Now isn’t that awesome : if you are either bored on the internet , if you ever wanted to go to a destination or if you ever wanted to make a cool presentation that involves travelling or destination this tool is awesome in my opinion. You can create your own one here , mind you you probably need a screen capturing device ( get a free one , did you know that you capture your screen using VLC media player, google it !! ):

http://hyperlapse.tllabs.io/  (limited to 60 frames )

Also if you want to tinker with it and make it more smooth you can do so using their source code and you are no longer limited to 60fp but will take longer to generate.

https://github.com/TeehanLax/Hyperlapse.js/archive/master.zip

Have fun

The post How to make a Google Street View Timelapse appeared first on TanCoSin.

Well thanks to some clever scientists and advancement in biotechnology over the last couple of years this concept is now possible. Here is a video of the Glowing plants that is being funded on kickstarter.

This innovation could be the answer to many of our current problems and it looks cool . The main concept is basically the bioluminance DNA is extracted from firefly dna and is placed into a plant by transgenisis . This can be done through agrobacterium which naturally acts like a virus towards plants and injects DNA material. So first question you are wondering is this safe ? Well I dont know but neither did the people when they created the Atom bomb fearing that it will ignite earths atmosphere and the HCL thinking it would create the black hole. But there are benefits as shown in the picture below.

So how does bioluminance work in the first place ? Here is a good explanation that I found in How Stuff  Works

“Bioluminescence involves the combination of two types of substances in a light-producing reaction. One is a luciferin, or a light-producing substance. The other is a luciferase, or an enzyme that catalyzes the reaction. In some cases, the luciferin is a protein known as a photoprotein, and the light-making process requires a charged ion to activate the reaction. Neurological, mechanical, chemical or as-yet-undiscovered triggers can start the reactions that create light.

Often, the process requires the presence of other substances, like oxygen or adenosine triphosphate (ATP). ATP is a molecule that stores and transports energy in most living organisms, including the human body. The luciferin-luciferase reaction can also create byproducts like oxyluciferin and water.

The terms luciferin and luciferase both come from a Latin term lucifer, which means “light-bringer.” They are generic terms rather than the names of particular chemicals. Lots of different substances can act like luciferins and luciferases, depending on the species of the bioluminescent life form. For example, the luciferin coelenterazine is common in marine bioluminescence. Dinoflagellates that obtain food through photosynthesis use a luciferin that resembles chlorophyll. Their luminescence is brighter after very sunnydays. Some shrimp and fish appear to manufacture their luciferin from the food they eat.”

The post Naturally Illuminating Trees without electricity appeared first on TanCoSin.

I use Dropbox  , and so do some 50 million other people. That’s remarkable, considering Dropbox suffered through a few embarrassing speed bumpsrelated to user file security. It seems it’s going to take more than those kind of oops for us to consider giving up the convenience afforded by Dropbox.

A digital addiction like that begs the question: what kind of “issue” would it take to convince someone (me for instance) to stop using Dropbox?

When I asked that question at a security seminar, little did I realize a digital investigator slash pen tester would provide the perfect speed bump that will have all 50 million of us asking ourselves, “Is using Dropbox worth the risk?”

What issue?

I was perusing the seminar briefing website from this year’s Black Hat EU, fishing for potential article topics, when I came across a briefing note titled “DropSmack: How cloud synchronization services render your corporate firewall worthless.” Feeling a nibble, I read the briefing. Right away, I knew I hooked a keeper:

“The contributions of this presentation are threefold. First, we show how cloud-based synchronization solutions in general, and Dropbox in particular, can be used as a vector for delivering malware to an internal network.”

The other two contributions were as eye-opening:

• Show how the Dropbox synchronization service can be used as a Command and Control (C2) channel.
• Demonstrate how functioning malware is able to use Dropbox to smuggle out data from exploited remote computers.

The events as they unfolded

As the story goes, Jake was hired to perform a “no holds barred” penetration test on a corporate network. Nothing Jake tried worked, even social engineering the employees. Then Jake found a crack — the company CIO. He obtained a personal email address and a way to spear-phish the CIO.

He just had to wait until the CIO used his work notebook away from the corporation’s highly secure network. In less time than one would expect (scary actually), Jake owned the notebook.

While snooping around on the CIO’s computer, Jake couldn’t believe his luck; he found corporate documents quietly sitting in a Dropbox synchronization folder. Jake told me, “I knew I could use Dropbox as a conduit into the inner corporate sanctuary. What I didn’t know was how.”

That’s because Dropbox databases are encrypted; and reverse engineering the Dropbox software in order to read the databases would take longer than Jake had. Not to be denied, Jake and his cohorts eventually discovered a way in. It seems massive quantities of beer played a vital role (from Jake’s Black Hat presentation).

