Here's a nice example of a c++ code using
GNU GCC/Code::Blocks for parsing switch
parameters the proper way, meaning for
example, a user can change the order of
them, without the code messing up. By using
some logic, it connects the proper value to the
desired switches:
https://github.com/stephanvandekerkhof/cpp-
switch-parameter-parser-example
Have a nice Friday!
GNU GCC/Code::Blocks for parsing switch
parameters the proper way, meaning for
example, a user can change the order of
them, without the code messing up. By using
some logic, it connects the proper value to the
desired switches:
https://github.com/stephanvandekerkhof/cpp-
switch-parameter-parser-example
Have a nice Friday!
Tools You can Use to Hack on Android
Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools you can use to hack devices and systems on Android:
Prerequisite:
Before we start, you're gonna need some gear:
1. Assuming you've installed Termux, type and run the commands
Now that you're up-to-date, let's begin.
Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools you can use to hack devices and systems on Android:
Prerequisite:
Before we start, you're gonna need some gear:
1. Assuming you've installed Termux, type and run the commands
apt-get update followed by apt-get upgrade > This will update all packages installed on your device to the latest version.Now that you're up-to-date, let's begin.
Tech Byte™
Tools You can Use to Hack on Android Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools…
1. AhMyth Android RAT
The Remote Access Tool that can be used to remotely take complete control of another Android device.
Install it entering this command on the terminal:
This will only work if you already have the package "git" installed, if you don't, install it using
The Remote Access Tool that can be used to remotely take complete control of another Android device.
Install it entering this command on the terminal:
git clone https://github.com/AhMyth/AhMyth-Android-RAT.gitThis will only work if you already have the package "git" installed, if you don't, install it using
pkg install git or apt-get install git, then try again.
Tech Byte™
Tools You can Use to Hack on Android Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools…
2. Weeman
This tool can be used to create phishing (fake login) pages of websites. When you send the link to the fake page to your victim, and their enter their login credentials, their login and password will be sent to you.
Install "python" or "python2" first:
Now install weeman by cloning the github repository:
This tool can be used to create phishing (fake login) pages of websites. When you send the link to the fake page to your victim, and their enter their login credentials, their login and password will be sent to you.
Install "python" or "python2" first:
pkg install python or pkg install python2, you can use apt-get as well, it works just as good as pkgNow install weeman by cloning the github repository:
git clone https://github.com/evait-security/weeman
Tech Byte™
Tools You can Use to Hack on Android Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools…
3. Metasploit
Remember when we hacked Facebook using Kali, and we used metasploit? Well, it's the same here, except this has been ported to Android.
Installing metasploit is a bit trickier than most packages, it requires a whole new tutorial of itself, but we'll use the easy method, cloning the git repo, metasploit is a big archive so you need at least 4GB free space and a fast, stable internet connection:
• Clone the github repo >
• Get into the directory
• Give the required permissions for "install.sh"
• Install it
• After the installation, run metasploit
Remember when we hacked Facebook using Kali, and we used metasploit? Well, it's the same here, except this has been ported to Android.
Installing metasploit is a bit trickier than most packages, it requires a whole new tutorial of itself, but we'll use the easy method, cloning the git repo, metasploit is a big archive so you need at least 4GB free space and a fast, stable internet connection:
• Clone the github repo >
git clone https://github.com/verluchie/termux-metasploit• Get into the directory
cd termux-metasploit• Give the required permissions for "install.sh"
chmod 777 install.sh• Install it
sh install.sh• After the installation, run metasploit
msfconsole
Tech Byte™
Tools You can Use to Hack on Android Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools…
4. Hydra
This is a network login cracker and password bruteforcer. Supports multiple protocols and custom wordlists.
This is a network login cracker and password bruteforcer. Supports multiple protocols and custom wordlists.
pkg install hydra
Tech Byte™
Tools You can Use to Hack on Android Kali, the best hacking OS, is based on Linux, luckily for us, so is Android. With the Termux terminal emulator, you can install and use most tools and packages supported on Kali. I've picked out some of the best tools…
5. Nmap
Utility for network discovery and security auditing.
Utility for network discovery and security auditing.
pkg install nmapThese are my top 5 picks. There are others too, but these work best. I'll provide in-depth tutorials for each one of these tools soon.
Contact me in case you have questions or know a package that you think deserves to be on this list.
Contact me in case you have questions or know a package that you think deserves to be on this list.
