NXCloud, the first Mobile Security Management Platform in the Cloud !

Connect to our website for more information.

Secured Mobile Enterprise Platform

Time for mobile apps in your organization. Write once, securely run anywhere

Mobile Unified Threat Management™ (m-UTM™)

Multiplatform based mobile devices enterprise management server. Unique IT and security appliance server on the market, covering all devices.

Secure Voice, Video and Chat Solution (SVVCS)

Unique Non NSA/NIST Standardised Voice and Video Encryption Solution

First Instant Mobile Security Management Solution

The first appliance to give your enterprise’s devices instant security and integrated management they deserve !

Thursday, February 18, 2016

Mobiquant - Google Groupes Groups

Saturday, February 13, 2016

(3) Mobiquant - Google Groups

Friday, December 18, 2015

Vulnerabilities in Android Update Make All Android Devices Vulnerable

Android upgrade mechanism brings to light a whole new set of
vulnerabilities pervasively existing in almost all Android versions,
which allow a seemingly harmless malicious app (“unprivileged app” in
the security term) running on a version of Android to automatically
acquire significant capabilities without users’ consent once they upgrade to newer versions!
Such capabilities include automatically obtaining all new permissions
added by the newer version OS, replacing system-level apps with
malicious ones, injecting malicious scripts into arbitrary webpages,
etc.

 

Read more at mSeclabs team website :

Vulnerabilities in Android Update Make All Android Devices Vulnerable

iOS Application Security Part 39 – Sensitive information in memory | mSeclabs Mobile Security

In this article, we will look at analyzing the memory contents of an iOS
application. iOS applications may store sensitive information like
passwords, session IDs etc in the memory of the application without
releasing them. In some cases, releasing these variables may not be an
option. For e.g, it might be required for the application to send an
authentication token with every request and hence there has to be a
reference to it in the memory somewhere. Even though these variables
might be encrypted when stored locally in the application, these
variables will be in their unencryped format while the application is
running. Hence, analyzing the contents of the memory is an important
thing while pentesting an iOS application. If there are some important
properties or instance variables that are not required, they should be
released from the memory.



Read more at mSeclabs team website : 

iOS Application Security Part 39 – Sensitive information in memory | mSeclabs Mobile Security

mSeclabs Mobiquant iOS Application Security Part 40 – Testing apps on your Mac | mSeclabs Mobile Security

In this article, we will discuss the extent to which you can test
applications on your Mac rather than the. This could be useful for many
reasons, sometimes you may not have a jailbroken but want to get a POC
for a vulnerability. We will discuss what are the things you can and
cannot do. To test the application on your system, you will need to have
Xcode installed on your system and you will run the applications on the
iOS simulator.


Installing ipa files from iTunes on your simulator

Sadly, there is no way you can do that. This is because the iTunes
applications are compiled for the ARM platform whereas the applications
that run on your simulator are compiled for the x86/x64 platform. So, to
test any application properly on your Mac, you must have the source
code of the application to run it on the simulator.



Read more at mSeclabs team website :  

mSeclabs Mobiquant iOS Application Security Part 40 – Testing apps on your Mac | mSeclabs Mobile Security

iOS 9 Resolves Hijacking via AirDrop Vulnerability

iOS 9, the operating system that Apple is making available
for download today to its mobile device users, comes with more than new
usability and functionality features. It also resolves a vulnerability
that can be exploited over Apple’s over-the-air file sharing technology,
AirDrop.



Discovered by Australian researcher Mark Dowd, the
vulnerability affects all devices running on iOS 7 or later and can be
exploited to hijack iPhones to run malicious code on them. An attacker
could exploit the security flaw when in Bluetooth range of an affected
device either to install malware of for lock-screen bypass, Dowd says.







Read more at mSeclabs team website :   

iOS 9 Resolves Hijacking via AirDrop Vulnerability

Thursday, November 5, 2015

Conrad Longmore Dynamoo crap security for dirty money UPDATED STILL HATER

UPDATE: 
We learnt  (by different security friends) that this CONRAD LONGMORE loves denigrating people, revealing their personal life for free BUT DON T LIKE THIS FOR HIMSELF. ;-) YES ! in fact he asked GOOGLE to remove his post from the results in the Google search. Crazy ! that our White security Knight don t like what he does to (some) honest people and companies to ensure the Buzz and traffic on his eCommerce Blog where he is still selling crap things that Have nothing related about security.

