White Hackers

Columbia computer scientist Ang Cui helped uncover a weakness in Cisco IP phones that can let a hacker take complete control of them. Read more at  http://spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable

Hi folks, In this article I’ll share the results of ad-hoc security vulnerabilities research I’ve done on windows 8 apps deployment. Specifically, we’ll discuss fundamental design flaws that allow to Reverse Engineer Win8 apps, modification of installed apps and the negative implications on Intellectual Property rights protection, Licensing models and overall PC security. Finally we’ll discuss some creative ideas on how to mitigate these security issues.  Meet the mother-load: C:\Program Files\Applications All Windows 8 applications in the developer preview are installed under the clandestine  C:\Program Files\Applications  location. I will hazard a guess and say that once the Windows App Store goes online it will install all apps under that folder. Currently the folder is an invisible one and cannot be accessed from Windows Explorer user interface on a new Win8 developer preview install. Here’s an example of some of the 29 apps Win8 apps installed on the Win8 develope

It can sometimes be difficult to balance out ease of use with security. Software companies and online services can be under pressure to make the user experience as smooth as possible, even for potentially risky services like password resets, which saves the company money on tech support and help costs. Unfortunately, rounding off corners can also create gaps in security. A security hole was found in  Skype ‘s password reset procedure that could have allowed anyone who knows your email address to “hack” into your Skype account, and only gained attention after the vulnerability was posted on  Reddit . The issue was caused by a flaw in Skype’s password reset scheme, which allows password reset tokens to be activated through Skype instead of through the original account email. All you needed to do was sign up for a new Skype account with the victim’s email address–despite the notification that the email is already associated with a Skype account, log in to Skype, and request a password re

  A former information technology director of a Tampa advertising firm is facing jail time after some unauthorized "facetime" with a couple of female co-workers. Thursday, Christopher Channer pleaded guilty to federal charges of intercepting communications after the FBI determined that back in 2010, he tapped into webcams of female employees of the Atlanta office of 22squared from his Tampa office without their knowledge. They say he gained access through a program on the computers that was designed to track down stolen laptops. Channer, who according to a plea agreement captured more than 1200 images of the woman, including the exposed breast of one woman, is facing five years in prison. Channer was an experienced IT director tapping into pre-loaded software on company owned computers, but the experts say you don't need that kind of experience to hack a webcam. "It doesn't take a genius to be able to figure out how to get into someon

Dan Petrovic has explained how he  hijacked a few pages in Google  to show his copied version over the original version of the page. For example, he was able to confuse Google into thinking a page on MarketBizz should really show on dejanseo.com.au instead of on marketbizz.nl. How did he do it? He simply copied the full page, source code and everything and put it on a new URL on his site. He linked to the page and gave it a +1 and the result worked days later. He is a picture of Google’s search results for the page using an info command and also searching for the title of the page: He did the same thing on three other domains with varied levels of success. We emailed Google last week for a comment but have yet to hear back. In some cases, using a rel=canonical seemed to prevent it from hijacking the result fully but not in all cases. There also seems to be a case where using the authorship might be prevent this as well. Dan Petrovic was even able to hijack the first

You probably own a personal Wi-Fi hotspot at home. Having several devices under one roof seems like a good reason to convert your broadband internet into a wireless connection. Some internet providers in your area might even have paid Wi-Fi hotspots for homes and establishments. Since anyone can connect to your  Wi-Fi network , the next best idea is to protect it with a WPA password. A WPA password prevents freeloaders from using your internet and deal with more pressing issues such as privacy and hacking. However, this is not a full-proof method. Securing your Wi-Fi network no longer guarantees safety from prying eyes; let alone people who want to get free internet. People can easily crack your network’s password with the aid of certain tools. In the early part of this article, we will teach you how to hack your own WPA-secured network with a tool called Reaver. Later on, we will explain how to protect your home network from Reaver attacks. Note : Hacking of other WPA netwo

Pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software  programming  by medical device companies. The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other medical equipment such as insulin-delivery devices. Security researcher Barnaby Jack of IOActive revealed new research on Wednesday that showed pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device manufacturers. Image credit: Breakpoint Jack, who spoke at the Breakpoint security conference in Melbourne on Wednesday, said the flaw lies with the programming of the wireless transmitters used to give instructions to pacemakers and implantable cardioverter-defibrillators (ICDs), which detect irregular heart contractions and deli

I have already written a post on hacking into someone's PC which was using Beast Trojan, you can check that by clicking  here , and this time, i will show you how to configure ProRat Trojan to hack into your victim's computer. ProRat is also a Trojan making program which is similar to Beast Trojan but in compare to Beast, ProRat is much better. It can connect to the server more faster. It has more features/functions to play with your victim's PC. Easy to configure. Lets start the Tutorial: Download ProRat  and extract anywhere in your PC. Now run  ProRat.exe  and then click on  Create- Create ProRat Server (342 Kbayt) From the  Notifications tab , in the first option  "Use ProConnective Notification"  type your IP address. (If you don't know your IP address, simply click on the red arrow and it will automatically fill your IP address). Now in the second option  "Use Mail Notifications"  type your Email address where you want to

[ Official ] WhatsApp Messenger Hack Tool - 2012. by Lambasoft

It's bad enough when you clumsily manage to wipe a few odd bits of data off your phone by accident. But what if your entire phone was wiped, AND your SIM-card killed, remotely by hackers without you being able to do a single thing to stop them? That's the issue being faced currently by owners of the  Samsung Galaxy S  III,  Galaxy S II , Galaxy Beam, S Advance and  Galaxy Ace . Nearly all of Samsung's major Android releases have been shown to be susceptible to a malicious hack that will see the entire contents of a user's phone wiped clean. The hack was outed by Ravi Borgaonkar at the Ekoparty security conference, detailing a simple USSD code (easily sent through a website, QR code or NFC pairing) that would perform an unstoppable, irreversible factory reset on affected handsets. As well as the wipe, the hack can also be paired with another attack that breaks SIM-cards, meaning that even if you've got contact data backed up on the card, it too could be lost

Your ereader isn’t the most exciting device you could use as a monitor, but it’s a minimal solution that could come in handy when you’re on the road. Damaru over at Ponnuki shows us how to turn a Kindle into a display using a Raspberry Pi. Using the Kindle as a screen, Damaru use a Raspberry Pi, a couple of USB cables and a keyboard to create a very minimal little computer. You do have to  jailbreak the Kindle  for this to work, but the rest of the process is pretty simple. From there, you only need to run a few things to get screen-sharing to work, create a system for automatic login, and you’re done. It’s about as minimal of a working environment as you can get. If you want to give it a shot yourself, head over to Ponnuki for the full guide. Kindleberry Pi  

Your Google Nexus 7 tablet may not have a rear-facing camera, but with a little technical know-how it appears you can get the slate's 1.2 megapixel front-facing camera to capture high-definition video. A user named "hillbeast" in the XDA Developers forum recently posted a quick how-to guide to get your Nexus 7 recording 720p video at 30 frames per second. Hillbeast also posted two videos to YouTube, which hillbeast says, contrasts the Nexus 7 recording video at 480p and 720p resolutions. Hillbeast's post on XDA was first reported by Pocketnow. The two YouTube videos (included at the bottom of this post) show a substantial difference in capture quality. The 720p version enables you to see far more detail and colors are more vibrant. While there was no way to immediately verify these claims, it appears the 720p mod is the real deal; the code has been merged into the Jelly Bean version of Cyanogenmod currently under development. Cyanogenmod is an after-market v

Many of you have probably seen plenty of tutorials on how to crack WEP encryption. We even did a video back in the old Bauer-Power podcast on how to hack a WEP protected wireless access point using Bauer-Puntu Linux and GrimWEPA. The fact of the matter is, cracking WEP is really easy! What about something more people are using today like WPA2? It used to be that the only way to crack WPA or WPA2 was to capture the 4 way handshake, then try to  brute-force the password. If the person's password is really long, then it would take an attacker way too long to try to crack it and they would probably move on to easier targets. That isn't necessarily the case now. There is a new tool for Linux called Reaver. From their Google Code Page: Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.  Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a