💢 WhatsApp Group Chats Can Easily Be Infiltrated
ℹ️A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.
Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.
The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service.
In other words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.
However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.
Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.
As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.
That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.
As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat.
What's more? If you are wondering that adding a new member to the group will show a visual notification to other members, it is not the case.
According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.
"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads.
"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."
WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.
"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired.
"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.
Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrat
ℹ️A more dramatic revelation of 2018—an outsider can secretly eavesdrop on your private end-to-end encrypted group chats on WhatsApp and Signal messaging apps.
Considering protection against three types of attackers—malicious user, network attacker, and malicious server—an end-to-end encryption protocol plays a vital role in securing instant messaging services.
The primary purpose of having end-to-end encryption is to stop trusting the intermediate servers in such a way that no one, not even the company or the server that transmits the data, can decrypt your messages or abuse its centralized position to manipulate the service.
In other words—assuming the worst-case scenario—a corrupt company employee should not be able to eavesdrop on the end-to-end encrypted communication by any mean.
However, so far even the popular end-to-end encrypted messaging services, like WhatsApp, Threema and Signal, have not entirely achieved zero-knowledge system.
Researchers from Ruhr-Universität Bochum (RUB) in Germany found that anyone who controls WhatsApp/Signal servers can covertly add new members to any private group, allowing them to spy on group conversations, even without the permission of the administrator.
As described by the researchers, in the pairwise communication (when only two users communicate with each other) server plays a limited role, but in case of multi-user chats (group chat where encrypted messages are broadcasted to many users), the role of servers increases to manage the entire process.
That's where the issue resides, i.e. trusting the company's servers to manage group members (who eventually have full access to the group conversation) and their actions.
As explained in the newly published RUB paper, titled "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," since both Signal and WhatsApp fail to properly authenticate that who is adding a new member to the group, it is possible for an unauthorized person—not a group administrator or even a member of the group—to add someone to the group chat.
What's more? If you are wondering that adding a new member to the group will show a visual notification to other members, it is not the case.
According to the researchers, a compromised admin or rogue employee with access to the server could manipulate (or block) the group management messages that are supposed to alert group members of a new member.
"The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group, however, leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group," the paper reads.
"Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally, the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces."
WhatsApp has acknowledged the issue, but argued that if any new member is added to a group, let's say by anyone, other group members will get notified for sure.
"We've looked at this issue carefully. Existing members are notified when new people are added to a WhatsApp group. We built WhatsApp so group messages cannot be sent to a hidden user," a WhatsApp spokesperson told Wired.
"The privacy and security of our users is incredibly important to WhatsApp. It's why we collect very little information and all messages sent on WhatsApp are end-to-end encrypted."
But if you are not part of a group with very selected members, I'm sure many of you would relatively ignore such notifications easily.
Researchers also advised companies to fix the issue just by adding an authentication mechanism to make sure that the "signed" group management messages come from the group administrat
Forwarded from RL channels
Have a Telegram channel📢, group💬 or bot🤖 you want to get more followers👥 to? Or maybe it's your brand new YouTube channel, Instagram or Twitter fanpage?
👍I got you covered, I'll advertise your products on my Telegram platforms for a very affordable price and make sure you reach that target you set. Gather loads of views, visits, likes, follows or subs depending on your advert.
💰I accept payments via PayPal, Bitcoin, Etherium or M-Pesa💵
Simply contact me on Telegram or on any of my social media handles for pricing and advertising.
Special NEW YEAR deal for regular clients: Get upto 25% off an advertising package!!
- @romL3N #RLad
👍I got you covered, I'll advertise your products on my Telegram platforms for a very affordable price and make sure you reach that target you set. Gather loads of views, visits, likes, follows or subs depending on your advert.
💰I accept payments via PayPal, Bitcoin, Etherium or M-Pesa💵
Simply contact me on Telegram or on any of my social media handles for pricing and advertising.
Special NEW YEAR deal for regular clients: Get upto 25% off an advertising package!!
- @romL3N #RLad
How to set socks in Mozilla Firefox
Run firefox Go to Options Advanced
setting Network
Now the screen will pop up various options
like : 1. No proxy; 2.Auto Detect; 3.Use system
proxy; 4. Manual proxy configuration.
You mark 4. Manual proxy configuration. Now
type in socks host IP you have, example Socks
Host: 141.0.8.24 Port: 1080
Press ok and restart firefox. Now you are
connected to secure socks5..