So here we are again guys !!

Earlier, in August we were informed  by some partners of a strange post from a guy claiming being a "security expert". This dude called Conrad Longmore from a blog we never heard about (dynamoo), posted an article about Mobiquant Technologies. He maybe got his freeware antivirus warning him about a malicious javascript resulting of an infection on our hoster files. The strange thing here is fully about the behaviour of the guy claiming to belong to the security community. After 20 years in the sec arena we never seen a hacked victim behing blamed and denigrated having its website infected. What about the hackers? sure it requires a real true technical work. Not given to everyone.

We  made a quick search about this unknown blogger.
[removed to avoid Google removal ]$
He is using a personal blog space on google blogspot, after apparently having tried several corp domain (www.Conrad-longmore.co.uk 404 error, no files) and a wordpress free space (http://en.wordpress.com/tag/conrad-longmore/ 404 error , no files).)


No company, no professional profile. Jobless or Yet another freelancer. Website : dynamoo.com seems to be a fake or outdated (last update 2003) website as many links are broken. Kind of blogsite quickly setup and stopped by this myserious guy.
We found some related facebook link :https://www.facebook.com/conrad.longmore‎ ,  with a profile picture of a guy having a walk in the british countryside holding a bag with a kiddy puppet  in the back :


and a twitter account with some strange twitts taking position for the [removed to avoid Google removal] community :



After having contacted the guy , our team did not have any answer from him.

Seems that this guy is using various ways to drive some traffic to his blog by denigrating different websites and people with no reasons claiming they are all hackers or malicious internets users and has already many enemies apparently:


This is clearly to make some business about mobile items sold on his web and by using this  technique of degritation to do some buzz ( audience is poor) he is  selling mobile accessories. Security ? ecommerce ? mobile accessories ? strange guy ;-). People are complaining on forums about receiving spam email from him to buy mobiles parts : "
Conrad Longmore does appear to sell all kinds of things,  including mobile phones, and portable air conditioners, so the guy must have read the site and added the PS for shits and giggles" :  Forum of victims describing what happened to them.


The malware a classical non critical  HH. JS, among thousands variants of this kind,  have spreaded thoughout the web since years, and it has infected again this summer up to 252 000 website among which Apple.com and some others which were unavailable for nearly one week for some of them.
Our dude find that on our website, which is obviously technically hosted on a distinct independent infrastructure than the corporate one, thought it was a valid and major reason to drive a deep dive study about : the company, its financial status (with French reading bad expertise ;-)) , our management, our domain .... and yes absolutely not about this malware, the security countermeasures etc . In short nothing related with security and IT.


The funny thing is that he did criticize our website about having a temporary non critical js malware and we thought we should find a perfect website on his side. This was aboslutely not the case:
- broken links(25/70), outdated references( last update is 2003),blogsite is  badly designed, coded and graphically disgusting. We even find 5 vulnerabilities and it  looks like a beginner web blogger.

By the way we decided not to take any action again this anonymous strange blogger which apparently is using strange techniques to exists and shine on the web to make money on our back.

Finnally, after some discussion with famous security real bloggers on the web most of them told us they never heard of him and few who did know him,  had some negative feedback about his behaviour. As in any case a security professional will  blame a hacked victim for being infect or hacked. Our company never decided to be infected for some days earlier during summer time. This mix of corporate, financial -(he is also a financial expert ;-)) and personal elements in a security analysis demonstrate clearly the guy is somehow not in the security space but just personnally blogging using security as an excuse.

This is how the web is going nowadays :  giving some space  to unknown people, having lot of freetime to blog on all and nothing.

Monday, September 22, 2014

Tuesday, September 16, 2014

Vulnerabilities in Android Update Make All Android Devices Vulnerable

Android upgrade mechanism brings to light a whole new set of
vulnerabilities pervasively existing in almost all Android versions,
which allow a seemingly harmless malicious app (“unprivileged app” in
the security term) running on a version of Android to automatically
acquire significant capabilities without users’ consent once they upgrade to newer versions!
Such capabilities include automatically obtaining all new permissions
added by the newer version OS, replacing system-level apps with
malicious ones, injecting malicious scripts into arbitrary webpages,
etc.

