Apple Asked To Pay $625M To Patent Troll In FaceTime Lawsuit

Apple slapped with a huge $625 million Patent Troll verdict over FaceTime, VPN patents

A U.S. court has directed Apple to pay $625 million to infamous patent troll VirnetX for infringing on patents used in its iMessage and FaceTime services.

Commonly referred to as a troll, VirnetX, a Nevada holding company, has made almost majority of its revenue from patent licensing and lawsuits by suing a number of tech companies over the past decade. In 2014, it settled a dispute with Microsoft over patents used in Skype by pocketing $24 million in the process. Similarly, it was able to churn out $200 million from the Redmond based company over the alleged use of Virtual Private Network (VPN) patents in FaceTime video chats via a 2010 case.

“We are thankful for the jurors’ hard work and attention in this case, and for reaching a just verdict,” said VirnetX attorney Jason Cassady in a statement. “The jury saw what we have been saying all along: Apple has been infringing VirnetX’s patented technology for years.”

According to the company’s lawyers, the jury award included royalties based on an earlier patent infringement finding in favor of VirnetX.

Apple on Wednesday filed court papers asking U.S. District Judge to declare a mistrial, saying VirnetX’s attorneys had misled the jury during closing arguments.

“We are surprised and disappointed by the verdict and we’re going to appeal. Our employees independently designed this technology over many years, and we received patents to protect this intellectual property. All four of VirnetX’s patents have been found invalid by the patent office. Cases like this simply reinforce the desperate need for patent reform,” it said in a statement.

In November 2012, a jury found Apple infringed four VirnetX patents with its iPhone, iPod Touch and iPad products, as well as with its Mac computers, awarding $368.2 million in damages. However, Apple later tweaked its services, but VirnetX claimed that the changes were not enough.

How To Install Kali Linux On Android Smartphone

Install Kali Linux on your Android device and develop a portable penetration testing environment

Kali Linux, a secure distribution of Linux, is one of the most widely used OS among ethical hackers  (and unethical hackers). The reason is that Kali Linux has almost every tool required for pentesting pre-installed. And a great back end support from Offensive Security make it a great platform for beginners as well as professionals. Kali Linux is a successor of BackTrack OS which was also developed by Offensive Security.

The developers at Offensive Security have been working extensively for developing a dedicated operating system for cyber-security researchers. Along with ARM devices, Kali Linux is available for Android too.

The installation process is very simple and straightforward. If you have a rooted Android phone having at least 5GB of free storage and a fast internet connection (to download repository files), then everything else is just a matter of few taps on your smartphone.

First of all install Linux Deploy app from Play Store.

Now make sure that your phone is in the required state for installation. That is, make sure that your phone is rooted, having 5GB of free space, an internet connection with decent speed (and you are patient enough to wait for Kali to bootstrap from the network).

Root privilege is required because Kali will install itself in chroot mode. Which means that allowed access will be restricted to specified directory (acting as root directory) and their children.

Step 2 is running the app, and selecting Kali Linux in the distribution tab. Optionally, you can choose your architecture, verify that the Kali mirror is correct, set your installation type and location on your Android device, etc. Generally speaking, the defaults provided by Linux Deploy are good to begin with.

Once all the settings are at place, hit the “install” button and app will start a Kali Linux bootstrap directly from repositories of Offensive Security. Depending on your Internet connection speed, this process could take a while. You’ll be downloading a base install of Kali Linux (with no tools) at minimum.

When the installation is complete, you can have Linux Deploy automatically mount and load up your Kali Linux chroot image. This also includes the starting of services such as SSH and VNC for easier remote access. All of this is automatically done by hitting the “start” button. You should see Linux Deploy setting up your image with output similar to the following:

At this stage, Linux Deploy has started a VNC and SSH server inside your chrooted Kali image. You can connect to the Kali session remotely using the IP address assigned to your Android device (in my case, 10.0.0.10).

