Wednesday, October 16, 2013

Facebook Has Acquired Mobile Analytics Startup Onavo For Up To $200 Million.



Facebook has acquired a mobile analytics company, Onavo. The buyout price was up to $200 million, according to multiple reports.

Onavo is based in Tel Aviv and Palo Alto. Facebook will turn Onavo's office into its first office in Israel and thirty employees will join Facebook's team there, The Marker reports.

Onavo was founded in 2010 by Guy Rosen and Roi Tiger; it raised $13 million from Sequoia Capital and others. It provides mobile data usage analytics and helps companies see how their usage stacks up against other companies.

Here's the memo from the founders:

We are excited to announce that Facebook has agreed to acquire our company.

Three years ago, we started Onavo with the goal of helping today’s technology consumers and companies work more efficiently in a mobile world. We developed the award-winning Onavo mobile utility apps, and later launched Onavo Insights, the first mobile market intelligence service based on real engagement data. Our service helps people save money through more efficient use of data, and also helps developers, large and small, design better experiences for people. 

We’ve built world-class products and a remarkably talented team which has pioneered important breakthroughs in data compression technology and mobile analytics. Today, we’re eager to take the next step and make an even bigger impact by supporting Facebook’s mission to connect the world.

As you know, Facebook and other mobile technology leaders recently launched Internet.org, formalizing Facebook’s commitment to improving access to the internet for the next 5 billion people — this is a challenge we’re also passionate about.

We’re excited to join their team, and hope to play a critical role in reaching one of Internet.org’s most significant goals – using data more efficiently, so that more people around the world can connect and share. When the transaction closes, we plan to continue running the Onavo mobile utility apps as a standalone brand. As always, we remain committed to the privacy of people who use our application and that commitment will not change.

We are incredibly proud of the talented team we have assembled, and, recognizing this, Onavo’s Tel-Aviv office will remain open for business and will become Facebook’s new Israeli office.
We’ll continue to advance the work we are doing in collaboration with Facebook’s great team. Thank you to everyone who has joined us on this journey. We’d like to extend a special thanks to our investors, who believed in us and in our vision from the early days. We’re excited for what’s next.

Guy Rosen, Co-Founder & CEORoi Tiger, Co-Founder & CTO

Tuesday, September 17, 2013

My Achievements - Hall Of Fames, Bounties And Swags !


I Am So Lucky that GOD Gave Me ability to find Vulnerabilities On Almost All Big And Highly Secured (So Called) Giants Of  IT Field. It includes:

Facebook, Google, Twitter, Apple, Microsoft, Adobe, Blackberry, Nokia, Symantec, Yahoo, Friendster, GoDaddy, Avira,  Avast, Ifixit, Android, Barracuda, MailChimp, LinkedIn etc and list goes On. 

Following are the Companies who have responsible disclosure policy listed my name on their Hall Of Fame Page for finding Security Vulnerabilities On their Sites. 


Got 5000 $$ from PayPal and Acknowledgement As Security Researcher.

 
Got 500 $$ from Facebook and Acknowledgement As Security Researcher.


Got 300 $$ from Meraki and Acknowledgement As Security Researcher.




1) My first International Acknowledgement. Recognized by Microsoft as a Security Researcher. link

2) Got listed in Adobe Security Researcher Acknowledgement Page for 1st time. link

3) Acknowledge from ifixit. Got listed in ifixit responsible disclosure Page for 2012. link

4) Once again Got listed in ifixit responsible disclosure Page - This time for year 2013. link

5) Listed in Adobe Security Researcher Acknowledgement Page for 2nd time and thus become the 1st Person Over the Globe to be Acknowledged by Adobe twice. link

6) Listed in Owncloud Security acknowledgement page. link

7) Listed in Red Hat Vulnerability Acknowledgements Page. link

8) Got Listed in Zendesk Vulnerability Acknowledge page with all my Leet Friends. link

9) Got listed in ConstantContact Hall Of Fame. link

10) Listed in Apple Hall Of Fame for reporting cross-site scripting Vulnerability. link

11) No Offense.. Listed in Apple Hall Of Fame for the second time in a Week. link

12) Listed in Nokia Hall Of Fame for first Time. link

13) Finally, I am In Google Hall Of Fame. link

14) Listed in Bugcrowd Contributors List with all My friends. 

15) Got Listed In Blackberry Hall Of Fame. :) link 

16) Finally Got My White Hat Hacker Badge On My Freelancer Account. Feeling Special :) <3 link


17) Listed in Google Hall Of Fame for Second Time :) :) Feeling Happy :) link

18) Listed in Microsoft Hall Of Fame for Second Time :) link

19) Listed in Sprout Social Hall Of Fame. link

20) Listed in Android Hall Of Fame. link  

21) Listed in Acquia Hall Of Fame. link

22) Listed in MailChimp Security Response Page. link  

23) Listed in Blackberry Hall of Fame for second time. link

24) Listed in HackSecurity Special Thanks Page. link  

25) Listed in Adobe Hall Of Fame fro 3rd Time! Feeling Special :) link

26) Listed in Schuberg Philis Hall Of Fame. link

27) Listed in Barracuda Hall Of Fame. link

28) Listed in NetFlix Hall Of Fame. link

29) Listed in Facebook White-hat Page. link

30) Acknowledgement From Avira as a Security Researcher.  