 

Read full article at mSeclabs:

Vulnerabilities in Android Update Make All Android Devices Vulnerable

Monday, September 1, 2014

Conrad Longmore crap security for dirty money. Dynamoo UPDATED

UPDATE: 
We learnt  (by different security friends) that this CONRAD LONGMORE loves denigrating people, revealing their personal life for free BUT DON T LIKE THIS FOR HIMSELF. ;-) YES ! in fact he asked GOOGLE to remove his post from the results in the Google search. Crazy ! that our White security Knight don t like what he does to (some) honest people and companies to ensure the Buzz and traffic on his eCommerce Blog where he is still selling crap things that Have nothing related about security.

So here we are again guys !!

Earlier, in August we were informed  by some partners of a strange post from a guy claiming being a "security expert". This dude called Conrad Longmore from a blog we never heard about (dynamoo), posted an article about Mobiquant Technologies. He maybe got his freeware antivirus warning him about a malicious javascript resulting of an infection on our hoster files. The strange thing here is fully about the behaviour of the guy claiming to belong to the security community. After 20 years in the sec arena we never seen a hacked victim behing blamed and denigrated having its website infected. What about the hackers? sure it requires a real true technical work. Not given to everyone.

We  made a quick search about this unknown blogger.
[removed to avoid Google removal ]$
He is using a personal blog space on google blogspot, after apparently having tried several corp domain (www.Conrad-longmore.co.uk 404 error, no files) and a wordpress free space (http://en.wordpress.com/tag/conrad-longmore/ 404 error , no files).)


No company, no professional profile. Jobless or Yet another freelancer. Website : dynamoo.com seems to be a fake or outdated (last update 2003) website as many links are broken. Kind of blogsite quickly setup and stopped by this myserious guy.
We found some related facebook link :https://www.facebook.com/conrad.longmore‎ ,  with a profile picture of a guy having a walk in the british countryside holding a bag with a kiddy puppet  in the back :


and a twitter account with some strange twitts taking position for the [removed to avoid Google removal] community :



After having contacted the guy , our team did not have any answer from him.

Seems that this guy is using various ways to drive some traffic to his blog by denigrating different websites and people with no reasons claiming they are all hackers or malicious internets users and has already many enemies apparently:


This is clearly to make some business about mobile items sold on his web and by using this  technique of degritation to do some buzz ( audience is poor) he is  selling mobile accessories. Security ? ecommerce ? mobile accessories ? strange guy ;-). People are complaining on forums about receiving spam email from him to buy mobiles parts : "
Conrad Longmore does appear to sell all kinds of things,  including mobile phones, and portable air conditioners, so the guy must have read the site and added the PS for shits and giggles" :  Forum of victims describing what happened to them.


The malware a classical non critical  HH. JS, among thousands variants of this kind,  have spreaded thoughout the web since years, and it has infected again this summer up to 252 000 website among which Apple.com and some others which were unavailable for nearly one week for some of them.
Our dude find that on our website, which is obviously technically hosted on a distinct independent infrastructure than the corporate one, thought it was a valid and major reason to drive a deep dive study about : the company, its financial status (with French reading bad expertise ;-)) , our management, our domain .... and yes absolutely not about this malware, the security countermeasures etc . In short nothing related with security and IT.


The funny thing is that he did criticize our website about having a temporary non critical js malware and we thought we should find a perfect website on his side. This was aboslutely not the case:
- broken links(25/70), outdated references( last update is 2003),blogsite is  badly designed, coded and graphically disgusting. We even find 5 vulnerabilities and it  looks like a beginner web blogger.

By the way we decided not to take any action again this anonymous strange blogger which apparently is using strange techniques to exists and shine on the web to make money on our back.

Finnally, after some discussion with famous security real bloggers on the web most of them told us they never heard of him and few who did know him,  had some negative feedback about his behaviour. As in any case a security professional will  blame a hacked victim for being infect or hacked. Our company never decided to be infected for some days earlier during summer time. This mix of corporate, financial -(he is also a financial expert ;-)) and personal elements in a security analysis demonstrate clearly the guy is somehow not in the security space but just personnally blogging using security as an excuse.

This is how the web is going nowadays :  giving some space  to unknown people, having lot of freetime to blog on all and nothing.