Your Library for the latest IT Security News, Alerts, Threats and Tips and Android Games
Recent Articles
Home » Posts filed under Hacking
Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts
Thursday, 1 January 2015
Thursday, 1 January 2015
- 0 Comments
Jan Krissler, a hacker also known as Starbug, recently showcased some rather interesting news at the Chaos Communication Congress (CCC) in Germany. Interestingly, the CCC happens to be Europe’s largest association of hackers so it’s no surprise that this was the location for such a noteworthy revelation. Revealingly, Starbug demonstrated his technique for stealing fingerprints by simply analyzing a few High-Definition pictures of his target, in this case – German Minister of Defence, Ursula von der Leyen.
According to Krissler, faking these fingerprints was far easier than he thought possible. All he needed were a few close-range photos of his target in order to reverse engineer the fingerprints. He gained these photos from several press releases issued by the minister’s office and another that he took himself from a few meters away. With the help of commercially available software called VeriFinger he was then able to replicate the fingerprints of the Defence Minister of Germany, the country with the world’s 4th largest GDP and a leader in several technological and military fields.
After the demonstration, Krissler jokingly added – “After this talk, politicians will probably wear gloves when talking in public.” While that seems like a logical expectation, we doubt that will be the case. But we sincerely hope that politicians heed this warning and demonstration and take care to avert such cases in this modern age of cyberespionage, international cyberwarfare and other technology related crimes.
Krissler aka Starbug, is certainly not new to the hacking of biometric security and authentication techniques. When the Apple iPhone 5S was released in 2013, he successfully spoofed the highly publicized Apple TouchID sensors within 24 hours. He achieved this feat with the help of a finger smudge on the screen, wood glue and sprayable graphene. However, for his latest hack demonstration, it is scary that he does not need physical access to either a device or a finger. Makes you wonder how secure high-level authentication protocols really are.
A notable workaround for this is for users to not think of biometric security as a replacement for passwords or other authentication. While your fingerprints may be unique to you, the fact is they are not a secret. Anyone who is adequately motivated can easily get hands on your fingerprints through several innovative techniques. Instead, biometric security and fingerprint authentication should be used as a supplement for passwords. Starbug also agreed in 2013 by stating – “I consider my password safer than my fingerprint. My password is in my head, and if I’m careful when typing, I remain the only one who knows it.”
Interestingly, another novel hack technique was also showcased at the conference and this is known as “Corneal Keylogging”. This trick allows a hacker to gain someone’s passwords by simply gaining control of the camera of his smartphone. With this control, a hacker can simply read what someone is typing on the screen by analyzing HD photographs of the reflection of the screen in the user’s eyes. This technique may sound implausible to some, but the secondary cameras or front-facing cameras of smartphones today are strong to make this possible.
So while we all hope for and look towards a safe and secure 2015, advanced hack attacks such as this are constantly being built and showcased in all corners of the globe. It just goes to show that when it comes to security, there is no rest for the wicked.
Saturday, 20 December 2014
Saturday, 20 December 2014
- 0 Comments
AFTER A VERY LONG Time blogged up…with this very new post on reverse engineering!!!
Today…we are going to learn how to crack a simple application…i.e an EXE file!!!!
Note: All Experiments are for only Educational Purposes. Dont Try hard.
Most of you might have encountered a scenario where the software you installed asks for the SERIAL key or LICENSE key!!! THIS IS ANNOYING ! :)
So…how to go about this….??????
Well, today most of the softwares are well secured and well-proofed from reverse engineering! But still…some aren’t!
This is a very simple tutorial which will let you a know a basic approach towards cracking a simple exe file…
SO LET US START!
1. This is a simple application which asks us for the license key..
2. We need to install a disassembler software to crack this application.
3. You may use any disassembler you want..
4. I am using IDA PRO Link Below
5. Install it and launch the application….you will see the following window after launching it.
6. Drag and drop your exe file into the panel…
7. Choose “load file as” MS-DOS Executable…click OK and Continue.
8. By default its IDA View-A…Please choose “HEX VIEW-A”
9. Scroll down to find the line saying ” ENTER YOUR LICENSE KEY” (different for different applications,in my case it is this).
10. Some where near that we found “Google” word next to the line saying “ENTER THE LICENSE KEY”..
11. AWESOME THIS IS our LICENSE KEY!!! :P
12. Let us try “Google” as our key!
13. YEAH!!! IT WORKED!!!!
Ain’t that aweosme!!! try building your own application and reverse engineer it to crack it!