Logging In:

You can now access your Kali Linux instance with either VNC or Secure Shell(SSH). The required credentials are-
For VNC password is “changeme”
For SSH username is “android” and password is again “changeme”

This is what it all looks like on your device:

Linux localhost 3.4.5-447845 #1 SMP PREEMPT Fri Apr 12 17:22:34 KST 2013 armv7l
Kali GNU/Linux 1.0 [running on Android via Linux Deploy] android@localhost:~$ sudo su
root@localhost:/home/android# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/loop3 4180944 667268 3304012 17% /
tmpfs 952708 80 952628 1% /dev
tmpfs 952708 0 952708 0% /dev/shm
root@localhost:/home/android#
root@localhost:/home/android# apt-get update
Hit http://http.kali.org kali Release.gpg
Hit http://http.kali.org kali Release
Hit http://http.kali.org kali/main Sources
Hit http://http.kali.org kali/contrib Sources
Hit http://http.kali.org kali/non-free Sources
Hit http://http.kali.org kali/main armel Packages
Hit http://http.kali.org kali/contrib armel Packages
Hit http://http.kali.org kali/non-free armel Packages
Ign http://http.kali.org kali/contrib Translation-en_US
Ign http://http.kali.org kali/contrib Translation-en
Ign http://http.kali.org kali/main Translation-en_US
Ign http://http.kali.org kali/main Translation-en
Ign http://http.kali.org kali/non-free Translation-en_US
Ign http://http.kali.org kali/non-free Translation-en
Reading package lists… Done
root@localhost:/home/android#

Memory Considerations:
If left unchanged, Linux Deploy will automatically set an image size of around 4 GB, for a “naked” installation of Kali. If you would like to install additional Kali tools down the road, you might want to consider using a larger image size, which is configurable via the settings in Linux Deploy.

Quick Tip: Prefer SSH over VNC while logging into your OS. This will save you a lot of time.

Post your further queries in the comment box to get them resolved.

What’s Penetration Testing ?

Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.

The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization’s security policy compliance, its employees’ security awareness and the organization’s ability to identify and respond to security incidents.

Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.

What’s Kali Linux ?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as  Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Top 20 Penetration Testing Tool In Kali linux 2.0

1. Metasploit

This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating the perfect framework for penetration testing.

It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. This is a commercial product, although there might be free limited trials available.

2. Armitage

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

• Use the same sessions
• Share hosts, captured data, and downloaded files
• Communicate through a shared event log.
• Run bots to automate red team tasks.

3. Wireshark

This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility.

4. Burpsuite

Burp suite is also essentially a scanner (with a limited “intruder” tool for attacks), although many security testing specialists swear that pen-testing without this tool is unimaginable. The tool is not free, but very cost effective. Take a look at it on below download page. It mainly works wonders with intercepting proxy, crawling content and functionality, web application scanning etc.  You can use this on Windows, Mac OS X and Linux environments.

5. Acunetix

Acunetix is essentially a web vulnerability scanner targeted at web applications. It provides SQL injection, cross site scripting testing, PCI compliance reports etc. along with identifying a multitude of vulnerabilities. While this is among the more ‘pricey’ tools.

6. John The Ripper

Another password cracker in line is, John the Ripper. This tool works on most of the environments, although it’s primarily for UNIX systems. It is considered one of the fastest tools in this genre. Password hash code and strength-checking code are also made available to be integrated to your own software/code which I think is very unique. This tool comes in a pro and free form.

7. Social Engineer Toolkit

The Social-Engineer Toolkit (SET) is a unique tool in terms that the attacks are targeted at the human element than on the system element. It has features that let you send emails, java applets, etc containing the attack code. It goes without saying that this tool is to be used very carefully and only for ‘white-hat’ reasons.  It has a command-line interface, works on Linux, Apple Mac OS X and Microsoft Windows.

8. Nmap

“Network Mapper” though not necessarily a pen-testing tool, it is a must-have for the ethical hackers. This is a very popular tool that predominantly aids in understanding the characteristics of any target network. The characteristics can include: host, services, OS, packet filters/firewalls etc.  It works on most of the environments and is open sourced.

9. BeEF

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser- what this means is that, it takes advantage of the fact that an open web-browser is the window(or crack) into a target system and designs its attacks to go on from this point on . It has a GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows.

10. Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

11. Sqlmap

Sqlmap is again a good open source pen testing tool. This tool is mainly used for detecting and exploiting SQL injection issues in an application and hacking over of database servers. It comes with command-line interface. Platform: Linux, Apple Mac OS X and Microsoft Windows are supported platforms.

12. Ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.

13. Hydra

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

14. Maltego

Maltego is a program built into Kali Linux that lets you do reconnaissance on any person, by scraping up data from all publicly available areas of the Internets. Maltego is used for information gathering and data-mining, and can be useful for anyone who needs to gather data on a person or company

15. Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers.

16. Sqlninja

Sqlninja, as the name indicates is all about taking over the DB server using SQL injection in any environment. This product by itself claims to be not so stable its popularity indicates how robust it is already with the DB related vulnerability exploitation. It has a command-line interface, works on Linux, Apple Mac OS X and not on Microsoft Windows.

17. HaCoder.py

HaCoder.py is Python based FUD RAT (fully undetectable remote administration tool) used for remote control infected PC. It’s coded by Luka Sikic using Python socket programming. Credits goes to Technic Dynamic for idea about AES Encrypted communication between infected PC and control machine. Download Here.

18. CORE Impact

CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line.

19. Canvas

Immunity’s CANVAS is a widely used tool that contains more than 400 exploits and multiple payload options. It renders itself useful for web applications, wireless systems, networks etc. It has a command-line and GUI interface, works on Linux, Apple Mac OS X and Microsoft Windows. It is not free of charge and can more information can be found at below page.

20. Retina

As opposed to a certain application or a server, Retina targets the entire environment at a particular company/firm. It comes as a package called Retina Community. It is a commercial product and is more of a vulnerability management tool more than a pen-testing tool. It works on having scheduled assessments and presenting results. Check out more about this package at below page.

Best Hacking Tools Of 2016 For Windows, Mac OS X, And Linux – 

Short Bytes: fossBytes has prepared a useful list of the best hacking tools of 2016 based upon industry reviews, your feedback, and its own experience. This list will tell you about the best software used for hacking purposes featuring port scanners, web vulnerability scanner, password crackers, forensics tools and social engineering tools.

We have compiled this list of top hacking tools of 2016 with their best features and download links. Read about them, learn how to use them and share your reviews to make this list better.

Disclaimer: fossBytes is publishing this article just for educational purposes and we don’t promote malicious practices.

Metasploit | Best Hacking Tools Of 2016

Rather than calling Metasploit a collection of exploit tools, I’ll call it an infrastructure that you can utilize to build your own custom tools. This free tool is one of the most popular cybersecurity tool around that allows you to locate vulnerabilities at different platforms. Metasploit is backed by more than 200,000 users and contributors that help you to get insights and uncover the weaknesses in your system.

This top hacking tool package of 2016 lets you simulate real-world attacks to tell you about the weak points and finds them. As a penetration tester, it pin points the vulnerabilities with Nexpose closed–loop integration using Top Remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool.

Metasploit is available for all major platforms including Windows, Linux, and OS X.

Read more here and find download link.

FREE Video Training Course: Online Penetration Testing and Ethical Hacking.

Acunetix WVS | Best Hacking Tools Of 2016

Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. This multi-threaded tool crawls a website and finds out malicious Cross-site Scripting, SQL injection, and other vulnerabilities. This fast and easy to use tool scans WordPress websites form more than 1200 vulnerabilities in WordPress.

Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2016.

Acunetix is available for Windows XP and higher.

Read more here and find download link.

Nmap | Best Hacking Tools Of 2016

Nmap – also known as Network Mapper – falls in the category of a port scanner tool. This free and open source tool is the most popular port scanning tool around that allows efficient network discovery and security auditing. Used for a wide range of services, Nmap uses raw IP packets to determine the hosts available on a network, their services along with details, operating systems used by hosts, the type of firewall used, and other information.

Last year, Nmap won multiple security products of the year awards and was featured in multiple movies including The Matrix Reloaded, Die Hard 4, and others.  Available in the command line, Nmap executable also comes in an advanced GUI avatar.

Nmap is available for all major platforms including Windows, Linux, and OS X.

Read more here and find download link.

