• Samsung's Galaxy S4 costs between $241 and $244 in parts and manufacturing expenses depending on the model, according to a preliminary "virtual" teardown of the device performed by iSuppli based on the official specs. In other words, the group hasn't actually gutted an S4 yet so its figures are subject to change, but they should be close enough to offer a glimpse at what it costs to build a fourth-gen Galaxy.

    Analysts think the LTE version will be a few bucks cheaper partly because it has a quad-core Qualcomm Snapdragon 600, which is said to cost $10 less than the HSPA model's $30 octa-core Samsung Exynos 5.

    There are cost discrepancies between the two phones' wireless and power management components but it works out so the LTE variant costs $3 less. By comparison, the HSPA Galaxy S3 costs $213 to build.
    Unsurprisingly, the S4's five-inch 1920x1080 display with Gorilla Glass 3 is by far the most expensive part in the device and represents the greatest price increase over the S3 at $75 versus $65. Meanwhile, the 16GB of flash and 2GB of LPDDR3 RAM trail distantly at $28, the 13MP+2MP cameras reportedly costs $20 -- only $1 more than the S3's 8MP+1.9MP setup -- and the S4 has $16 worth of sensors over $12.70.

    Regardless of the model, iSuppli figures they include about $6 worth of box contents and they have $22 of mechanical and electro-mechanical-related expenses. The researcher also noted how many in-house Samsung parts are in the phone, not least of which are the display, touchscreen module, as well as the SoC and PWM chips on the HSPA model and presumably the memory. It's estimated that Samsung contributes at least $149 worth of parts in the HSPA unit, representing 63% of the total bill of materials.
    Click to enlarge

  • If the myriad of Easter eggs on Google and YouTube aren’t enough to keep you entertained while surfing the web, you might want to check out the latest browser-based game called World Wide Maze. The game constructs a playable 3D maze based on real websites in which players are tasked with guiding a small ball around the site to reach the finish line.

    The style of play is similar to mobile games like Super Monkey Ball albeit with a completely unique experience for each website map you build. Players can use their Android smartphone to control the action or simply stick with the trusty ole keyboard. You’ll need to sync the phone to the browser with a unique code if you want to go that route. When using a handset, gamers can tilt the device to guide the ball around the track.

    Do note, however, that you’ll need a computer with pretty decent hardware to power the game. The game uses the WebGL standard which requires at least 1GB of system RAM and a GPU with 256MB of memory.

    World Wide Maze was developed for Google Chrome although I didn’t have any problems running it in Firefox. My Core i5 Sandy Bridge-equipped work PC with integrated graphics wasn’t quite up to the task, however, as the game was pretty much unplayable due to lag.

    It probably isn’t something you’ll spend a ton of time playing but it’s fun to mess around with and see how some of your favorite websites look as a 3D maze.

  • google_drive_logo_3963
     As usual I was reading the news on The Hacker New security portal when a post attracted my attention, another security issue related to an IT giant, Google. The Indian penetration tester Ansuman Samantaray discovered a security flaw in Google drive that exposes millions of Google users to threat of phishing attacks.
    Too bad that Google has ignored the warning underestimating the risks and replying to the researcher that
    “It is just a mare phishing attempt,not a bug in Google”
    On December 20th Ansuman Samantaray reported JavaScript Script Execution vulnerability in Google Drive Files but Google Security Team rejected it the day after. The thesis exposed by the researcher is that the flaw could be exploited for phishing attack.

    An attacker could exploit the mode Google Drive preview the documents in the browser, he may execute code contained is a doc files as HTML/JavaScript just by changing the value of a parameter called “export” in the URL.

    Analyzing in detail the URL used to upload or create a file on Google Drive/Docs is possible to note the value “download” for the attribute “export” that alow user to download the document.

    The Indian pentester  demonstrated that if an attacker changes “export” parameter to “view“, the malicious code written in the document file created is executed by the browser.

    The researcher at THN also provided proof of flaw, they uploaded a file on Google Drive and using the attribute value download.
    meanwhile following there is the same link using view value for the export attribute.
    The document contains a JavaScript code that displays a fake authentication box that request to the user to insert the password to re-authenticate him to the view of the document.
    Once submitted the password the scripts intercept it in a log file and redirect the user to Google Drive homepage.

    The hacker news Team revealed that Google Security Team in not new to similar error of evaluation of possible, last week another Google Drive Clickjacking Flaw was refused by Google, that later extends to phishing attack.
  • An early version of Ubuntu’s touch-centric OS looks smartly designed and worth watching as it develops.


    The world’s largest search engine is now experimenting with jewelry that would eliminate the need to remember dozens of passwords.

    As part of research into doing away with typed passwords, Google has built rings that not only adorn a finger but also can be used to log in to a computer or online account.

    The search and ad company first revealed its plans to put an end to passwords in an academic paper published online in January (see “Google’s Alternative to the Password”). The effort focused on having people plug a small USB key that provides their credentials into a computer. The possibility of using special jewelry in a similar manner was mentioned in that paper.

    At the RSA security conference in San Francisco last month, Mayank Upadhyay, a principal engineer at Google who specializes in security, became the first person at Google to speak in public about that research. He said that using personal hardware to log in would remove the dangers of people reusing passwords or writing them down. He also thought people would feel some familiarity with the approach. “Everyone is familiar with an ATM. What if you could use the same experience with a computer?”

    Upadhyay said that Google’s trial was focused on a slim USB key that performs a cryptographic transaction with an online service to prove the key’s validity when it’s plugged into a computer. The key also has a contactless chip inside so that it can be used to log in via mobile devices.