When you buy SOCKS always match with card
holder address.
Ex. If CC holder from Delhi,India then u also
buy socks with same address. Atleast
matching State, Country
Run firefox Go to Options Advanced
setting Network
Now the screen will pop up various options
like : 1. No proxy; 2.Auto Detect; 3.Use system
proxy; 4. Manual proxy configuration.
You mark 4. Manual proxy configuration. Now
type in socks host IP you have, example Socks
Host: 141.0.8.24 Port: 1080
Press ok and restart firefox. Now you are
connected to secure socks5..
When you buy SOCKS always match with card
holder address.
Ex. If CC holder from Delhi,India then u also
buy socks with same address. Atleast
matching State, Country
Where is Elon Musk's Tesla Roadster?
On February 6th, 2018, at 2045 UTC, the first Falcon Heavy was launched into space. It contained a very special payload, a Tesla Roadster with Starman. But where is the car?
The current location is about 2100 miles away from Earth. The car was launched into space to orbit into Mars' path.
To track it, visit their aptly named website, whereisroadster.com
On February 6th, 2018, at 2045 UTC, the first Falcon Heavy was launched into space. It contained a very special payload, a Tesla Roadster with Starman. But where is the car?
The current location is about 2100 miles away from Earth. The car was launched into space to orbit into Mars' path.
To track it, visit their aptly named website, whereisroadster.com
Forwarded from RL channels
Jumia Kenya is offering huge discounts and deals on smartphones. Checking out the best phones under Ksh 10,000 and stand a chance to win massive prizes.
https://goo.gl/jgkhgs
https://goo.gl/jgkhgs
Huawei P20 Pro Review | Android Authority
https://www.androidauthority.com/huawei-p20-pro-review-853352/
https://www.androidauthority.com/huawei-p20-pro-review-853352/
Summary of the cryptocurrency news.
Summary of last week of various news and developments related to cryptocurrencies.
➣ New developments:
Santander uses Ripple technology to launch a blockchain payment app
Spanish banking giant Banco Santander recently used Ripple's xCurrent to launch a blockchain-based payment app called "One Pay FX". Reportedly, Santander is now the first bank to implement a blockchain-based international payment service to retail customers in multiple countries simultaneously. The app is available in Spain, Brazil, Poland and the United Kingdom. In the future it will be distributed in other countries. Through a press release, the executive president of the financial institution Ana Botin said:
• "One Pay FX uses blockchain-based technology to provide a fast, simple and secure way to transfer money internationally - offering value, transparency and trust and services that customers expect from a bank like Santander. customers in the UK can use One Pay to transfer money to Europe and the US In Spain, customers can move to the United Kingdom and the United States, while customers in Brazil and Poland can move to the UK. "
➣ World affairs:
Venezuela claims that the ban on Petro di Trump has doubled the number of interested investors
According to reports, the executive secretary of Venezuela's Blockchain Observatory, Daniel Peña, said in an interview that the US Petro (PTR) ban Donald Trump, excluding US citizens and residents from the purchase of cryptocurrency supported by oil, it was actually advantageous as it doubled the number of buyers trying to buy it. Peña implied that if an important person like Trump spent his time dealing with the Petro, it just meant that the country was going in the right direction by throwing it.
According to his words, Venezuela had more or less 400 customers trying to buy the cryptocurrency supported by oil a day before the ban on Petro di Trump. After the ban, the number doubled to 800.
➣ Financial:
Bitcoin at $ 8.046, the market starts to recover
Last week the cryptocurrency market recovered and Bitcoin rose to $ 1,000 in about 30 minutes. The flagship criptovaluta has therefore surprisingly maintained its earnings and managed to remain around $ 8,000. Bitcoin was trading at $ 8.046 last week, while its market capitalization is $ 132 billion.
@TechByte
Summary of last week of various news and developments related to cryptocurrencies.
