Tuesday, December 25, 2012

How to Hack a Cisco Phone


Columbia computer scientist Ang Cui helped uncover a weakness in Cisco IP phones that can let a hacker take complete control of them.

Read more at http://spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable

How to hack games from the Windows 8 store


Hi folks,

In this article I’ll share the results of ad-hoc security vulnerabilities research I’ve done on windows 8 apps deployment. Specifically, we’ll discuss fundamental design flaws that allow to Reverse Engineer Win8 apps, modification of installed apps and the negative implications on Intellectual Property rights protection, Licensing models and overall PC security. Finally we’ll discuss some creative ideas on how to mitigate these security issues. 

Meet the mother-load: C:\Program Files\Applications

All Windows 8 applications in the developer preview are installed under the clandestine C:\Program Files\Applications location. I will hazard a guess and say that once the Windows App Store goes online it will install all apps under that folder. Currently the folder is an invisible one and cannot be accessed from Windows Explorer user interface on a new Win8 developer preview install.

Here’s an example of some of the 29 apps Win8 apps installed on the Win8 developer preview:
Print screen of Windows 8 apps start screen

And here’s the hidden folder backing it up:
C:\Program Files\applications folder

Gaining Access to C:\Program Files\Applications

In essence you’ll need to navigate to that folder, hit “Security Tab” and set yourself up as the owner. Let me walk you through that process step-by-step.
1. Type in “C:\Program Files\Applications” in the Windows Explorer address bar and hit enter.
Typing in C:\Program Files\applications to the address bar
2. Observe in shock and dismay the system dialogue saying you don’t own a folder on your own machine. Hit “Continue”.
You don't have permission to access this folder dialogue
3. After hitting “Continue”, you’ll be confronted by the following dialogue:
you have been denied permission to access this folder dialogue
Do not hit “close”, instead click the “security tab” link.
4. In the following system dialogue click “advanced”.
Security tab for C:\Program Files\Applications 
5. Click the “change” link in the owner security field.
Advanced Security tab for C:\Program Files\Applications
6. Add in your live ID or windows 8 user name to the “select user or group” system dialogue.
Select user or group for C:\Program Files\Applications owner

7. Click “OK”, Click “OK”, Click “Ok”.
j owner of C:\Program Files\Applications

8. Type in “C:\Program Files\Applications” in the Windows Explorer address bar and hit enter. You now have access to the Applications folder.
C:\Program Files\Applications in Windows Explorer

What type of apps ship with Windows 8?

Looking at this folder it’s fairly easy to determine what type of apps ship with Windows 8 developer preview.
Windows 8 developer preview apps: 29 total, 5 C# XAML, 22 HTML, 2 C++

What’s in C:\Program Files\Applications?

For HTML apps the folder contains all of their source code and it can modified.
For C# apps the folder contains the XAML source code and a compiled reverse-engineerable and modifiable version of the C# code.
For C++ directX apps the folder contains compiled binaries.  Honestly, C++ isn’t my specialty so I’ll avoid discussing it at any great length.

Reverse Engineering HTML & Javscript & CSS Win8 apps

There’s a fundamental design flaw in the concept of HTML apps. HTML, Javascript and CSS are all interpreted languages, and not compiled languages. Meaning you have to ship the source code for your app instead of shipping compiled binaries. That puts the Intellectual Property of anyone choosing to write any HTML & JS & CSS only app for any platform under risk.

For example, here’s the HTML source code for the Tweet@rama Win8 app code:
Tweet@rama app folder with page source code in notepad

And here’s the tweet@rama Javascript code that does the actual posting to Twitter:
Tweet@rama app folder with page javascript source code in notepad

Modifying HTML & Javscript & CSS Win8 apps

Part of the problem with interpreted languages is that they don’t compile until the very instance they are executed. Which allows evil-doers to edit the code prior to execution.

For example, here’s a print screen of the tweet@rama default app;
Tweet@rama default visuals pre-modification
Let’s modify the HTML, Javascript and CSS for this application: (for the sake of brevity we’ll only walkthrough a simple HTML change)
Tweet@rama default.html with "Tweet@rama" title

Tweet@rama default.html with "Tweet@rama, Justin Angel Edition" title

By modifying the HTML & CSS & Javascript source code we can change the visual design to something a bit more visually pleasing:
 Tweet@rama Justinified visuals post-modification
Notice that we’ve changed both the design and behaviour of the app by modifying the source code. The new design has a different title, and the new behaviour is using the picture of the logged in user as the background. We have the power to completely change both the visual design and the executing source code of HTML & CSS & JS win8 apps.