31) Acknowledgement From Altassin as a Security Researcher And received Cool Swag .  



32) Listed in Google Hall Of Fame for third time :) link

33) Acknowledgement From Appentative as a Security Researcher And received Cool Swag.  

34) Listed in Google Hall Of fame for forth time :) link 

35) Acknowledgement From BugCrowd as a Security Researcher And received Cool Swag .  

36) Listed in Nokia Hall Of Fame for Second Time. link

37) Listed in Freelancer Hall Of Fame. link

38) Acknowledgement From PayPal as a Security Researcher And received Some Bounty. 

 Reach me at Facebook - https://www.facebook.com/heartstlear

Reach me at twitter - https://www.twitter.com/tush2388

Reach me at LinkedIn - http://www.linkedin.com/pub/tushar-kumbhare/69/8a7/9b8

Thanks.

Happy Hacking :)

List Of Bug Bounty Sites


   

       PRODUCTS AND SERVICES (REWARD OFFERED)

       PRODUCT AND SERVICES (HALL OF FAME + SWAG)
       PRODUCT AND SERVICES (HALL OF FAME ONLY)
      PRODUCTS AND SERVICES (NO REWARD)
      BROKERS AND SECURITY COMPANIES
Tuesday, September 10, 2013

Wordfence Bug Bounty Program - DOM Based XSS on Main Site! Patched Without Even Reply!


Few days ago, i read about the new Bug Bounty Program started by Wordfence. Link



Wordfence is the Leading CyberSecurity solution for WordPress. They provide a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help Recover from a Hack. Wordfence is available free. Simply sign into your WordPress website, Go to Plugins > Add New > And search for 'wordfence' without quotes. Our premium version includes enterprise features like Two Factor Authentication and Country Blocking. 
As a Bounty they were offering Wordfence 5 year Premium license per bug reported. These licenses are priced at $146.25. Its Cool. I thought why not to try my hands on this bounty program.

When i visited the site, i noticed that the site is using a WordPress CMS. The version was 3.6 and almost all the known vulnerabilities seems to be patched. Then i checked the page source and Plugins. I found that the site is integrated with a plugin named WordPress prettyPhoto. I reviewed the JavaScript source of the Plugin and Found that it is vulnerable to DOM based Cross Site Scripting as it is accepting the input without sanitizing. So i generated  my payload and crafted the URL as follows:

http://www.wordfence.com/#!prettyPhoto/<a onclick="alert(/XSS by Tushar Kumbhare/);">/
I typed this URL in address bar and hit Enter and Bang!!! I Got a prompt showing XSS Vulnerability. I Immediately reported the vulnerability and they patched the vulnerability within a hour. They are really very fast as compared to Others. 

But these days, cant trust any one. Leave about the Bounty, they patched the vulnerability without even reply or a message of thanks. I don't know why these Bug Bounty Vendors doesn't play a fair game. They are just using our talent to secure their vulnerable ass and didn't even give a reply of thanks. To be very frank, i am loosing trust on these bug bounty programs due to some recent experiences which i got in these few days.

Let it be, but fortunately, i recorded the video as a Proof Of Concept. Its attached as follows:



After reporting 3 times and no reply my message to wordfence team. I have still 1 sqli and 2 XSS on your site and this time i will not report but do only one thing.



Reach me at Facebook - https://www.facebook.com/heartstlear

Reach me at twitter - https://www.twitter.com/tush2388

Reach me at LinkedIn - http://www.linkedin.com/pub/tushar-kumbhare/69/8a7/9b8

Thanks.


Sunday, September 8, 2013

Wordpress W3-Total-Cache Plugin 0.9.2.11 Persistant XSS Vulnerability.



WordPress Plugin w3-total-cache 0-day Stored Cross site Scripting Vulnerability.


Vulnerable Plugin - W3-total-cache Plugin
Vulnerable Version  - Version 0.9.2.11 and Prior.
Tested On - WordPress 3.6 on Windows 7, Linux.

Vulnerability:  Stored Cross Site Scripting.

W3-Total-Cache Plugin is Most defamed for its Poor Security.  Version of W3-total-cache Plugin ie Version 0.9.2.11, it is being hit by another major vulnerability which exploited Cleverly and Successfully can compromise the Admin Account of WordPress Site.

Following are the Steps:

1) Go to Dashboard.

 2) Click on Installed Plugins.


3) Go to W3-Total-Cache Plugin and Click on settings.


4) Go to Reverse Proxy and Click on page cache settings.

 5) Go to Cache Preload and Type Vector - "><img src=x onerror=prompt(0);>. in Sitemap URL and     Click on Save.


6) You will get a Prompt.


Here is a Video Demonstration of this Vulnerability.



Reach me at Facebook - https://www.facebook.com/heartstlear

Reach me at twitter - https://www.twitter.com/tush2388

Reach me at LinkedIn - http://www.linkedin.com/pub/tushar-kumbhare/69/8a7/9b8


Thanks.

Happy Hacking :)
 

Receive All Free Updates Via Facebook.