Introducing Outbox.ninja

Hello friends, hope you all are doing well.

Today I am feeling great to introduce everyone to my new service :

http://outbox.ninja

Its a free messaging service through which you can send unlimited messages to any indian numbers. Yes FOR FREE.

I wont be running any ads on the site and no future plans for it. Also i wont be collecting any of the user data through the website.

Hope you enjoy using it. Report back if you find any bugs.

PS : project coded in just one day.

IMG_2434-2.PNG

Attention all the e-commerce website owners

I just want to share what i have discovered. I can purchase any product I want for any amount i specify. For example, I can even buy a Macbook Pro for just ₹10, or a 36` LCD HD TV for just for ₹2. I am not kidding at all. I have tested it with many shopping sites and most of them are having this breach.

Affected Sites :

  • Rediff Shopping – Breach present, but manual bank transaction checks present
  • Flipkart (Payzippy)
  • Infibeam (CC Avenue)
  • Lenskart (CC Avenue)
  • Watchkart (CC Avenue)
  • GoDaddy India (CC Avenue)

Non affected sites, Following are secure :

  • Amazon
  • Freecharge
  • Groupon (PayU)
  • IRCTC
  • Myntra
  • Snapdeal
  • eBay
  • Jabong (PayU)
  • ShopClues (BillDesk)

In short to summarize ALL the websites using the PayZippy and CC Avenue payment gateway are prone to this security breach.

Bug Details :-

[#] Title: Purchase any product for any amount.
[#] Affected Payment Gateways : PayZippy, CC Avenue
[#] Status: Payzippy : Fixed | CC Avenue : Fixed
[#] Severity : HIGH, FATAL
[#] Browser: Any Browser
[#] Report date : 11/10/2014
[#] Author: Rahul Vijay Manekari
[#] Email: manekari@outlook.com

Impact :-

– Almost 80% of reputed Indian based e-commerce websites are using PayZippy or CC Avenue Payment Gateway. Any of the product from any affected websites can be purchased with as low as ₹2.

I want the higher authority from the above non-secure sites to contact me via my email : manekari@outlook.com.

I would like to have a personal meeting which will be the best way to convey my message.

I am not taking advantage of it, neither I’m sharing this bug to anyone. I am just saying that the bug is present right there and i am ready to help you guys.

But please, don’t contact me if you are a support guy or a technical department who handles social media support.

PS : Neither I am a professional hacker, nor i know much about security. I am a software product developer and i know how to secure my product. This was just the random tests which i was doing with other sites. I have no intention to break down any security barricades.

UPDATE 13/10/2014 : Flipkart has contacted and i have provided the details. They are working on resolving this issue.

UPDATE 17/10/2014 : CC Avenue has replied and they are working on the fix as well.

UPDATE 18/10/2014 : Bug has been resolved from PayZippy. Flipkart and other merchants using PayZippy Payment Gateway are secure now.

UPDATE 21/10/2014 : It has been resolved in CC Avenue as well.

Thank you.
Regards,
Rahul Vijay Manekari.

Mini2048

Mini2048 is a simple and very addictive game already available for iOS and Android platform. This is the ported version of the original 2048 game specially optimized for Samsung Galaxy Gear.

HOW TO PLAY:
Move the tiles on the board with your fingers. Similar tiles merge when they touch.

Original Credits to the developer of this OpenSource Game : Gabriele Cirulli

Swoop

screenshot4

I would like to introduce my first game for Samsung Gear. This app is developed for the participation in Samsung Gear App challenge.

Swoop is a very addictive game which may keep you engaged with your Gear. The one and only objective in this game is to get the full rainbow bar. It seems easy to hear but its damn tough to achieve this.

Swoop is inspired by the very popular iOS and Android game, 2048. Where there is a game of numbers. But this is the game of colors. Make sure you are not color blind.

## How to Play :

1) Swipe left or right to move the boxes.
2) Overlap 2 Same color box to form a new color.
3) On every move, you will get one box evolved with gray color.
4) Combine same color box and generate new colors.
5) Generate all 7 colors to win the game.

You can see your progress in top of the app. Whenever you form a new color, it will be added in the progress bar.

Swoop will be available in marketplace very soon.

CoinLogs.com – Keeps a track of every bit

Hello,

I would like to introduce a new platform solely developed by me for my personal use and now i am making it public so everyone can use of it.

I wanted an mobile optimized realtime tracker of coins profile. CoinLogs was born with the investment of time around 10 hours, 8 cup of coffee and 2$ for domain registration. Coinlogs.com is hosted on Cloud VPS sponsored by Windows Azure.

URL : http://coinlogs.com/

Some features of CoinLogs. (Trust me, these are very little and i am planning to enhance it more)

  • Lovely Mobile optimized layout (Powered by bootstrap)
  • Real Time – No need to Refresh your browser.
  • Get rates with every 4 Seconds API call – ( With the power of Windows Azure, CoinLogs API fetches rates from various exchanges very quickly )
  • Live/Offline ticker – (offline message displays if you are disconnected from the internet, Or coinlogs API is dead)
  • Show a bitcoin/litecoin ticker logo on your website with realtime exchange rates.
  • BTC rates provided by mtgox and LTC profile provided by BTC-e.

Task currently i am working on

  • Inhouse API – Work has been done but still didn’t made it for public. Users can fetch latest rates quickly. (No restrictions, everyone can make API requests every seconds)
  • More ALT coin options (I would require your sudgessions on which coins profile you want.)
  • Multi-lingual and multi currencies conversion support. (expected this week)
  • Custom tickers – You will be having option to upload your own image and exchange rates will be displayed on it.

…… etc and others hell lot of features.

For this platform i have preferred Windows Azure Virtual Server with NGINX stack. For the better availability and reach, I am setting up 3 other instances will be located at East Asia, South Asia and North US. And of-course, Azure CDN is there but I would rather prefer MAXCDN.

Anyways, i am open for any suggestions and requests. i would request everyone in this community to take the initiative to review my service and provide me your comments.

And yes, don’t forget to visit CoinLogs through Mobile Device.

Keep Coining. 😉

Consolation prize winner of the Microsoft QualityAppQuest contest

My app “SpacePi” won the QualityAppQuest contest and proved to be a blockbuster in Windows Store. You can find more info regarding the contest here. Its a great pleasure to have this recognition and inspiring me to develop more apps for Windows Store.QualityAppQuest_Rahul_Vijay_Manekari

For all the developers out there, this is just a massage, developing Windows Store app is not hard to build. You just need the imagination of uniqueness and your code will follow your idea. All the best.