THANKS! :)
Warning:
Reverse engineering any software without proper authorization and permissions is illegal. This tutorial is for education purposes only.
Offensive Hacking will not be responsible for any cyber crimes as it doesn’t encourage the same.
Wednesday, 17 December 2014
Wednesday, 17 December 2014
- 0 Comments
Basically, Honan’s digital presence was all but destroyed after hackers managed to delete his Google Account, wipe his iPhone, iPad and Macbook and deface his Twitter account. The reason for the attack, according to one of the people behind it, was “lulz” and to play around with a three-character Twitter name.
Honan’s position as senior reporter at Gizmodo did nothing to provoke nor protect him from the attack. Though he acknowledges his mistakes the affair, most sharply his failure to backup critical data (which everyone should have), his sharpest barbs were for Amazon and Apple, who’s security policies made the hack possible.
Though he acknowledges his mistakes the affair, most sharply his failure to backup critical data (which everyone should have), his sharpest barbs were for Amazon and Apple, who’s security policies made the hack possible.
Though Amazon and Apple have responded by updating their security policies, hopefully to prevent future attacks along the same vector, many have been wondering what they can do to strengthen their security online.
The truth is, no security is perfect and anyone who is a valuable enough target can be bit. But you can make yourself a more difficult target and someone who can not be trivially exploited and you can minimize the damage an attacker can do.
With that in mind, here are a few mostly common sense steps that can get you started to being more secure online.
- Make or Write Smart Password Using Letter, Numerical, Upper & Lower Case:
A good password should be long, at least eight characters, easy to remember and contain a combination of lower case letters, upper case letters, numbers and symbols. Most importantly, it should not be a word found in the dictionary nor any variation of one.Also, you should never reuse a password for more than one site and you should never write your passwords down.
If this sounds like a lot, it is. It’s too much for pretty much anyone to do without help.
One solution is to use a device known as a cipher to generate passwords on the fly. For example, you can look at the domain name of the site and generate a password based on it. Basically, to do this, you look at the site you’re at and create a hard-to-guess password from the domain.
For example, facebook might have a password of g1s@v3r$ if you use the cipher of looking at your keyboard and writing the first four letters of the domain “face” using the keys one to the right of the real ones and then breaking up the letters with the numbers 1-4 alternating with the shift function every other time. Look at your keyboard (US) if you are unclear.
Alternatively, you can also use services like LastPass to help you generate, store and automatically fill in passwords. However, these services are a trade off between random, difficult passwords and a new central point of failure. As long as the service itself is secure, you’re most likely fine.
- Two Factor Authentication Attempt:
Matt Cutts at Google recommended this strongly on his blog and I agree.Two factor authentication simply means that you need two forms of authentication to log into a site. However, they have to be two different forms (not simply two passwords).
One form, obviously, is your password (something you know) but the other is usually something you have. These days, your cell phone is the most likely thing as many services, such as PayPal and Google, will send you a text that you have to repeat to log in. Google also, has its own app for most phones and that’s how LastPass handles its two-factor authentication.
This is an incredibly powerful tool because, even if your password is compromised, which Honan’s attack shows it can be easily in some cases, your account is not. It’s very unlikely, barring drastic steps, someone is going to have both your cell phone and your password. One or the other is possible, even likely, but not both.
If your account offers two factor authentication, turn it on as soon as possible. It’s a very powerful step.
- Personal Information:
A lot of sites will ask you to create backup security questions in case you forget your password. Common ones involve things such as your favorite pets name or the street you grew up on.The problem is that many of these things can be trivially researched. However, you can beat this by simply lying on the questions.
After all, there’s no rule that you be honest, just that you remember your answer. If you’re asked for your favorite pet, give the name of your childhood imaginary pet. Ideally, your answers should be related enough to the questions to remind you of what you said, but far enough off base that it’s not trivially guessed.
- Credit Card Common Sense Tips:
Credit cards are like passwords, ideally they should not be used more than once and should never be stored. As Honan’s attack showed, even if they aren’t used for financial gain, they can still be used to open up exploits into other accounts.If you have a bank or a credit card company that will issue single-use credit card numbers, use them. They are immensely powerful. If you don’t, try to avoid storing your credit card numbers and especially about storing one number across multiple accounts.