The epiphany

By design, Dropbox would allow Jake to send files to all the devices associated with the CIO’s Dropbox account, but that’s not enough. Jake needed a way to infiltrate further into the company network, install malware, and find specific documents as part of the pen-test requirements.

Figuring out how to accomplish all that was Jake’s epiphany, and like any good pen tester wanting to get unstuck, Jake created a tool called DropSmack to perform the above steps.

Next step was getting it loaded. Jake realized all he had to do was get the CIO to open a file infected with DropSmack in his Dropbox folder, and it would install. Here are the steps:

• Embed DropSmack in a file already synchronized by Dropbox.
• Add some macro goodness.
• Load file back on the compromised computer.
• File automatically synchronizes.
• Wait for the victim to open the file on the internal network.

I thought I had a gotcha; I asked Jake, “What about Windows 7 and needing admin rights to get by the UAC?” Jake told me something I should have known, but didn’t, “Dropbox does not need admin rights to load, because it installs into the user’s profile directory. So we did the same thing with DropSmack — nice and simple.” Something else I didn’t understand: “Now that DropSmack is installed, how do you tell it what to do?” Jake explained:

DropSmack is designed to monitor the Dropbox synchronization folder. We create a file using a .doc extension, put a legitimate file header on the first line, and add the desired commands. Our files won’t open in Word (they say the file is corrupted); but that’s good, it makes the file less prone to investigation by a snoopy user.

We then place the doctored file in the owned computer’s Dropbox folder. Dropbox does it magic synchronizing all associated Dropbox folders. DropSmack detects the file meant for it, and executes the command.

I then asked Jake for a few examples of what DropSmack was capable of doing:

Once you infect a remote machine with DropSmack, it can be used to perform arbitrary actions on the machine. This includes pivoting to other machines in the remote network (such as a file server). Using the PUT command, you can upload any new tools you may need to the remote machine. The EXEC command allows you to execute those tools. The GET command allows you to retrieve output from any commands that was written to an output file.

To get remote shares mounted to a machine, you’d just upload a batch script containing the “net use” command that outputs to an output file, EXEC the script, and retrieve the output file. I demonstrated this live at the Black Hat EU conference, capturing a listing of the user’s home directory, IP configurations, and the Program Files directory (to see what software was installed on the machine).

Jake beat me to the punch on my next question. I wondered if the notifications Dropbox created would seem odd to the user.

So, for now, Jake makes sure the name of the command file relates to the files already in Dropbox.

Countermeasures

Next, Jake and I discussed how to foil DropSmack. Jake didn’t have much regard for normal antimalware methods: such as IDS, firewalls, antivirus apps, or DLP software. He felt whitelisting software was the only for sure way to prevent DropSmack from loading.

More importantly, Jake suggested that security managers think long and hard before allowing Dropbox or any file-synchronization application, no matter how convenient they are. Besides the more obvious reasons for disallowing file-synchronizing apps, Jake alluded to the “can of worms” companies can find themselves in regarding privacy laws. He explained:

Many general counsels are more than a little worried about the appearance of authorizing us to pen test what could end up being be home machines. That’s becoming a sticky issue with pen-testers these days as people open spear phishing emails delivered to the corporate email addresses on machines that may be privately owned.

Jake also pointed out:

The Computer Fraud and Abuse Act doesn’t allow the corporation to authorize testing of an employee’s personal assets. Usually penetration testers solve this problem (and avoid breaking the law) by only acting on malware from machines in the corporation’s public IP range.

The liability issue resulting from privacy laws affects more than just pen testers; companies allowing file synchronization apps are apt to get embroiled in issues similar to the legal implications of BYOD.

Final thoughts

Jake and I felt it important to mention that Dropbox is by far the most secure of all file synchronization applications that Jake looked at. In fact, he uses Dropbox personally (at least he did before finding the issue). Jake also wanted me to make sure and mention that Dropbox was not compromised in order to accomplish his pen-testing goal. It was just a conduit.

A few more interesting tidbits from Jake:

• More often than not, Dropbox is loaded on corporate networks whether it is approved or not — most of the time it’s not.
• It’s a good bet the bad guys know this technique, and are already using it.

The article may make it seem that DropSmack is more of a corporate concern, but that is not necessarily so. Once DropSmack or similar malware becomes mainstream in bad-guy circles, it’s everyone’s concern.

Source :

I found this interesting article on TechRepublic, image borrowed from dropbox

The post How drop Dropbox can steal files and deliver malware appeared first on TanCoSin.

And here is a shot comparing the other smartphones – iPhone 5, HTC One and Lumia 920

Clearly I dont have to tell you which one is the best , but I bet its indestructible.