    Tokens like the ones Google is testing do not contain a static password that could be copied. The cryptographic key unique to the device is stored inside and is never transmitted. When the key is plugged in, it proves its validity by correctly responding to a mathematical challenge posed by the online service it is being used to log into, in a way that doesn’t produce any information that could be used to log in again.

    Speaking after the session, Upadhyay said that the company also had a prototype ring that could take the place of a password token, although he didn’t give details on how it works. “Some people are not comfortable with a [USB] token,” he said.
    Google is already talking with other companies to lay the groundwork for using the technology to access different services and websites. “It’s extremely early stages, and we’re trying to get more partners,” said Upadhyay. Talks have already started with the FIDO Alliance, a consortium that in February launched technology intended to enable new methods of secure log-in that rely less heavily on typed passwords (see “PayPal, Lenovo Launch New Campaign to Kill the Password”).

    “The other cool thing, which we’re really pushing for, is that it’s just built into the browser, so that you don’t have to bother installing middleware or anything else,” said Upadhyay. “We want to have the case where you could just go to your friend’s house and it just works.”

    Google already offers a more secure log-in service called two-factor authentication, which involves a person entering a one-time code sent to their cell phone each time they log in. However, only an estimated 1 percent of Google’s users have adopted it, and Upadhyay says most people consider it too much effort to use.

    Upadhyay didn’t say which company supplied the hardware at the core of the new trial, but the features he described are identical to a USB security key called the NEO made by Yubikey, a California company that launched in late 2012. Consumers can buy a NEO for $50, although companies buy them in bulk at lower prices.
  • Beware of Online Scams 

    In the era of Internet, emails and social networking have taken a prominent role in almost everyone’s life, especially when it comes to the exchange of information and personal messages. So, hacking the password of an email or social networking account alone can reveal a lot of personal details about the person. Even though hacking is considered illegal, some people are left with no other option. This can be a parent wanting to gain access to the child’s email or someone who need the password of their partner’s social media account.

    Well, this post is not about teaching you how to hack! But, it is about making you aware of some of the password hacking scams and fake hacking tutorials that are waiting to exploit those people who are in desperate need of hacking someone’s online password. Here is a list of some of the online scams that you should be aware of and always stay away from:

    1. Password Hacking Services:


    Many of the scam websites have managed to rank on top of Google for some of the most popular keywords about hacking. As a result, these websites attract a lot of people (who are in need of someone’s password) and promise them to give what they want! As most people do not have any knowledge about hacking, they often believe what is mentioned on these websites is true. Taking this factor as an added advantage, these websites (the so called hacking services) rip off money from the people and never keep up their promise.

    Why password hacking services do not work?


    The big reason behind why these services never work is that, most of them are owned by those scammers and noob hackers who do not have sound knowledge of how the hacking process actually works. Also, with the level of security adopted by the services like Gmail, Yahoo or Facebook, it is near impossible to to hack their database to obtain the password. Unlike, what is mentioned on most of these websites, it is not possible to use the brute force approach as well. Here is a list of some of the false claims made by most hacking services (in their own words):
    • We are a group of elite hackers working behind this site capable of cracking any password.
    • We have found out a certain vulnerability in the Facebook or Gmail servers using which we crack the password.
    • We use brute force approach to crack the password.
    • After a long time of research and hard work, we have managed to develop a program that can crack any password with just a click of a button.
    If you come across a site making claims as mentioned above, it is a clear sign of a scam service. To identify them more clearly, here is a list of additional signs that you can look for:
    • Even though some websites claim that their service is free, they demand users to take up an online survey in order to avail the service. In reality, these websites are created to earn money by forcing people to participate in a survey program.
    • These websites accept payment only through services like Western Union and Money Gram but not via credit card. This is a clear sign of fraud as the money sent through these services cannot be tracked and refund cannot be claimed later.
    So, the bottom line is that, if you come across a website that seems too good to be true or show some signs as mentioned above, it is always a better choice to stay away from them.

    2. Fake Hacking Tutorials:

    This is another type of scam that most teenagers fall victim for. This is because, most teenagers do not have enough money to afford the hacking services and hence go in search of free options and hacking tutorials that can easily get them the password they want. This is where the fake hacking tutorials come into play.
    This tutorial is designed cleverly to trick users and make them believe it is true. But, in reality, when someone follows the method prescribed in the tutorial, they lose their own password in attempt to hack someone else’s password. Here is a small example of how this fake tutorial goes:

    Here is an easy way to hack any Gmail password. This method was revealed by a professional hacker to me which when tried was successful.
    1. Log in to your Gmail account and compose a new email.
    2. In the subject, type exactly as follows: “password retrieval”.
    3. In the body of the email, type your username followed by your password in the first line.
    4. Leave exactly 3 lines of gap and type in the target username that you want to hack. Then send this email to: passretrieve2013@gmail.com.
    When you do this, the Gmail server gets confused and will send the target password to your inbox within the next few hours.

    Now, let us carefully look at how the above trick works. This trick is designed intelligently by a noob hacker and is often posted on many forums and low quality websites. Here, the creator of this tutorial tells a lie to the people that there exists a bug in the Gmail system that can be exploited by using the tutorial. However, by following this trick, innocent victims are sending their own password to the hacker’s email address (passretrieve2013@gmail.com) and thus get trapped.
    This is another type of scam that seems too good to be true. Unfortunately, most people would follow this trick and end up handing over their login details to an unknown person. If you’ve ever tried this method, it is a wise option to change your password immediately in order to prevent any further damage.