It might be annoying to re-enter your credit card data every time you want to buy a book on Amazon, but it could be what saves you from a minor hack becoming a major one.
- Bottom Line:
In the end, security is about the trade off between protection and convenience. Most of the things that make you more secure will also take up more of your time.It’s really annoying to have to find your phone every time you want to log in to your gmail or you have to enter a complex password that’s difficult to guess. Life would be much easier if we didn't have to deal with those things.
But, of course, that isn't practical. The problem is that others don’t value your life, your privacy, your information or your work. They would happily destroy it all, whether it’s for profit, a vendetta or just “lulz”, there are individuals who will not think twice about destroying your world.
If you realize that and that no one is too unimportant to be a target, then it only makes sense to take precautions now. Today’s hassle may save you from tomorrow’s attack.
Sunday, 14 December 2014
Sunday, 14 December 2014
- 0 Comments
New Delhi (India) Railway Station has recently been Wi-Fi enabled. Do you know that Wi-Fi at public places while your system and data-use are both at risk? What to do then? Wi-Fi at public places such as using some important settings in your computer and take advantage of this feature from the rest:
Hotel on, railway stations, coffee shops, etc. The public Wi-Fi networks are not as safe as you think. Among them is the password, even though you are a network share with the thousands which means that you are taking a risk. While working on the same network and steal someone's username and password to track what others are working on it, very easy to operate. Obviously, you do not want to take any chances. Here are some tell about the settings are any public Wifi networks while on the must-use, even if the network is password protected or not.
1. Turn off sharing
If you're at home, you file, folder, printer, or other things to share with others, but after coming over a public network like you to stop this kind of sharing so that no one can access your information. Follow this approach to the sharing of Windows:
- Start by going to the Control Panel Open the system.
- Network and Sharing Center, click on.
- Left side look up Change Advanced Sharing Settings. Click it.
- Come and give you a file and printer sharing is off. Network Discovery and Public Folder Sharing can also off.
2. Enable Firewall
Nowadays, most operating systems come with basic firewalls. Unnecessary local users to pry into your computer, it is a simple step to prevent. Use only will you have firewalls. Czech for Windows can thus: Control Panel> System and Security> Windows Firewall. Windows Firewall in the Control Panel option in many computers are seen. Make sure that your firewall is going on here. From here you can also decide which applications you want to access. The Control Panel> System and Security> Windows Firewall> Allow a program or feature go and edit it to your liking. Firewall does not mean that you have to keep on all escaped the danger, but it's always good to keep on.
3. Using "https" Enabled Sites For Transaction or Browsing
Facebook, Gmail is "https"(Means Hyper Text Transfer Protocol and "S" means SECURE)on its own as many sites, but while working on someone else's site, or sensitive data or passwords must take the time to look at the address bar put. S Make sure that there is at http. If s is not immediately log out. Advice is that if credit card or banking jobs are related to the public Wi-Fi networks Do not Use. Sensitive to such things would be better at home.
4. Turn off Wi-Fi if Not Using It
Safety of your computer every time you want and do not need the Internet to Use Wi-Fi to your place of. Every time without a Wi-Fi only if you keep the others, it increases the chances of your work Watch unsuspecting. Wi-Fi is off easy in Windows. For this you right-click on the wireless icon in the task bar and turn off Wi-Fi.
Thursday, 27 November 2014
Thursday, 27 November 2014
- 0 Comments
with the help of an app on your phone without using any man you can call any of the numbers. There are many apps on Google Play and the Apple Store, which is difficult to trace the caller's location or call details.
ID Changer app trap anyone with identification can hide. Like, if you want to call someone with caller ID can dial 0000000000. Additionally, you can change in your voice mail or female. However, the code for the call +91 India also has to recharge is necessary and which are necessary for Rs 268. Fake ID app works like id changer. But you also have to call him as a mere 4 Number of International number caller ID appears. V-Phone app similar to the Intelligence Bureau had sought to ban, because the server is abroad.
Experts' opinions
cyber law expert Pavan Duggal said that such applications are taken into account before making the calls him Details are not available or could not be any records. Details of the calls to the service provider can help you download the app cost data is a record of the service provider's server. Noida Vishnu Tiwari said Ericsson's network engineer, had called him to trace the IP address of the service provider is placed on the collar can be found. But it is a very messy job.
Subscribe to:
Posts (Atom)