The post Nokia Lumina still has the Best Camera on a Smart Phone appeared first on TanCoSin.

Imagine a Digital Age where there is no restriction on data, you can do much as you want and not worry if its too large. That where we are heading to in the next couple of years with 1080p  videos , 4K data format and 8K and maybe in the future 128K who knows . But to hold all these high quality formats requires tremendous amounts of data.

Just imagine all the things that you NEVER have to DELETE EVER .

The post The Next Digital Age appeared first on TanCoSin.

Image Source: http://mashable.com/

Despite the controversy in the changes made to terms of service (TOS), photo-sharing network Instagram revealed that it has gained new users. This was revealed when the company issued a statement last January 17. In its very first monthly user data revelation, Instagram said that they now have 90 million active users per month – a figure that’s 10% higher than last month’s.

In a statement made to AllThingsD, Instagram founder Kevin Systrom said that “Instagram continues to see very strong growth around the world.”

“With many of the product and internationalization improvements we’ve made, we’ve been excited to see these efforts resonate with users globally,” Systrom added.

This may come as good news to Instagram since it’s been under a lot of controversy. Ever since it made some changes to its TOS,many users found the change to be either incredulous or downright ridiculous. Facebook bought the photo-sharing site for $1 billion reportedly in an effort to give Facebook a needed “facelift”. Some even went to speculate that Facebook didn’t want another bidder like Google to get it first.

There are, however, some cynics with Instagram’s reports, especially with the timing. Instagram’s release of its monthly active user data comes after reports of user revolt have been made. Furthermore, the release of data was made 2 days before its updated TOS comes into effect.

If you’re using Instagram on your personal or business phone, you’ve probably received a reminder in your e-mail in which Instagram says its “updated policies will be in effect as of January 19th, 2013”. The e-mail further states that the “policies also now take into account the feedback we received from the Instagram Community”.

The feedback being referred to was practically a massive user revolt when the company’s changes to the TOS seemed to imply that Instagram can sell photos of users to advertisers even without the users’ permission or consent.

Instagram, however, was quick to make an effort to do damage control. In a blog post, Systrom tried to explain, saying that: “To be clear: it is not our intention to sell your photos. We are working on updated language in the terms to make sure this is clear.”

The updated language, however, wasn’t immediately available which made a lot of users doubtful of Instagram’s intentions.

Then in another blog post, Systrom further explained: “Instagram users own their content and Instagram does not claim any ownership rights over your photos. Nothing about this has changed.”

In another post, Systrom reiterated: “I want to be really clear: Instagram has no intention of selling your photos, and we never did. We don’t own your photos – you do.”

It looks like Instagram is still doing some damage control. By revealing such active monthly users data, the company is trying to appease its current user base and entice new ones by saying that the company is not, in any way, suffering from user decline as what the New York Post and many other outlets have reported last month. The problem is, not everyone’s buying it. Experts say that the figures may fluctuate. Nevertheless, if Instagram continues to reveal such data, it may have some sort of credibility with experts and analysts, and eventually, the public.

The post Instagram Gains New Users despite Changes in TOS appeared first on TanCoSin.

Here is a demonstration of the hack

Hackers have discovered a weakness in Java 7 security that could allow the installation of malicious software and malware on machines that could increase the chance of identity theft, or the unauthorized participation in a botnet that could bring down networks or be used to carry out denial-of-service attacks against Web sites.

“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”

Java users should disable or uninstall Java immediately to mitigate any damage.

The latest flaw, as earlier reported by ZDNet, is currently being exploited in the wild, security experts have warned. Alienvault Labs have reproduced and verified claims that the new zero-day that exploits a vulnerability in Java 7, according to security expert Brian Krebs.

As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.

 

Java is used by hundreds of millions of Windows, Mac and Linux machines — along with mobile devices and embedded systems — around the world to access interactive content or Web applications and services.

It’s not uncommon for the U.S. government — or any other government agency — to advise against security threats, but rarely does an agency actively warn to disable software; rather they offer advice to mitigate such threats or potential attacks, such as updating software on their systems.

The post Major Java 7 Security flaw US Department of Homeland Security Intervenes appeared first on TanCoSin.

 You can do everything you ever wanted because the solution is out there and all you have to do is find it.  Welcome to the 21st Century where Google dominates everything.  Google is the largest search engine and learning how to use google properly will give you power over others and i’m Serious . I will demonstrate how easy it is to find what you want with a trick I found .

The trick  is formerly knows as “google doodling” , many hackers will know about this because they all know that Google can be the greatest asset when hijacking a website. If you ever wanted to become a  hacker then doodling is the frontier to this lucrative business ( remember your morals if you ever take this pathway , its way too easy to loose them ) .