New breed of viruses?

Any unauthorized malware that gains access to C:\Program Files\Applications could potentially modify source code to execute in malicious ways. Since this is the direction Win8 apps are taking writing this type of viruses is likely to become a growth industry.
For example we could look at the tweet@rama app once again. The most valuable asset that app has is our twitter oauth credentials. A virus would be able to modify the tweet@rama source code so once it executes it retrieves those credentials and sends those to a malicious remote endpoint. The following code interjected into the Javascript code of tweet@rama would do just that:
source code to get Tweet@rama's oatu credentials sent to a remote server

New breed of cracks?

Any unauthorized executable that gains access to C:\Program Files\Applications could potentially modify source code to workaround Windows Store app purchasing and licensing logic. The whole concept of Trials and feature purchases are based on Javascript, C# or C++ code invoking Windows 8 RuntimeTime APIs for the Windows Store. Any change to that code could potentially change the purchasing and licensing logic for that app.
For example, In BUILD conference Microsoft’s Arik Cohen demonstrated (35:25) the following code that performs a Javascript check for isTrial.
 image
It would be a trivial endavour to manually edit this Javascript file and remove the “licenseInformation.isTrial” check. And by doing so removing Trial restrictions from this sample Win8 app. 
If this set of problems are not mitigated, app piracy through app modification for Windows Store apps will likely become quite prevalent.


Reverse Engineering C# + XAML Win8 apps

C# code is shipped in compiled EXE & DLL binaries. XAML is shipped as plain text source code. That makes both forms of code extremely susceptible to reverse engineering.
C# memories app folder

For example, we could open up the “Memories” (C# WinRT XAML app) MainPage.xaml in KaXaml and see the XAML source code:

Memories MainPage.xaml source code



Using JetBrains dotPeek it would be possible to see the C# source code for the Memories app:

dotPeek reverse engineering MainViewModel for Memories app


Modifying C# + XAML Win8 apps

The XAML for Win8 apps is stored in plain-text and can be edited from any text editing tool. The .net binaries are unsigned and thus can be edit using the MSIL Weaving tool Reflexil.

For example, here’s the “Memories” C# XAML app shipping with Windows 8 developer preview:
default visuals for memories app pre-modification

Editing the XAML is fairly trivial since it’s stored as a plain text file:
Default XAML for AlbumsView memories XAML
Modified AlbumsView.xaml file

Editing C# can be done using Reflector’s Reflxil MSIL Editor:
Editing Memories MSIL with Reflxil
Editing hardcoded text in C#

With some light modifications to the XAML and C# code we can change the display and behaviour of the app:
Memories app with XAML and C# modifications


Reverse Engineering C++ Win8 apps

I’ll confess to not being a strong C++ developer (gasp!) so I’ll keep this brief by showing C++ apps are also susceptible to reverse engineering. It appears that Microsoft’s Store app is written in C++. The most important asset that app would have are the endpoints for the Microsoft store. Opening the C:\Windows\System32\WinStore\WinStoreUI.dll in notepad and searching for “https” addresses reveals the following URL:

WinStoreUI.dll opened up in Notepad with a URL highlighted

Following the http://go.microsoft.com/fwlink/?LinkId=195322&clcid=0x409 URL leads to a currently inactive URL ofhttps://services.apps.microsoft.com/browse. I would hazard a guess that this is the URL currently being used to test the Windows App Store.

Friday, November 16, 2012

How To Hack Any Skype Account Via Skype Password Reset Vulnerability | iJailbreak.com


It can sometimes be difficult to balance out ease of use with security. Software companies and online services can be under pressure to make the user experience as smooth as possible, even for potentially risky services like password resets, which saves the company money on tech support and help costs. Unfortunately, rounding off corners can also create gaps in security. A security hole was found in Skype‘s password reset procedure that could have allowed anyone who knows your email address to “hack” into your Skype account, and only gained attention after the vulnerability was posted on Reddit.
The issue was caused by a flaw in Skype’s password reset scheme, which allows password reset tokens to be activated through Skype instead of through the original account email. All you needed to do was sign up for a new Skype account with the victim’s email address–despite the notification that the email is already associated with a Skype account, log in to Skype, and request a password reset of the account. Since your Skype account is already associated with the victim’s email address, the notification token would appear inside your Skype window instead of just the victim’s inbox. You can then use this security token to reset the password of the victim’s Skype account.
You don’t have to worry about this vulnerability unless you’ve already seen a password reset notification from Skype in your email inbox. Skype disabled the password reset this morning and has reportedly fixed the underlying issue–indeed, comments from would-be account crackers seem to confirm that the exploit no longer works. For some users, it may be too late as the vulnerability was known and disclosed through Russian forums for at least three months before being widely recognized.
Have you lost your Skype account to a digital break-in? Share your thoughts in the comments section below.


