The kid who hacked Apple into pieces now works for Google

Nicholas Allegra - Comex.

Nicholas Allegra – Comex.

Apple’s loss is Google’s gain. Nicholas Allegra, the teenager who in 2011 was responsible for the iPhone hacking tool JailbreakMe has landed an internship with the rival camp.

“I didn’t think anyone would be able to do what he’s done for years. Now it’s been done by some kid we had never even heard of. He’s totally blown me away.” – Charlie Miller, former analyst, National Security Agency.

For the uninitiated Allegra who calls himself Comex had hacked Apple’s iOS – unarguably the world’s most secure and restricted consumer operating system in 2011 and did it all on his own. He created JailbreakMe – a hacking tool for the iPhone and the iPad products. And within a month of the launch of its update – JailbreakMe-3 about 2 million users had used it to remove download restrictions on the iPhone and iPad.

And he did it while he was on leave from studies.

Nicholas_AllegraHe tweeted about his new role at Google through his twitter handle named @Comex. What makes this more interesting is the fact that Allegra was working as an intern for Apple after Apple authorities were left awe-struck and jaw-dropped by his feat. As a matter of fact the internship would have resulted in a permanent position for him at Apple if he had responded to the e-mail sent by Apple Human Resources. But in true happy-go-lucky nerd style he forgot to respond in time and Apple withdrew the offer.

“Comex is from the future.” – Dino Dai Zovi, CTO, security research firm – Trail of Bits.

Google’s internship offer followed and this time he promptly reverted back to accept the offer and avoided becoming the butt of jokes among his hacking circles.

Allegra didn’t disclose on what Google product he has been roped in to work at. Well if ever they assign him under Sergey Brin and make him sit on the Google Glass project we sure hope he contributes to make them look a little less-clumsy and more happily-wearable.


Keystroke Logging : A Product Of Our Times !

2.25.10 volusion keyloggers

At some point in time we have all felt cheated or let down by people who we thought we could trust, okay at least some of us have. In the internet age it has become increasingly difficult for people to trust each other. With the kind of content available to children online, parents feel insecure about what their child is checking online and whom they are meeting online. Even though social networking has  been the buzzword of the decade because of the kind of connect it enables people to have sitting in the comfort of their bed rooms, it is no secret that social networking has also had a role to play in some of the most disturbing crimes committed during the past decade.

Couples want to spy on their partners, business organizations want to ensure their employees are working at the workplace and not facebooking and networking with friends and family. Its incredible that we live in a society that offers more problems as solutions to problems, in essence the solution solves the problem but messes with your mind.

The need of the hour was a software/hardware that could give everyone access to the information they so desperately seek. The management seeks their employee’s attention, the WAGs (wives and girlfriends) seek to know their partner’s whereabouts, parents seek their child’s safety. I don’t intend to turn this into a heady cocktail of – Right v/s Wrong, I will leave that for your conscious to decide. If you fall in one of the above mentioned categories then without further adieu here is the answer to your spying needs – its called Keystroke Logging, or Keylogging for the nerds.

A Hardware Keylogger.

A Hardware Keylogger.

A Keylogger can be either a hardware or a software connected to your computer’s keyboard and equipped with the ability to record/log every keystroke you hit, which roughly translates to – knowing what your employee’s are surfing during work hours, knowing where your boyfriend was late last night and knowing what your kids have been up to during vacations.

While a hardware Keylogger is easily detectable its software contemporaries are way too smart, invisible to everyone except of course the person who is tracking/monitoring all activities on a computer. And while there are a number of Keyloggers available in the market, my personal favorite is the Free Keylogger from IwantSoftWhat makes me vote in favor of free Keylogger isn’t just the fact that its free. It’s pretty-freaking-awesome. A solution that provides everything you would want from a Keylogger and then add the fact that its freeware, that for me makes this tool stand out from the rest of them.

Here is the link to –  free Keylogger from Iwantsoft try it out and let us know if you think there is a better freely available tool then this one.

End User Warning : Using a Keylogging software can have social, ethical and even legal repercussions, how you use it is entirely your discretion. In its defense, it can at best be described as a cost effective solution to your personal and business requirements.

Beware : A vulnerability in Internet Explorer has hackers tracking your mouse movements!


If you use Internet Explorer versions 6-10 as your primary browser and make online transactions using your credit/debit cards or online  banking accounts, then you should read this very carefully.

The web analytics company has discovered that it was possible to track your mouse cursor movement for Internet Explorer versions 6-10  anywhere on the screen, even if your IE tab was minimized which poses a direct threat to your sensitive data including your online transaction passwords.

Here’s why this is disturbing news.

Many online transactions require entering a password to access your account info or even to make online payments. A popular method adopted by novice hackers is that of – keystroke logging or keylogging. The attacker uses a keylogger software to track the keystrokes that you make while entering your data. For this reason many of the modern websites and payment gateways encourage their users to use virtual keyboards and keypads as they reduce the risk of keylogging. To cut the long story short you use your mouse to enter the information on the virtual keyboards protecting you from becoming a victim of keylogging attacks.

But now with this vulnerability exposed in a browser which is among the most popular in the world the hacking community would probably be licking their left-clicks, surely many of you reading this post would be using an IE.

What makes this vulnerability even more dangerous is that even if IE is the only internet software installed on your machine and you have never downloaded or installed any suspicious software, you are still at risk. All that a hacker needs to do is simply buy a display advertising placeholder on any website/webpage of your interest and as long as you keep the tab displaying that ad open, mouse movements can be tracked.

Wired UK reports that the company has already notified Microsoft about the vulnerability back in October but software giant’s Security Research Centre has said that they have no immediate plans to fix the issue. The analytics company goes on to state that many web analytics companies have already taken advantage of this vulnerability.

Well if that’s the case then I am pretty sure hackers around the world would have already found some use for this exploitable piece of information, and MS should know that hackers don’t wait for such reports to be leaked to the media before they can plan an attack.

Security Tips For You:

  1. If you have been living under a rock for several years and are for some strange reason still using IE 6, then even Microsoft can’t help you, even they don’t recommend IE 6 anymore. Stop using it. Period.
  2. If you use IE 7-10 make sure you use the latest patch for it, go download one from
  3. Best option – start using the latest version of Google Chrome or Mozilla Firefox, very much the best browsers out their in the market by a long shot.

Here is a video demo of the vulnerability. Better still, here is a try it yourself demo.

AttentionGrabber : Want to make your own little (harmless) keylogging program? keep watching this space for more.