divricean.ro Report : Visit Site

Technical data of the divricean.ro

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host divricean.ro. Currently, hosted in Romania and its service provider is SC Elvsoft SRL .

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called Apache containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

divricean.ro believe! the rest will follow. home archives about android vulnerability: install app without user explicit consent martie 10th, 2014 — android , security this vulnerability allows an app to install any number of apps with any type of permissions without user’s explicit consent. it is based on two things: you can install an app from google play using just the browser, even from pc, take a look here . an app can embed a browser and automatically login into your google account without any notification, using a few permissions. description one can build an android app, let’s call it trojan , that requires these permissions: android.permission.internet – allows applications to open network sockets. android.permission.get_accounts – allows access to the list of accounts in the accounts service. android.permission.use_credentials – allows an application to request authtokens from the accountmanager. from here . these are the steps to reproduce it: trojan app contains a webview that will automatically login into user’s google account by requesting authtokens from the account manager , user will not be notified nor have any way to stop this. the webview will load the google play web site and inject javascript code on page load. the javascript code will make a request to get the device information and csrf tokens , it will get information about all devices registered with that account. remember the browser is logged in with user’s google account. using this information it can issue a request to install any app on google play , on every device registered with that google account. the user will not be prompted and will not have any way to stop this. scenarios trojan app could be full screen and the user will not even see the install notification. trojan app could choose to install the app on a different device, from the devices registered with the google account, the user will not see anything unusual on the current device where the trojan runs. the installed app can have access to all permissions (if it specifies so in the manifest) without the user explicitly approving that, it could have access to services that cost you money , like sending sms or making phone calls, manage accounts, disable your phone, just look at the permission list . since you have access to all google data for that account, there are other scenarios, like accessing emails and more, but the poc did not address those. the fix the google fix, as far as i could tell, was to not allow the browser to automatically login. instead, the user will be prompted with a text that says it would allow the app to have access to all google data. this however does not inform the user that it will allow automatic installation of any app, potentially causing direct and immediate loss of money. i will not release the poc, i think it would be too easy to cause real damage. however it is not that difficult to implement. vendor contact timeline 2013-12-16 – contact security(at)google.com. 2013-12-17 – received reply that the issues was passed to security(at)android.com. 2013-12-20 – received reply that they could not reproduce the issue. 2013-12-20 – sent a stripped down version of the poc, not much different. 2014-01-16 – request status update. 2014-01-24 – received response that the rollout of the fix started last week. 2014-02-12 – received response that the fix is live for 100% users/devices. 4 comments ← previous entries cautare ultimele posturi android vulnerability: install app without user explicit consent un asa reportaj frumos la device-uri mici, probleme mari google security issue #3: light csrf on google analytics m-au pus in alta sala google security issue #1: youtube csrf attack pentru cei care n-au auzit de youtube convertor de toti banii widget top twitter de pus pe bloguri. si nu numai, dar mai ales. topul de pe primul loc in topul topurilor de hashtag-uri twitter din romania. si singurul, cred… categorii agregator.ro alegeri 2008 altele amuzant android avos iphone muzica oameni din online octet.ro proiect pseudo e-guvernare security blogroll daily cotcodac groparu jeg sustin © divricean.ro — copyblogger theme design by chris pearson

URL analysis for divricean.ro

http://agregator.ro/addfeed.php?feed=http://divricean.ro/feed/
http://divricean.ro/category/security/
http://divricean.ro/2010/01/topul-de-pe-primul-loc-in-topul-topurilor-de-hashtag-uri-twitter-din-romania-si-singurul-cred/
http://divricean.ro/2011/03/m-au-pus-in-alta-sala/
http://divricean.ro/2010/06/widget-top-twitter-de-pus-pe-bloguri-si-nu-numai-dar-mai-ales/
http://divricean.ro/category/iphone/
http://divricean.ro/category/altele/
http://divricean.ro/2010/12/pentru-cei-care-n-au-auzit-de-youtube/
http://divricean.ro/2014/03/android-vulnerability-install-app-without-user-explicit-consent/
http://divricean.ro/2011/07/google-security-issue-3-light-csrf-on-google-analytics/
http://divricean.ro/2011/01/google-security-issue-1-youtube-csrf-attack/
http://divricean.ro/category/android/
http://divricean.ro/category/pseudo-e-guvernare/
http://divricean.ro/category/avos/
http://divricean.ro/category/amuzant/

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

% Whois Server Version 3.0 - whois.rotld.ro:43

% Rights restricted by copyright.
% Specifically, this data MAY ONLY be used for Internet operational
% purposes. It may not be used for targeted advertising or any
% other purpose.

% Este INTERZISA folosirea datelor de pe acest server in oricare
% alt scop decat operarea retelei. In special este INTERZISA
% folosirea lor in scopuri publicitare.

% Top Level Domain : ro
% Maintainance : www.rotld.ro

Domain Name: divricean.ro
Registered On: 2008-05-26
Registrar: ROSPOT SRL
Referral URL: http://rohost.com

DNSSEC: Inactive

Nameserver: ns1.elvsoft.net
Nameserver: ns2.elvsoft.net

Domain Status: OK



  REFERRER http://www.nic.ro

  REGISTRAR nic.ro

SERVERS

  SERVER ro.whois-servers.net

  ARGS divricean.ro

  PORT 43

  TYPE domain

DISCLAIMER
Whois Server Version 3.0 - whois.rotld.ro:43
Rights restricted by copyright.
Specifically, this data MAY ONLY be used for Internet operational
purposes. It may not be used for targeted advertising or any
other purpose.
Este INTERZISA folosirea datelor de pe acest server in oricare
alt scop decat operarea retelei. In special este INTERZISA
folosirea lor in scopuri publicitare.
Top Level Domain : ro
Maintainance : www.rotld.ro

  REGISTERED no

DOMAIN

  DOMAIN NAME divricean.ro

  REGISTERED ON 2008-05-26

  REGISTRAR ROSPOT SRL

  REFERRAL URL http://rohost.com

  NAME divricean.ro

NSERVER

  NS1.ELVSOFT.NET 77.81.241.226

  NS2.ELVSOFT.NET 92.114.98.185

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .