Best Cydia Sources/Repos of 2014 for iOS 7.x Tweaks and Mods

The best way to discover cool Cydia tweaks, themes, mods and get troubleshooting help is through the community. The jailbreak community is spread over a vast area, with some really awesome forums being hosted by popular websites.
If you’re looking to jailbreak your iPhone/iPad, there’s  Pangu for IOS 7.x . Here’s a list of the most popular and most useful iOS 7 Cydia repos / sources of 2014.

Best Cydia Sources/Repos for iOS 7.x
Repo: BigBoss
Source: http://apt.thebigboss.org/mobileweb/index.php

BigBoss is the single largest source of most popular tweaks. You’ll find most of the popular iOS 7 tweaks showing up on BigBoss. Developers submit their tweaks here to reach a wide audience. The tweaks in BigBoss are usually checked for inconsistencies etc. This comes as a default repo with Cydia but you can remove it. Well, removing it doesn’t make any sense though.

Repo: ModMyi
Source: http://apt.modmyi.com/
Right next to BigBoss, it’s ModMyi (although some folks would argue the opposite). ModMyi hosts a lot of tweaks too, many of them insanely popular. ModMyi also comes with a lot of mods too although it would be less interesting than the tweaks themselves.

Repo: Rpetri.ch
Source: http://rpetri.ch/repo/
Ryan Petrich is a lead developer when it comes to intelligent, smart and ingenious tweaks. He is the guy behind tweaks like Activator, DisplayRecorder, BrowserChooser. We hear he’s got a lot of new stuff on the works for iOS 7 and it would be pretty interesting to test them out. This is a must-have repo for everyone interested in Cydia tweaks.

Repo: iSpazio
Source: http://repo.ispazio.net
iSpazio is a good source for tweaks, mods and other things. As the community develops compatibility and stability for iOS 7 tweaks, I expect iSpazio to feature new tweaks and mods that would work on iOS 7 devices.

Rogue Repos

Besides the genuine ones, there are also other repos which feature cracked versions of the tweaks. It’s piracy and we don’t support it. But in certain cases like HackYouriPhone, we’ve had the chance to download some interesting tweaks and mods that are not available elsewhere. Proceed with caution.

Repo: Insanlyi.com
Source: http://repo.insanelyi.com
Features: tweaks, mods

Repo: BiteYourApple
Source: http://repo.biteyourapple.net
Features: tweaks, mods
Repo: HackYouriPhone
Source: http://repo.hackyouriphone.org
Features: tweaks, ringtones, mods

iOS 7.1 / 7.1.1 / 7.1.2 Untethered Jailbreak Released

Pangu jailbreak available for Windows and Mac can jailbreak all devices on the latest Apple iOS firmware version. If you are looking to jailbreak your device using Pangu, simply follow the tutorial linked above to jailbreak iOS 7.1 or iOS 7.1.2 on any iPhone, iPad and iPod touch.

Compatible devices:

• iPhone 5s
• iPhone 5c
• iPhone 5
• iPhone 4s
• iPhone 4
• iPad Air
• Retina iPad mini
• iPad mini
• iPad 4, 3, 2
• iPod touch 5

Compatible iOS firmware:

• iOS 7.1.2
• iOS 7.1.1
• iOS 7.1

Timeline of how the jailbreak happened:
In March, Apple released iOS 7.1 in which Evasi0n7 untethered jailbreaking tool, as expected, was patched by the Cupertino-based company.
Later in the same month, Winocm posted a video on YouTube demonstrating iOS 7.1 untethered boot on an A4-based iPhone 4. No time frame was given for its release. This was immediately followed by iH8sn0w who claimed on Twitter that his iPhone 4s is jailbroken on iOS 7.1. But details, as usual, were scarce, and it was unknown on when the actual jailbreak will be made available to the public.
iOS 7.1.1 was released in April. In May, i0n1c, Winocm and Yeongjin all managed to jailbreak iOS 7.1.1 independently. i0n1c’s one was called Cyberelevat0r. There was still no word on public ETA from any of them.

 In June, out of no where, a team of Chinese developers released Pangu iOS 7.1.1 untethered jailbreak which worked on all devices.

i0n1c claimed that the exploits used in Pangu jailbreak were actually stolen from him from folks who took one of his training classes early in the year.

On June 30th, Apple released a bug fix iOS 7.1.2 update which didn’t patched the exploits used in Pangu jailbreak. The developers behind Pangu updated the software for both Windows and Mac with full support for iOS 7.1.2 untethered jailbreak on all the iOS devices. 

Source : redmondpie.com

Jobvite Recruitment Service Website Vulnerable to Hackers

Jobvite, a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company.

Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing companies use Jobvite's social recruiting, sourcing and talent acquisition solutions to target the right talent and build the best teams.

An independent security researcher Mohamed M. Fouad from Egypt, has found two major flaws in Jobvite website that could be leveraged or used by an attacker to comprise the company’s server. As a responsible security researcher, Fouad reported the critical flaws three months ago, but the company didn’t fix till now.

According to Fouad, Jobvite is vulnerable to a Boolean SQLi (SQL injection) and LFI (local file inclusion) vulnerabilities, which he found was one of the best security vulnerabilities he has ever discovered.

SQL INJECTION VULNERABILITY

SQLi or SQL injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. The attackers take advantage of improper coding of your web applications that allows them to inject SQL commands into, say, a login form to allow them to gain access to the data held within your database.

LFI VULNERABILITY

LFI or Local File Inclusion is a type of vulnerability most often found on websites that allows an attacker to include a local file, usually through a script on the web server, which occurs due to the use of user-supplied input without proper validation. This can lead to code execution on the web server or on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS), Denial of service (DoS) and Data theft or manipulation.

Mohamed told The Hacker News that SQLI Vuln in the Jobvite website allows him to gain access to the company’s database which includes the confidential data of its admin users along with the emails and passwords.

Using LFI Vuln an attacker can get access to the critically important files stored on the web server i.e. /etc/passwd or /etc/hosts. Fouad used the LFI flaw which allowed him to view all the company’s LINUX server user accounts exists.

Source : thehackernews.com