How to Hack into a Webcam


A former information technology director of a Tampa advertising firm is facing jail time after some unauthorized "facetime" with a couple of female co-workers.
Thursday, Christopher Channer pleaded guilty to federal charges of intercepting communications after the FBI determined that back in 2010, he tapped into webcams of female employees of the Atlanta office of 22squared from his Tampa office without their knowledge.
They say he gained access through a program on the computers that was designed to track down stolen laptops.
Channer, who according to a plea agreement captured more than 1200 images of the woman, including the exposed breast of one woman, is facing five years in prison.
Channer was an experienced IT director tapping into pre-loaded software on company owned computers, but the experts say you don't need that kind of experience to hack a webcam.
"It doesn't take a genius to be able to figure out how to get into someone else's webcam," said Stephen Pearson of High Tech Crime Institute.
Friday, Pearson gave a chilling example of how easy it could be.
A simple search of "how to hack a webcam" in YouTube turned up seven pages of video tutorials.
"There's plenty of opportunity for someone to download a program or try to exploit or try to use the program," Pearson said.
One video connection with someone with one of those illegal programs could give them access to your webcam without your knowledge.
Not good news for someone like Carl Valeri, who says he uses his webcam daily.
"I travel internationally and Skype is one of the best ways to get in touch with people," said Valeri. "That's pretty scary."
Pearson says the best way to protect yourself is to make sure your computer's virus protection is up to date, but he also had a low-tech solution.
"If you have an embedded camera, put a piece of tape across it," Pearson said.

How to Hack Google Search Results


Dan Petrovic has explained how he hijacked a few pages in Google to show his copied version over the original version of the page.
For example, he was able to confuse Google into thinking a page on MarketBizz should really show on dejanseo.com.au instead of on marketbizz.nl.
How did he do it? He simply copied the full page, source code and everything and put it on a new URL on his site. He linked to the page and gave it a +1 and the result worked days later. He is a picture of Google’s search results for the page using an info command and also searching for the title of the page:
He did the same thing on three other domains with varied levels of success.
We emailed Google last week for a comment but have yet to hear back.
In some cases, using a rel=canonical seemed to prevent it from hijacking the result fully but not in all cases. There also seems to be a case where using the authorship might be prevent this as well.
Dan Petrovic was even able to hijack the first result for Rand Fishkin’s name (with Rand’s permission):
The way this seems to work is that Google’s duplicate content system feels that the new URL is the more important page and thus replaces the original page with the more important page. It is how the competitive link trick seemed to have worked as well.

Wednesday, November 07, 2012

How To Hack And Protect Your Own WPA Network


You probably own a personal Wi-Fi hotspot at home. Having several devices under one roof seems like a good reason to convert your broadband internet into a wireless connection. Some internet providers in your area might even have paid Wi-Fi hotspots for homes and establishments.
Since anyone can connect to your Wi-Fi network, the next best idea is to protect it with a WPA password. A WPA password prevents freeloaders from using your internet and deal with more pressing issues such as privacy and hacking. However, this is not a full-proof method. Securing your Wi-Fi network no longer guarantees safety from prying eyes; let alone people who want to get free internet. People can easily crack your network’s password with the aid of certain tools.
In the early part of this article, we will teach you how to hack your own WPA-secured network with a tool called Reaver. Later on, we will explain how to protect your home network from Reaver attacks.
Hack And Protect Your Own WPA Network
Note: Hacking of other WPA networks is ill-advised and illegal in some countries so we don’t recommend it. We also discourage using Reaver for any malicious intent. Consider this article as an educational tool that will better inform you of how people hack into WPA networks so you can better protect yourself, your family, and friends from hackers.
Requirements:
  • Wi-Fi ready computer. BackTrack works with the wireless cards found in most laptops and computers. It is a bootable Linux environment which makes using Reaver less strenuous. BackTrack doesn’t work on all computers with wireless internet connectivity so there are no guarantees.
  • DVD drive. You need it to boot into BackTrack mode. A built-in DVD drive will come in handy but if your computer doesn’t have one, you can attach a portable DVD drive via USB.
  • BackTrack 5 Live DVD. Reaver can be downloaded from the live program. You can get BackTrack 5 here for free and burn it into a DVD. The latest available version as of this writing is BackTrack 5 R3. To download BackTrack, go the download page and select “Download”. Choose the latest version from the BackTrack Release drop-down menu. Under Windows Manager, select “GNOME”.Then, choose from 32- and 64-bit architecture depending on your computer. Finally, select “ISO” under Image Type and choose your download method.
  • An active WPA network with WPS enabled. For Reaver to work, you need a WPA-secured Wi-Fi network which has WPS enabled. Reaver exploits a WPS security hole which makes hacking WPA networks possible.
Note: If you know how VMWare works, you can choose it instead of ISO under Image Type when downloading BackTrack. Otherwise, stick with ISO image.
You should know…
Reaver takes plenty of time to hack WPA networks. It tests different crack combinations on your router until it identifies the right password. According to its developers, the program could take 4 to 10 hours before Reaver successfully cracks a WPA network. The performance of your computer could determine the speed at which it works. Fortunately, you can pause Reaver without losing progress. To pause the program simply press Ctrl+C while it is running. Just don’t shut down your computer because that will cause Reaver to lose its progress when attempting to crack a WPA network.
Reaver doesn’t work on all routers so there’s no guarantee that it will crack your wireless home network. Furthermore, the wireless network you are trying to hack should have a strong signal.

