Blog

A regularly updated website or web page, typically one run by an individual or small group, that is written in an informal or conversational style.

Mokes

Mokes Backdoor Malware

Sad Finder

A Kaspersky researcher discovered a variant of the backdoor Mokes on OS X. It allows to spy or to execute remote code.

Stefan Ortloff, researcher at Kaspersky Lab has published several technical papers on Seculist and especially on this OS X version of the backdoor. Mokes for OS X has the same characteristics as the variants for Windows and Linux. It is responsible, for example, record sounds and make screenshots every 30 seconds in the PC of the victim. The backdoor is capable of detecting the presence of a removable storage medium such as a USB key, but also to monitor the presence of specific files, such as .docx, .doc, .xls and .xlsx. Attackers can use the backdoor to execute arbitrary commands on the system, monitor and refine them through filters issued by the command and control server. By examining the sample of the backdoor, Stefan Ortloff discovered that once executed, it is copied in various places :

 

Specification of Mokes :

Specifications

Name :

HEUR:Backdoor.OSX.Mokes.a

Hash :

664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c

Inside the system :

$HOME/Library/App Store/storeuserd
$HOME/Library/com.apple.spotlight/SpotlightHelper
$HOME/Library/Dock/com.apple.dock.cache
$HOME/Library/Skype/SkypeHelper
$HOME/Library/Dropbox/DropboxCache
$HOME/Library/Google/Chrome/nacld
$HOME/Library/Firefox/Profiles/profiled

Hosts:

IP : 158.69.241.141
DOMAIN : jikenick12and67.com
IP : 95.211.172.143
cameforcameand33212.com

Dev :

OS X version of Mokes.A. is written in C++ using Qt, a cross-platform application framework, and is statically linked to OpenSSL.

 

More information :

 

Once installed, it establishes a connection with the command-and-control C & C server via HTTP on TCP port 80, it communicates through TCP port 443 using AES-256. This version appeared recently with the Linux variant. Last July, the team Bitdefender alerted the community about the existence of a malware called : „Backdoor.MAC.Eleanor„.

 

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Apple Events (070916)

Apple Events September 7th

 

What a great event !!!

 

 

 

In this Apple Events :

 

  • Pokemon Go on the Apple Watch
  •  

  • Mario on The App Store

  •  

  • iWork Real Time Collaboration
  •  

  • iPhone7 & iPhone7 Plus
  • iphone7

    iphone7price

     

  • No more phono but lightning
  • Lightning adapter to phono
  •  

  • Air Pods : Price 169$

  •  

  • Apple Watch Series 2

  •  

  • Apple Watch Series 2 Nike Edition
  •  

  • Apple Watch Series 2 Hermes
  •  

    This Morning :

     

  • iOs10 : 09/13/2016
  • ios10

     

  • macOS Sierra : 09/20/2106
  • macos_sierra

     

  • tvOS : Coming soon
  • tvos

     

  • watchOS3 : This fall
  • watchos3

     

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

App Store Improvements

From Apple (News 09012016a)

 

App Store

App Store Improvements

September 1, 2016

We love helping customers discover innovative, useful, and exciting apps on the App Store. With more than 2 million apps available and around 100,000 new and updated apps submitted each week, there’s something for everyone. To make it easier for customers to find great apps that fit their needs, we’re implementing two suggestions from the developer community starting September 7, 2016.

Quality Apps

Quality is extremely important to us. We know that many of you work hard to build innovative apps and update your apps on the App Store with new content and features. However, there are also apps on the App Store that no longer function as intended or follow current review guidelines, and others which have not been supported with compatibility updates for a long time. We are implementing an ongoing process of evaluating apps for these issues, notifying their developers, and removing problematic and abandoned apps from the App Store.

Shorter App Names

Search is one of the most frequently used methods for customers to discover and download apps from the App Store. In hopes of influencing search results, some developers have used extremely long app names which include descriptions and terms not directly related to their app. These long names are not fully displayed on the App Store and provide no user value. App names you submit in iTunes Connect for new apps and updates will now be limited to no longer than 50 characters. You can learn more about creating effective app names, as well as icons, keywords, screenshots, and descriptions, by reading the App Store Product Page.