➣ New developments:
Santander uses Ripple technology to launch a blockchain payment app
Spanish banking giant Banco Santander recently used Ripple's xCurrent to launch a blockchain-based payment app called "One Pay FX". Reportedly, Santander is now the first bank to implement a blockchain-based international payment service to retail customers in multiple countries simultaneously. The app is available in Spain, Brazil, Poland and the United Kingdom. In the future it will be distributed in other countries. Through a press release, the executive president of the financial institution Ana Botin said:
• "One Pay FX uses blockchain-based technology to provide a fast, simple and secure way to transfer money internationally - offering value, transparency and trust and services that customers expect from a bank like Santander. customers in the UK can use One Pay to transfer money to Europe and the US In Spain, customers can move to the United Kingdom and the United States, while customers in Brazil and Poland can move to the UK. "
➣ World affairs:
Venezuela claims that the ban on Petro di Trump has doubled the number of interested investors
According to reports, the executive secretary of Venezuela's Blockchain Observatory, Daniel Peña, said in an interview that the US Petro (PTR) ban Donald Trump, excluding US citizens and residents from the purchase of cryptocurrency supported by oil, it was actually advantageous as it doubled the number of buyers trying to buy it. Peña implied that if an important person like Trump spent his time dealing with the Petro, it just meant that the country was going in the right direction by throwing it.
According to his words, Venezuela had more or less 400 customers trying to buy the cryptocurrency supported by oil a day before the ban on Petro di Trump. After the ban, the number doubled to 800.
➣ Financial:
Bitcoin at $ 8.046, the market starts to recover
Last week the cryptocurrency market recovered and Bitcoin rose to $ 1,000 in about 30 minutes. The flagship criptovaluta has therefore surprisingly maintained its earnings and managed to remain around $ 8,000. Bitcoin was trading at $ 8.046 last week, while its market capitalization is $ 132 billion.
@TechByte
Techbyte
Arrested 26-year-old carder in Cagliari
On the day of 13/04/2018 the young 26 year-old from Cagliari was caught in fragrant during the delivery of his last order purchased with a cloned card. The scammer had cloned a credit card held by a company based in the province of Turin and used it to make several online purchases of fairly expensive products including Rolex.
The 26-year-old specialized in computer intrusion, stolen and fraud and worked for several years in the sector with illicit profits that reached almost 50 thousand euros. He cloned credit cards in his home and then used them to make online purchases and cryptovalute which he used to use the illegal services of the deep web. He also bought some Rolex models in the darknet.
The carabinieri of Cagliari Villanova after a complex investigation and a long period of activity of information and observation of the subject have discovered that the scammer was making several purchases in both clearnet and darknet with a card that had cloned to a joint stock company in Turin.
The young man had the products he purchased purchased from a courier directly at home
The Agents intervened during the delivery of the last package, surprising the man and identifying him. From the home and personal search, the electronic computer equipment used, as admitted by the same, emerged to complete its illicit traffic on the web. In the house of the boy were also found the different products that he bought including a Rolex Oystedate worth almost 2000 euros.
"The damage in this case is 5000 euros if we consider the cloned paper. However, the subject has been operating for years in the sector with illicit profits that reach € 50 thousand. He is a card cloning specialist who then uses to buy cryptocurrencies and online products. He also bought some products from illegal deepweb services using cryptocurrencies that he bought with stolen cards.
@Techbyte
Arrested 26-year-old carder in Cagliari
On the day of 13/04/2018 the young 26 year-old from Cagliari was caught in fragrant during the delivery of his last order purchased with a cloned card. The scammer had cloned a credit card held by a company based in the province of Turin and used it to make several online purchases of fairly expensive products including Rolex.
The 26-year-old specialized in computer intrusion, stolen and fraud and worked for several years in the sector with illicit profits that reached almost 50 thousand euros. He cloned credit cards in his home and then used them to make online purchases and cryptovalute which he used to use the illegal services of the deep web. He also bought some Rolex models in the darknet.
The carabinieri of Cagliari Villanova after a complex investigation and a long period of activity of information and observation of the subject have discovered that the scammer was making several purchases in both clearnet and darknet with a card that had cloned to a joint stock company in Turin.
The young man had the products he purchased purchased from a courier directly at home
The Agents intervened during the delivery of the last package, surprising the man and identifying him. From the home and personal search, the electronic computer equipment used, as admitted by the same, emerged to complete its illicit traffic on the web. In the house of the boy were also found the different products that he bought including a Rolex Oystedate worth almost 2000 euros.
"The damage in this case is 5000 euros if we consider the cloned paper. However, the subject has been operating for years in the sector with illicit profits that reach € 50 thousand. He is a card cloning specialist who then uses to buy cryptocurrencies and online products. He also bought some products from illegal deepweb services using cryptocurrencies that he bought with stolen cards.
@Techbyte
Bitcoin web wallet addresses generated with a vulnerable library are exposed to brute-force attacks
Multiple vulnerabilities in the SecureRandom () function expose Bitcoin wallet web addresses generated by a library vulnerable to brute-force attacks.