Also Read: Best Hacking Apps For Android Phones

Wireshark | Best Hacking Tools Of 2016

Wireshark is a well-known packet crafting tool that discovers vulnerability within a network and probes firewall rule-sets. Used by thousands of security professionals to analyze networks and live pocket capturing and deep scanning of hundreds of protocols. Wireshark helps you to read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others.

This free and open source tool was originally named Ethereal. Wireshark also comes in a command-line version called TShark.

This GTK+-based network protocol analyzer runs with ease on Linux, Windows, and OS X.

Read more here and find download link.

oclHashcat | Best Hacking Tools Of 2016

If password cracking is something you do on daily basis, you might be aware of the free password cracking tool Hashcat. While Hashcat is a CPU-based password cracking tool, oclHashcat is its advanced version that uses the power of your GPU.

oclHashcat calls itself world’s fastest password cracking tool with world’s first and only GPGPU based engine. For using the tool, NVIDIA users require ForceWare 346.59 or later and AMD users require Catalyst 15.7 or later.

This tool employs following attack modes for cracking:

• Straight
• Combination
• Brute-force
• Hybrid dictionary + mask
• Hybrid mask + dictionary

Mentioning another major feature, oclHashcat is an open source tool under MIT license that allows an easy integration or packaging of the common Linux distros.

This useful hacking tool can be downloaded in different versions  for Linux, OSX, and Windows.

Read more here and find download link

Nessus Vulnerability Scanner | Best Hacking Tools Of 2016

This top free hacking tool of 2016 works with the help of a client-server framework. Developed by Tenable Network Security, the tool is one of the most popular vulnerability scanners we have. Nessus serves different purposes to different types of users – Nessus Home, Nessus Professional, Nessus Manager and Nessus Cloud.

Using Nessus, one can scan multiple types of vulnerabilities that include remote access flaw detection, misconfiguration alert, denial of services against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches etc. To launch a dictionary attack, Nessus can also call a popular tool Hydra externally.

Apart from the above mentioned basic functionalities, Nessus could be used to scan multiple networks on IPv4, IPv6 and hybrid networks. You can set scheduled scan to run at your chosen time and re-scan all or a subsection of previously scanned hosts using selective host re-scanning.

Nessus is supported by a variety of platforms including Windows 7 and 8, Mac OS X, and popular Linux distros like Debian, Ubuntu, Kali Linux etc.

Read more here and find download link

Maltego | Best Hacking Tools Of 2016

Maltego is an open source forensics platform that offers rigorous mining and information gathering to paint a picture of cyber threats around you. Maltego excels in showing the complexity and severity of points of failure in your infrastructure and the surrounding environment.

Maltego is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning.

Maltego hacking tool  is available for Windows, Mac, and Linux.

Read more here and find download link

Social-Engineer Toolkit | Best Hacking Tools Of 2016

Also featured on Mr. Robot, TrustedSec’s Social-Engineer Toolkit is an advanced framework for simulating multiple types of social engineering attacks like credential harvestings, phishing attacks, and more. On the show, Elliot is seen using the SMS spoofing tool from the Social-Engineer Toolkit.

This Python-driven tool is the standard tool for social-engineering penetration tests with more than two million downloads. It automates the attacks and generates disguising emails, malicious web pages and more.

To download SET on Linux, type the following command:

1	git clone https://github.com/trustedsec/social-engineer-toolkit/ set/

Apart from Linux, Social-Engineer Toolkit is partially supported on Mac OS X and Windows.

Other top hacking tools in multiple categories:

Web Vulnerability Scanners – Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy

Vulnerability Exploitation Tools – Netsparker, sqlmap, Core Impact, WebGoat, BeEF

Forensic Tools – Helix3 Pro, EnCase, Autopsy

Port Scanners – Unicornscan, NetScanTools, Angry IP Scanner

Traffic Monitoring Tools – Nagios, Ntop, Splunk, Ngrep, Argus

Debuggers – IDA Pro, WinDbg, Immunity Debugger, GDB

Rootkit Detectors – DumpSec, Tripwire, HijackThis

Encryption Tools – KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor

Password Crackers – John the Ripper, Aircrack, Hydra, ophcrack

We hope that you found this top hacking tools of 2016 list helpful. Share your reviews in the comments below and help us improve this list.