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Instapaper > Pinterest

From the Instapaper Team

Today, we’re incredibly excited to announce that Instapaper is joining Pinterest. In the three years since betaworks acquired Instapaper from Marco Arment, we’ve completely rewritten our backend, overhauled our mobile and web clients, improved parsing and search, and introduced tons of great features like highlights, text-to-speech, and speed reading to the product.

All of these features and developments revolved around the core mission of Instapaper, which is allowing our users to discover, save, and experience interesting web content. In that respect, there is a lot of overlap between Pinterest and Instapaper. Joining Pinterest provides us with the additional resources and experience necessary to achieve that shared mission on a much larger scale.

For you, the Instapaper end user and customer, nothing changes. The Instapaper team will be moving from betaworks in New York City to Pinterest’s headquarters in San Francisco, and we’ll continue to make Instapaper a great place to save and read articles.

Lastly, and most importantly, we want to thank all of our readers for your support throughout the years. Whether you supported us back when Marco built and ran Instapaper, from the betaworks acquisition, or just found out about us recently, we truly appreciate your continued support and look forward to bringing you the same great product at Pinterest.

- Instapaper Team

 

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Powershell Mac

Powershell has been released on GitHub.

 

Powershell

 

Welcome to the PowerShell GitHub Community! PowerShell is a cross-platform (Windows, Linux, and OS X) automation and configuration tool/framework that works well with your existing tools and is optimized for dealing with structured data (e.g. JSON, CSV, XML, etc.), REST APIs, and object models. It includes a command-line shell, an associated scripting language and a framework for processing cmdlets.

 

PowerShell becomes multiplatform

 

Additional platforms will be supported in the future, says Microsoft. The firm book parallel the source code for Windows PowerShell and Linux. PowerShell is based on .Net, Microsoft .Net needed on other platforms in order to bear PowerShell also on other platforms, says the creator of the tool, Jeffrey Snover.

 

microsoft_powershell_1

 

Once operational Core .NET on Linux and Mac OS X – via .NET 1.0 Core – the publisher has changed for PowerShell that it works. The PowerShell Core version is the one that Microsoft will deliver with Nano Server for Windows Server 2016, says Jeffrey Snover to ZDNet.com. „The current PowerShell users who need to manage their heterogeneous areas will want it. People building management tools like us with Operations Management Suite (OMS) desire. Those who want to standardize on a specific set of tools will want this” ensures the father of PowerShell.

 

Install PowerShell on OS X 10.11

 

Using OS X 10.11, download the PKG package powershell-6.0.0-alpha.9.pkg from the releases page onto the OS X machine. Either double-click the file and follow the prompts, or install it from the terminal:

 

sudo installer -pkg powershell-6.0.0-alpha.9.pkg -target /

 

Paths

 

$PSHOME is /opt/microsoft/powershell/6.0.0-alpha.9/
User profiles will be read from ~/.config/powershell/profile.ps1
Default profiles will be read from $PSHOME/profile.ps1
User modules will be read from ~/.local/share/powershell/Modules
Shared modules will be read from /usr/local/share/powershell/Modules
Default modules will be read from $PSHOME/Modules
PSReadLine history will be recorded to ~/.local/share/powershell/PSReadLine/ConsoleHost_history.txt

 

The profiles respect PowerShell’s per-host configuration, so the default host-specific profiles exists at Microsoft.PowerShell_profile.ps1 in the same locations. On Linux and OS X, the XDG Base Directory Specification is respected. Note that because OS X is a derivation of BSD, instead of /opt, the prefix used is /usr/local. Thus, $PSHOME is /usr/local/microsoft/powershell/6.0.0-alpha.9/, and the symlink is placed at /usr/local/bin/powershell.

 

https://github.com/PowerShell/PowerShell/

 

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Review Sherlock 1.0.2

Release of Review Sherlock 1.0.2.