The old Bitcoin Web portfolio addresses generated by browsers or JavaScript-based applications could be affected by a cryptographic vulnerability that could be exploited by attackers to steal funds.
According to experts, the famous JavaScript library SecureRandom () is not secure, this means that an attacker can launch brute-force attacks against private keys.
The flaw concerns the JavaScript SecureRandom () function that is used to generate a random Bitcoin address and its corresponding private key.
"It generates cryptographic keys that, despite their length, have less than 48 bits of entropy, [...] so its output will have no more than 48 bits of entropy even if its seed has more," he said. system administrator David Gerard.
"SecureRandom () then uses the number that gets through the obsolete RC4 algorithm, which is known to be more predictable than it should be, ie it has less bit of entropy," added Gerard. "So the key is predictable".
Gerard concluded that all Bitcoin addresses generated with the SecureRandom () function are vulnerable to brute force attacks.
"The conclusion seems to be that at least all the portfolios generated by JavaScript tools within browsers are affected by the weakness of Math.random, the vulnerability Math.random or RC4 (Chrome) between 2011 and 2013, and the weakness of RC4 for Chrome users until the end of 2015, "Gerard continues.
Gerard explained that several web-based applications or clients have used the SecureRandom () function. The expert said that all Bitcoin addresses possibly affected are:
BitAddress before 2013;
bitcoinjs before 2014;
current software using old repositories found on Github.
A user has launched the same warning in the Linux Foundation mailing list:
"A significant number of past and present cryptocurrency products contains a JavaScript class called SecureRandom (), which contains both a collection of entropy and a PRNG. The entropy collection and the same RNG are both deficient to the point that the key can be recovered from third parties with an average complexity ", reads the notice.
Researcher Mustafa Al-Bassam added that several older web-based implementations and client-side Bitcoin wallet applications have exploited the jsbn.js cryptographic library to generate Bitcoin addresses. Unfortunately, the jsbn.js cryptographic library used the SecureRandom () function, which means that the private keys of Bitcoin addresses have been exposed to attacks.
"I think the disclosure of the vulnerability refers to a pre-2013 version of jsbn, a library of JavaScript encryption," added Al-Bassam.
In any case, if you use a Bitcoin wallet address generated with tools that use vulnerable functions, you must generate a new Bitcoin address and transfer the funds to the new address.
Join us-@TechByte
Multiple vulnerabilities in the SecureRandom () function expose Bitcoin wallet web addresses generated by a library vulnerable to brute-force attacks.
The old Bitcoin Web portfolio addresses generated by browsers or JavaScript-based applications could be affected by a cryptographic vulnerability that could be exploited by attackers to steal funds.
According to experts, the famous JavaScript library SecureRandom () is not secure, this means that an attacker can launch brute-force attacks against private keys.
The flaw concerns the JavaScript SecureRandom () function that is used to generate a random Bitcoin address and its corresponding private key.
"It generates cryptographic keys that, despite their length, have less than 48 bits of entropy, [...] so its output will have no more than 48 bits of entropy even if its seed has more," he said. system administrator David Gerard.
"SecureRandom () then uses the number that gets through the obsolete RC4 algorithm, which is known to be more predictable than it should be, ie it has less bit of entropy," added Gerard. "So the key is predictable".
Gerard concluded that all Bitcoin addresses generated with the SecureRandom () function are vulnerable to brute force attacks.
"The conclusion seems to be that at least all the portfolios generated by JavaScript tools within browsers are affected by the weakness of Math.random, the vulnerability Math.random or RC4 (Chrome) between 2011 and 2013, and the weakness of RC4 for Chrome users until the end of 2015, "Gerard continues.
Gerard explained that several web-based applications or clients have used the SecureRandom () function. The expert said that all Bitcoin addresses possibly affected are:
BitAddress before 2013;
bitcoinjs before 2014;
current software using old repositories found on Github.
A user has launched the same warning in the Linux Foundation mailing list:
"A significant number of past and present cryptocurrency products contains a JavaScript class called SecureRandom (), which contains both a collection of entropy and a PRNG. The entropy collection and the same RNG are both deficient to the point that the key can be recovered from third parties with an average complexity ", reads the notice.
Researcher Mustafa Al-Bassam added that several older web-based implementations and client-side Bitcoin wallet applications have exploited the jsbn.js cryptographic library to generate Bitcoin addresses. Unfortunately, the jsbn.js cryptographic library used the SecureRandom () function, which means that the private keys of Bitcoin addresses have been exposed to attacks.
"I think the disclosure of the vulnerability refers to a pre-2013 version of jsbn, a library of JavaScript encryption," added Al-Bassam.
In any case, if you use a Bitcoin wallet address generated with tools that use vulnerable functions, you must generate a new Bitcoin address and transfer the funds to the new address.
Join us-@TechByte
Tutorial: XMPP / Jabber OTR
In this article we will discuss how to chat securely and securely using the XMPP / Jabber messaging protocol.
XMPP (Extensible Messaging and Presence Protocol) (formerly known as Jabber) is a set of open source instant messaging protocols. XMPP-based software is popular on thousands of servers on the Internet.
To start using XMPP the first thing to download is the XMPP client called Pidgin. Once downloaded, proceed with the installation until completion.
Now it is necessary to install OTR (Off-the-Record Messaging). OTR is a cryptographic protocol that provides end-to-end encryption to instant messaging conversations. The OTR plugin for Pidgin can be downloaded from https://otr.cypherpunks.ca
Make sure the Pidgin application is closed before installing OTR.
The first thing we have to do is make the OTR plugin active in Pidgin. To do this, open Pidgin, click on "Tools", select "Plugin" and click on the box next to "Off-the-Record Messaging".
Once we're done with this, we can enter the details of our XMPP account and start chatting, or create a new account.
For example, we will create a new account with the https://xmpp.dk service. You can register directly through Pidgin.
To create a new account you need to go to account -> manage accounts -> add.
The first step in registering from the client will be to select XMPP as the protocol and enter the username, password and domain. The username and password will be your choice, but the domain in this case will be xmpp.dk. The "Resource" box must be left blank. Then check the "Create this new account on server" box at the bottom of the window. Username and password will be requested again.
The next step to increase anonymity will be to set up Tor as a SOCKS5 proxy, so that not only will messages be encrypted with OTR, but all traffic will be encrypted with Tor. To do so, click on the "Proxy" tab when creating the account and set "Host" and "Port" accordingly. Make sure that Tor is also running, otherwise connection errors will occur.
If you get an error, do not worry. Sometimes there is an error with the server and you will need to register directly on the website of the XMPP host you are using.
Once you've done all this, you need to add a new contact to chat with another user. All you have to do is click on "contacts" -> "add contact" and enter the username of the user with whom you want to chat.
@TechByte
In this article we will discuss how to chat securely and securely using the XMPP / Jabber messaging protocol.
XMPP (Extensible Messaging and Presence Protocol) (formerly known as Jabber) is a set of open source instant messaging protocols. XMPP-based software is popular on thousands of servers on the Internet.
To start using XMPP the first thing to download is the XMPP client called Pidgin. Once downloaded, proceed with the installation until completion.
Now it is necessary to install OTR (Off-the-Record Messaging). OTR is a cryptographic protocol that provides end-to-end encryption to instant messaging conversations. The OTR plugin for Pidgin can be downloaded from https://otr.cypherpunks.ca
Make sure the Pidgin application is closed before installing OTR.
The first thing we have to do is make the OTR plugin active in Pidgin. To do this, open Pidgin, click on "Tools", select "Plugin" and click on the box next to "Off-the-Record Messaging".
Once we're done with this, we can enter the details of our XMPP account and start chatting, or create a new account.
For example, we will create a new account with the https://xmpp.dk service. You can register directly through Pidgin.
To create a new account you need to go to account -> manage accounts -> add.
The first step in registering from the client will be to select XMPP as the protocol and enter the username, password and domain. The username and password will be your choice, but the domain in this case will be xmpp.dk. The "Resource" box must be left blank. Then check the "Create this new account on server" box at the bottom of the window. Username and password will be requested again.
The next step to increase anonymity will be to set up Tor as a SOCKS5 proxy, so that not only will messages be encrypted with OTR, but all traffic will be encrypted with Tor. To do so, click on the "Proxy" tab when creating the account and set "Host" and "Port" accordingly. Make sure that Tor is also running, otherwise connection errors will occur.
If you get an error, do not worry. Sometimes there is an error with the server and you will need to register directly on the website of the XMPP host you are using.
Once you've done all this, you need to add a new contact to chat with another user. All you have to do is click on "contacts" -> "add contact" and enter the username of the user with whom you want to chat.
@TechByte