How to crack WPA networks with Reaver

1. Boot into BackTrack mode. Place your pre-made BackTrack Live DVD into your DVD drive. When BackTrack prompts you to choose from a selection of boot modes, choose “BackTrack Text – Default Boot Text Mode” and hit Enter. After a while, BackTrack will take you to the command line prompt. At the command line prompt, type startx and hit Enter. You will then be taken into a graphical UI of BackTrack.
2. Install Reaver. Reaver is not part of the live DVD so you have to download and install it. You begin by connecting to your home Wi-Fi network. Don’t forget to input your WPA password! Once you’re online, go back to the command prompt and type the following command:
apt-get update
This will download Reaver. When the update is finished, type:
apt- get install reaver
3. Disconnect from your home network. This step is optional but if you want to make sure that Reaver works, you can do it as a precaution. In addition, you can choose to forget your network or even change your WPA password.
4. Find out your wireless card’s interface name. This information is needed for hacking WPA networks. On the Terminal, type the following command and hit Enter
iwconfig
The name identified beside your wireless card information such as IEEE and ESSID is your wireless card’s interface name. It is likely wlan0 but it could be different.
5.  Place your wireless card into “monitor mode”. Using the interface name you acquired from step 4, type the following command and press Enter. For the sake of illustration, we are assuming thatwlan0 is your wireless card’s interface name.
airmon-ng start wlan0
This command will display the name of your monitor mode interface. It will show something like:
(monitor mode enabled on mon0)
Here, mon0 is the name of the monitor mode interface but it varies across devices.
6.  Discover the BSSID of the wireless router you want to crack. You can do this by typing the following command at the Terminal.
airodump-ng wlan0
Again, use the wireless card interface name you acquired from Step 4 in replacement of wlan0.If the above command doesn’t work on you, try the following command:
airodump-ng mon0
Don’t forget to replace mon0 with the information you got from Step 5.
After placing the right command, you will see an assortment of wireless networks within your computer’s range. Select the WPA network you want to crack (preferably your home network) and copy its BSSID. You can find it on the far left and consists of a series of letters, numbers, and colons. An example of BSSID is 96:84:0D:DA:56:FD.
Remember: When choosing a network from the list, it should be either WPA or WPA2 as listed under the ENC column.
7.  Use Reaver to crack a network’s WPA password. On the Terminal, use the command below. Use the information you acquired from Steps 5 (monitor mode interface name) and 6 (BSSID) to replace the moninterface and bssid of the following command.
reaver -i moninterface -b bssid -vv
With the right information in place, it should look something like this:
reaver –i mon0 -b 96:84:0D:DA:56:FD –vv
Hit Enter and wait for the process to finish.
8.  Retrieve the WPA password. When Step 7 is done, look for the information listed beside WPA PSK. This is the WPA password. Here you can confirm if Reaver successfully cracked your home network.

