Whatsapp Account

All you need is to get access to victim phone to get the victims phone “MAC address along with the verifying massage” which is acquired to verify your device.

• Get mac address on your android phone.
• Finding MAC address on an Android Phones
• On your phone’s home screen, click on menu, then go to setting.
• Click on about phone.
• Click on the status.
• And then view your Wi-Fi MAC address.
• As soon the message is received Push the MAC address as well as Verifying code to your server or mail it your ID. That banks on your convince.
• Cheat your phone’s MAC address to the Victims address and install whatsapp and after that type the verify code.
• And now its done. You get full access to the victim’s whatsapp ID. So now you can keep spying/watching your victim’s movements.
• That means you and the victim is using the same ID from different devices.
• Whatsapp hack to use it by not using your number
• This hack works by cheating the Whatsapp Verification Servers by sending a spoofed request for an authorisation code expected for a different phone.
• Install Whatsapp on your device. Whatsapp now opens a counter where it sends a verification message to its servers.
• Block the message service – it can be blocked by changing the message centre number or turning the phone into Airplane mode.

Whatsapp now gives a substitute method of verification – Select verify through SMS and fill in your email address. Once you click to send the SMS press cancel to abort the call for authorisation to the Whatsapp server.

• Now you have to do sms Spoofing.
• Examine your outbox and copy the message details into the spoofer application and send the spoofed verification.
• You will now receive messages expected for the spoofed number on your mobile device and you can communicate with people under the spoofed number.

Note:- This information has been shared to create awareness among people regarding the “Ways to Hack Whatsapp” so that you can protect yourself from getting hacked. In no way do we promote misusing of the information.

Now that you know How to Hack Whatsapp account, you are good to protect yours.

Bypass Android Pattern unlock.

[3 STEPS!]
Requirements :
Linux distro
Android phone
USB cable
ADB
Step 1.
1.Connect your phone to your PC
using USB cable.
Step 2. - Installing ADB over terminal
1.Boot into any Linux distro you
have.
2.Open up terminal and type :
Quote:sudo apt-get install android-
tools-adb
This will install ADB.
Step 3. - Disabling pattern unlock
over terminal
1.Open up terminal again and type :
Quote:adb devices
adb shell
cd data/system
su
rm *.key
Now,disconnect your phone and
reboot.Unlock pattern should be
here.Just try some random gesture
and it will unlock.