Review sherlock was just updated to version 1.0.2.
 
review_sherlock_main_window_2

In this update :

  • Addition of the „data mining” window.
  • Addition of „data mining” export to xml and txt.
  • Addition of an interactive map to display the reviews in the extracted countries.
  • Addition of an interactive map to display the rates in the extracted countries.
  • Addition of color explanation for the reviews.
  • Addition of color explanation for the ratings.
  • Addition of a specific colorized view for the „data mining” list.
  • Addition of details in the review field.
  • Addition of a Bar graphics and a line graphics for the „data mining”.
  • Addition of new engines in the review window.
  • Addition of visual stars in the review window.
  • Addition of the 503 errors to the logs.
  • Correction of the „export reviews” process.
  • Correction of the „export application” process.
  • Correction of the logs.
  • Correction of the „export logs” process.
  • Correction of the registration process.
  • Correction of the review field in the review window.
  • Correction of the graphics.
  • Correction of the translations.
  • Correction of the review field in the main window.
  • Correction of the review window.
  • Correction of the code.

Examples :

Data Mining of the WWF Together application. (App Store)
 
review_sherlock_data_mining_colored
 
Data Mining of the WWF Together application. (App Store) (Map of ratings)
 
review_sherlock_data_mining_ratings_map
 
Data Mining of the WWF Together application. (App Store) (Bar view of reviews)
 
review_sherlock_data_mining_reviews_bar
 
Data Mining of the WWF Together application. (App Store) (Line view of reviews)
 
review_sherlock_data_mining_reviews_line
 
Data Mining of the WWF Together application. (App Store) (Map of reviews)
 
review_sherlock_data_mining_reviews_map
 
Review window of a review for the WWF Together application. (App Store) (Map of reviews)
 
review_sherlock_author_review

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Review Sherlock 1.0.1

Release of Review Sherlock 1.0.1.

Review sherlock was just updated to version 1.0.1.
 
rs-03

In this update :

  • Correction of the buying link.
  • Correction of the deletion of an application.
  • Correction of the deletion of all applications.
  • You can now consult the review in a specific field.

 
Examples :

Partial review of the Facebook application. (App Store) (French screenshot).
 
Review Sherlock Partial Review Of Facebook Application
 
Partial review of OS X El Capitan. (Mac App Store) (French screenshot)
 
review sherlock partial review el capitan
 

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Crypt a text with Cryptext

How to crypt a text with Cryptext.

Ciphering a text with Cryptext is very easy.

Cryptext

Click the "Preferences" tool button.

Clicking the "Preferences" tool button will switch you to the "Preferences" section.

In the "Preferences" section of Cryptext.

Select AES security. Write a password.

Select AES security.

Write a key. The key must contain 15 characters, this is mandatory.

Click the "Encrypt" tool button.

Clicking the "Encrypt" tool button, you'll return to the writing part.

Write a text.

In this example : "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."

Cryptext

Click the "Encrypt" tool button.

Your text is now encrypted. Cryptext is one of the most easiest tool to encrypt text on Mac OSX.

Cryptext

Add an application to Review Sherlock

How to add an application inside Review Sherlock ?

Adding an application inside review Sherlock for analysis is pretty simple and straight forward.

Review Sherlock

Launch Review Sherlock.

Click the Review Sherlock Icon application to launch Review Sherlock.

Review Sherlock interface

Click the "Add" tool button.

When you click the "Add" tool button a new window appears inside Review Sherlock.

Add an application window

Write an identifier.

Add an application by its identifier. In this example we'll add the YouTube application. The YouTube application identifier is 544007664.

Identifier 544007664

Click the "Add" button.

Click the "Add" button. If the identifier is correct, and the App is not already inside Review Sherlock's Database, the fetching window appears.

Fetching the application with identifier 544007664

When the fetching is over.

When the fetching of the application is over, the fetching window disappears and the YouTube application is ready to be analyzed inside Review Sherlock.

Review Sherlock with the YouTube application added
Strona 1 z 512345
Rbcafe © 2004- | Rb Cafe 1.3 | Kontakt Rbcafe | Rbcafe na Twitterze | Rbcafe na Facebooku | Polityka prywatności