But lets leave all the hacking behind I just want to find something on the internet that I can get for free, as an example

Want free music? Free games? Free software? Free movies? God bless FTP!  ( File transfer Protocol )

The Trick :

Yup thats right , all you have to do is use those search terms and modify it a bit to get what you want.

Substitute rolling stones/w your favorite band. No? Try the song name, or another file format. Play with it. Assuming SOMEONE made an FTP and uploaded it, you’ll find it.

For example….I wanted to find some Calvin Harris . If you havent heard of this dude yet then you have to try , hes a techno , electro master and his songs are wonderful:

Here are some of the terms that  I experimented with

At this point it occurs to me that I may be missing something, so I try:
intitle:”index of *” “sepultura” mp3 <– BANG!
(and thats without searching for spelling errors)
Also try inurl:ftp

Method 1 :

?ww.google.com

put this string in google search:

Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

voila!

You can also try other terms such as “720p”, “1080p” , “name of movie”, “HD-Rip” to further refine your results so you dont have to scavenge everything.

Methods 2

?ww.google.com

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson

Remember your just at the tip of an ice burg you can do so much more if you know how .

If you liked this article please Share it with you friends  and Subscribe at the bottom .

The post How to make Google your bitch ! appeared first on TanCoSin.

If you ever wanted to track an object just in case you ever loose it such as car keys then you have to know about Smart Key Finder tags are the most advanced object finder to locate objects directly from your smart phone. It uses the Bluetooth 4.0 technology (also called Bluetooth Low Energy - BLE) which can last over 12 months on a coin cell battery.

The iOS Smart Finder app works with the Smart Key Finder tags to implement Find-Me and Electronic Leash services.

The Find-Me service can be used to locate objects up to 50 meters (164 feet).  You can attach the Smart Key Finder tags to easily misplaced objects, such as keys, wallets, purses, remote controls, canes and umbrellas, etc.  When the Find-Me service is activated on your iPhone, the Smart Key Finder tag will beep and flash. The Smart Finder app has a unique feature to guide you towards the lost object. It has a signal strength indicator which gives you a sense of distance between you and the lost object.

The Electronic Leash service ties your Smart Key Finder attached object to your iPhone.  Alerts will be sounded if the two are separated at a distance on the iPhone, the Smart Key Finder or both. The GPS location is also recorded to help you return to look for the lost object. Electronic Leash is perfect for situations such as keeping any eye on wandering kids/pets in a park or your valuables when travelling. The distance can be configured as follows.

• Low: 25+ meters
• Medium: 10~25 meters
• High: 5~10 meters

Smart Finder is a free iOS app which can be download it from iTunes App store.

Mind you the Tags are not available until sometime in mid Jan 2013 according to some of my sources

.

The following are screen shots of the Smart Finder iOS App.

The post Bluetooth Object Tracker appeared first on TanCoSin.

The Internet is a popular and in demand space that helps business companies to be noticed by the public. There are many services for small and medium businesses that are anchored on Internet technology. Given this fact, what questions then do small and medium businesses have to ask when choosing the best VoIP provider?

What business VoIP plans do you offer to your subscribers?

Let them show you what specific plans they offer for business users. If you have a clear idea on what you want to achieve using VoIP services, now is the time to ask them how they can help you attain those goals. Also check if the product and/or service they’re offering matches your business needs and budget. If you only have a certain budget for your service, let them know about this, so they can adjust from there.

What are the features of your VoIP plan?

Get them to describe or even demonstrate the features included in their phone service plans. You can do preliminary research through the Internet and from there get the information that you’ll need. Ask specific questions like which one is more affordable, a monthly plan or a metered plan. You could also ask them to elaborate on their unlimited plan. Ask them details so the information would be crystal clear.

Why is your VoIP plan better than the others?

Sometimes, even if the service features are listed, it’s hard to determine which service is best for you. Ask them straightforward how their services differ from their competitors and why their benefits are better than the others.

Do you have a lock-in period?

It’s best to know which plans are flexible and can adjust to your business capacity and growth. There will be a time that you may need to upscale or downscale, and you have to be assured that they can adjust to these changes.

What additional equipment are needed for your services to be used?

It is also a good idea to ask if you need to invest for additional hardware or equipment. It is necessary for them to enumerate whatever item is needed for their service to work properly. You also need to know the price of these items, in case you actually need one or more. It would be better if they are also selling those items so you can negotiate and won’t have to look for these items yourself.

Now that you know what questions to ask, make sure to take note of the best answers and the best features that can help you make your business better. Happy hunting!

The post Basic Questions That A Business VoIP Provider Must Answer appeared first on TanCoSin.