The Orweb Tor Browser from the Guardianproject has a really serious security flaw. The actual ip of an user can be determined by using HTML5 video or audio elements, despite the user is connected via the TOR connection.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The problem is the underlying WebView component which doesn't handle proxy settings correctly. There's also a blog post from August 21st, 2013 on this problem. Nevertheless, the browser with over 1 million installations is still available in the PlayStore and might be widely used. The developers offer an alternative solution with the Firefox Addon proxy mobile that isn't affected by this bug.
More details are available at Why you really shouldn't use Orweb anymore.
Quick-Check (to be accessed from Orweb): http://xordern.net/checkip
The ip leakage can be reproduced with at least Android 2.3.5, Android 4.1.2 and Android 4.3.
Related
In light of so many leaks of personal data, I decided to see what was happening on my phone for fun:
I used Network Connections App, which shows the user what connections are active on Android.
It turns out Google's System application called Security Storage is connecting to a Porn site url place holder, which redirects to another real porn site.
WTF??!?!?!?!
I'd recommend checking out this app for yourself.:good:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
hahahahha good catch
Cloudfront is Amazon's AWS content distribution network so really this is a non-event, many things could equally have resolved to that address.
Could that be any ads in apps that trigger the connection ? There must be something had triggered it.
I guess an app was trying to store something to your phone and that security storage just responding to it.
Hi all!
Since 2008 it is known a bug in stock browser of Android.
As written here: https://code.google.com/p/android/issues/detail?id=1353 Android doesn't support HTTP Basic Auth (401).
This is a problem beacuse an user can't download a protected resource. Only with third party browsers (such Firefox or Opera) it's possible to download a protected file.
So, I've written an application to download all files type, both protected or not.
The object I've used to perform the HTTP request is HttpURLConnection, for more details see the code.
The files are downloaded to /sdcard/Download.
This app require Android 2.2 or higher.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Link to the project: https://sourceforge.net/projects/wgetandroid/
Everyone is invited to improve this code because I've written it fast, so it isn't so good.
I hope that this applications can help you
android http api gateway
Support a variety of http api interfaces of Android mobile phone system, the most important thing is to support dual cards, and support custom card 1 or card 2 to read and send calls and text messages. Other interfaces include photo album, camera, GPS. . . If you need more API interfaces, please use them yourself.
However, the author of the software is no longer updated, please remove the verification of the software's gmail and google play, thank you.
.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Android app to turn your mobile phone into an all-purpose device, exposing various APIs for common use.
All about android email client Profimail Go from lonelycatgames company Slovakia.
Profimail Go is only one client they works with folders like windows explorer.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
No sync with office365 from 09/2022 - Bad Authenticate
Office 365 no like to support old protocols like TLS old ver.,etc.
Reason is access old protocols in Admin Exchange in office 365:
Exchange Online email applications stopped signing in, or keep asking for passwords? Start here.
Starting on October 1, 2022, Microsoft is starting to disable an outdated way of logging into Exchange Online known as “basic authentication.” This outdated method is vulnerable to various forms of password attacks. The newer authentication standard is based on a standard called OAuth and the...
techcommunity.microsoft.com
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
RedGuard is a free solution for secure and anonymous internet browsing.
The built-in firewall allows you to securely restrict network access for specific applications and reduce mobile internet expenses by 50%. You have full control over which applications use mobile data and which use Wi-Fi.
RedGuard enhances website loading speed and preserves battery life by blocking ads, online trackers, and analytical systems.
RedGuard - Clean and Safe Internet!
Google Play: https://play.google.com/store/apps/details?id=app.redguard
Homepage: https://redguard.app
New version 1.0.1, what's new:
Fixed an issue with RegGuard not auto-starting when the device is turned on.
Fixed an issue with enabling VPN on certain devices.
Resolved various minor issues.