TwGhana Inc.

20/02/2020

👩🏿‍💻Do you need any of the following👨🏿‍💻

✅ Business Website
✅Personal Website
✅Newspaper Website
✅Peer to Peer Donation Website
✅Bitcoin Investments Website
✅Initial Coin Offering Landing Pages
✅e-commerce Webites
✅Bitcoin investment Telegram bot
✅Smart Contract Development
✔Wordpress theme development
✔Wordpress plugin development
✔Android App development

✳️✳️✳️✳️✳️✳️✳️✳️✳️
Kindly Call or Whatsapp 0544646116/0542399830 for a professional website at an affordable price
Thank you🙏
visit https://jetclick.net for more info

Getting online is easy. Succeeding online is a different story. You’ll need more than just a beautiful website to stand out these days. Online marketing solutions. Conversion-based web design coupled with a lead generating marketing plan, your online success is inevitable.

29/06/2018

http://www.businessinsider.com/philip-frenzel-ad-active-dampening-phone-case-2018-6?utm_content=buffer857e7&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

The AD (active dampening) phone case, patented by German student Philip Frenzel, can detect when the phone is falling and protracts springs to protect it. So far, it's only a prototype.

28/06/2018

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server.

Discovered by researchers at RIPS Technologies GmbH, the "authenticated arbitrary file deletion" vulnerability was reported 7 months ago to the WordPress security team but remains unpatched and affects all versions of WordPress, including the current 4.9.6.

The vulnerability resides in one of the core functions of WordPress that runs in the background when a user permanently deletes thumbnail of an uploaded image.

Researchers find that the thumbnail delete function accepts unsanitized user input, which if tempered, could allow users with limited-privileges of at least an author to delete any file from the web hosting, which otherwise should only be allowed to server or site admins.

The requirement of at least an author account automatically reduces the severity of this flaw to some extent, which could be exploited by a rogue content contributor or a hacker who somehow gains author's credential using phishing, password reuse or other attacks.

Researchers say that using this flaw an attacker can delete any critical files like ".htaccess" from the server, which usually contains security-related configurations, in an attempt to disable protection.

Besides this, deleting "wp-config.php" file—one of the most important configuration files in WordPress installation that contains database connection information—could force entire website back to the installation screen, allegedly allowing the attacker to reconfigure the website from the browser and take over its control completely.

26/06/2018

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions.

Google’s Firebase service is one of the most popular back-end development platforms for mobile and web applications that offers developers a cloud-based database, which stores data in JSON format and synced it in the real-time with all connected clients.

Researchers from mobile security firm Appthority discovered that many app developers' fail to properly secure their back-end Firebase endpoints with firewalls and authentication, leaving hundreds of gigabytes of sensitive data of their customers publicly accessible to anyone.

Since Firebase offers app developers an API server, as shown below, to access their databases hosted with the service, attackers can gain access to unprotected data by just adding "/.json" with a blank database name at the end of the hostname.

Sample API URL: https://.firebaseio.com/
Payload to Access: Data https://.firebaseio.com/.json

To find the extent of this issue, researchers scanned over 2.7 million apps and found that more than 3,000 apps—2,446 Android and 600 iOS apps—were leaking a whole 2,300 databases with more than 100 million records, making it a giant breach of over 113 gigabytes of data.

26/06/2018

Google Solves Update Issue for Android Apps Installed from Unknown Sources

If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store.

For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well.

Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store.

This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it.

From early 2018, Google has already started implementing this mechanism, which doesn't require any action from Android users or app developers, helping the company to keep its smartphone users secure by adding those peer-to-peer shared apps to a user's Play Store Library in order to push regular updates.

Additionally, Google yesterday announced a new enhancement to its plan by adding offline support for metadata verification that would allow your Android OS to determine the authenticity of "apps obtained through Play-approved distribution channels" while the device is offline.

Source: https://twitter.com/Swati_THN

26/06/2018

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser.

Discovered by Jake Archibald, developer advocate for Google Chrome, the vulnerability resides in the way browsers handle cross-origin requests to video and audio files, which if exploited, could allow remote attackers to even read the content of your Gmail or private Facebook messages.

For security reasons, modern web browsers don't allow websites to make cross-origin requests to a different domain unless any domain explicitly allows it.

That means, if you visit a website on your browser, it can only request data from the same origin the site was loaded from, preventing it from making any unauthorized request on your behalf in an attempt to steal your data from other sites.

However, web browsers do not respond in the same way while fetching media files hosted on other origins, allowing a website you visit to load audio/video files from different domains without any restrictions.

Moreover, browsers also support range header and partial content responses, allowing websites to serve partial content of a large media file, which is useful while playing a large media or downloading files with pause and resume ability.

In other words, media elements have an ability to join pieces of multiple responses together and treat it as a single resource.

However, Archibald found that Mozilla FireFox and Microsoft Edge allowed media elements to mix visible and opaque data or opaque data from multiple sources together, leaving a sophisticated attack vector open for attackers.

Source:https://twitter.com/unix_root

14/06/2018

Let's fly on the internet together...

14/06/2018

Just incase you need a website for your business or an artwork...
Call or WhatsApp 0544646116
Visit www.twghana.com

24/05/2018

Ever happened to u?

15/05/2018

.....
Website development
Website maintenance
Android Application development
Windows Application development.
Domain Registration
Call or WhatsApp 0544646116 now...

02/03/2018

Check out the top 10 richest men in the world.
Lary Page of Google broke into top 10 for the first time..

Inc..