How to protect your wireless home network from Reaver

Reaver attacks WPA and WPA2 protected networks by exploiting vulnerabilities in their WPS or Wi-Fi Protected Setup. With that in mind, you can use the following tips to protect your home network from Reaver.
1. Turn off your WPS. If the feature is present in your router, disabling it can help keep your network safe. Sad to say, this method doesn’t guarantee full protection. LinkSys and Cisco Valet routers remain vulnerable to Reaver attacks even if you disable their WPS. Use Reaver to check if your network is vulnerable even with WPS disabled. If turning it off does the job, then you don’t have to worry.
2. Opt for a router that doesn’t have WPS. If your network still keeps getting cracked by Reaver even with the WPS disabled, then get a router that doesn’t have this feature built-in.
3. Do your research. Perform an online check and find out what internet providers are servicing your area and what kind of routers they are supplying. If their routers have WPS, ask if you can switch to one that doesn’t have WPS for better security.

Wednesday, October 17, 2012

Pacemaker hack can deliver deadly 830-volt jolt


Pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device companies.
The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other medical equipment such as insulin-delivery devices.
Security researcher Barnaby Jack of IOActive revealed new research on Wednesday that showed pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device manufacturers.
Image credit: Breakpoint
Jack, who spoke at the Breakpoint security conference in Melbourne on Wednesday, said the flaw lies with the programming of the wireless transmitters used to give instructions to pacemakers and implantable cardioverter-defibrillators (ICDs), which detect irregular heart contractions and deliver an electric shock to avert a heart attack.
A successful attack using the flaw "could definitely result in fatalities," said Jack, who has notified the manufacturers of the problem but did not publicly identify the companies.
In a video demonstration, Jack showed how he could remotely cause a pacemaker to suddenly deliver an 830-volt shock, which could be heard with a crisp audible pop.
As many as 4.6 million pacemakers and ICDs were sold between 2006 and 2011 in the U.S. alone, Jack said. In the past, pacemakers and ICDs were reprogrammed by medical staff using a wand that had to pass within a couple of meters of a patient who has one of the devices installed. The wand flips a software switch that would allow it to accept new instructions.
But the trend is now to go wireless. Several medical manufacturers are now selling bedside transmitters that replace the wand and have a wireless range of up to 30 to 50 feet. In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said.
With that wide transmitting range, remote attacks against the software become more feasible, Jack said. Upon studying the transmitters, Jack found the devices would give up their serial number and model number after he wirelessly contacted one with a special command.
With the serial and model numbers, Jack could then reprogram the firmware of a transmitter, which would allow reprogramming of a pacemaker or ICD in a person's body.

Friday, October 12, 2012

How to configure/use ProRat Trojan to hack someone's PC (Free download and instructions)


I have already written a post on hacking into someone's PC which was using Beast Trojan, you can check that by clicking here, and this time, i will show you how to configure ProRat Trojan to hack into your victim's computer. ProRat is also a Trojan making program which is similar to Beast Trojan but in compare to Beast, ProRat is much better.
  • It can connect to the server more faster.
  • It has more features/functions to play with your victim's PC.
  • Easy to configure.
Lets start the Tutorial:
  • Download ProRat and extract anywhere in your PC.
  • Now run ProRat.exe and then click on Create- Create ProRat Server (342 Kbayt)
  • From the Notifications tab, in the first option "Use ProConnective Notification" type your IP address. (If you don't know your IP address, simply click on the red arrow and it will automatically fill your IP address).
  • Now in the second option "Use Mail Notifications" type your Email address where you want to receive notification when the server is installed on your victim's PC.
  • In the General Settings Tab, leave as it is but don't forget to remember the password. You will be required to enter the password at the time of connection. 
  • Now come to the Bind with File tab. Mark the box "Bind server with a file" and then click on Select File. Now select any file you want to bind with the server.(Binding means combining two files into one)
  • You can also change the extension of the server if you want by going to the Server Extensions tab.
  • Now click on Server Icon tab and select an icon for the bind files. Choose the icon wisely. If your have bind the server with some program, then select the setup icon or if your have bind the server with an image file, than select an image icon.
  • Finally click on Create Server.

Now the server will be created in your current directory (the extracted folder). Send or give the server to your victim and once your victim runs the bind file in his PC, the server will be installed silently on your victim's PC. After the server is installed on your victim's PC, the server will send you an email on your given email ID to confirm you that it's been installed successfully on the victim's PC. After getting the email, run ProRat again, then click onProConnective and then click on Start to list the ProConnective connections. After then, a new window will open which will show you weather your victim is online on not.

 Happy HACKING :-)

Thursday, October 11, 2012

How to Hack WhatsApp Messenger

This hack can remotely wipe your Samsung Galaxy S III

galaxy-s3-hack.jpgIt's bad enough when you clumsily manage to wipe a few odd bits of data off your phone by accident. But what if your entire phone was wiped, AND your SIM-card killed, remotely by hackers without you being able to do a single thing to stop them?
That's the issue being faced currently by owners of the Samsung Galaxy S III, Galaxy S II, Galaxy Beam, S Advance and Galaxy Ace. Nearly all of Samsung's major Android releases have been shown to be susceptible to a malicious hack that will see the entire contents of a user's phone wiped clean.
The hack was outed by Ravi Borgaonkar at the Ekoparty security conference, detailing a simple USSD code (easily sent through a website, QR code or NFC pairing) that would perform an unstoppable, irreversible factory reset on affected handsets.
As well as the wipe, the hack can also be paired with another attack that breaks SIM-cards, meaning that even if you've got contact data backed up on the card, it too could be lost.
The problem seems to lie with an exploit in Samsung's TouchWiz UI, which sees the handset run the code automatically rather than screen it first. Stock Android only shows the code in the dialler screen, and as a result the Samsung Galaxy Nexus (running stock, vanilla Android) is not affected.
So, how best to defend against the potential attack? As ever, be wary of clicking links that you don't completely trust, but also switch off automatic site loading in whichever QR and NFC readers you're using.
Check out the video below to see the hack in action:

Hack A Kindle To Work With A Raspberry Pi


Your ereader isn’t the most exciting device you could use as a monitor, but it’s a minimal solution that could come in handy when you’re on the road. Damaru over at Ponnuki shows us how to turn a Kindle into a display using a Raspberry Pi.
Using the Kindle as a screen, Damaru use a Raspberry Pi, a couple of USB cables and a keyboard to create a very minimal little computer. You do have to jailbreak the Kindle for this to work, but the rest of the process is pretty simple.
From there, you only need to run a few things to get screen-sharing to work, create a system for automatic login, and you’re done. It’s about as minimal of a working environment as you can get. If you want to give it a shot yourself, head over to Ponnuki for the full guide.

Monday, September 10, 2012

Hack lets Google Nexus 7 capture 720p video


Your Google Nexus 7 tablet may not have a rear-facing camera, but with a little technical know-how it appears you can get the slate's 1.2 megapixel front-facing camera to capture high-definition video. A user named "hillbeast" in the XDA Developers forum recently posted a quick how-to guide to get your Nexus 7 recording 720p video at 30 frames per second. Hillbeast also posted two videos to YouTube, which hillbeast says, contrasts the Nexus 7 recording video at 480p and 720p resolutions. Hillbeast's post on XDA was first reported by Pocketnow.

The two YouTube videos (included at the bottom of this post) show a substantial difference in capture quality. The 720p version enables you to see far more detail and colors are more vibrant. While there was no way to immediately verify these claims, it appears the 720p mod is the real deal; the code has been merged into the Jelly Bean version of Cyanogenmod currently under development. Cyanogenmod is an after-market version of Android that is popular with people who root (the Android version of jailbreak) their device. Hillbeast's software change will not be an easy solution for users who are unfamiliar with navigating a file system or using a Unix-style command line.

The modification requires you to edit an XML file and give it the proper file permissions using "chmod." You could, however, take care of most of the editing right on the device, but it appears to be a little easier to just hook your device up to a PC. Despite having a built-in front-facing camera (the Nexus One lacks a rear camera) Google made the odd choice of not including a simple way to launch and use the camera at will. Third-party developers soon came to the rescue with camera launchers such as Camera Launcher for Nexus 7 by MoDaCo. Check out these videos to see hillbeast's modification in action. To see the difference, make sure you set each video to its proper resolution by clicking the cog icon and selecting either 480p or 720p.

The 480p version:

The 720p version:


How To Hack WPA2 Wireless Access Points




Many of you have probably seen plenty of tutorials on how to crack WEP encryption. We even did a video back in the old Bauer-Power podcast on how to hack a WEP protected wireless access point using Bauer-Puntu Linux and GrimWEPA. The fact of the matter is, cracking WEP is really easy! What about something more people are using today like WPA2?

It used to be that the only way to crack WPA or WPA2 was to capture the 4 way handshake, then try to  brute-force the password. If the person's password is really long, then it would take an attacker way too long to try to crack it and they would probably move on to easier targets. That isn't necessarily the case now.

There is a new tool for Linux called Reaver. From their Google Code Page:
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.  Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.  On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. In short, Reaver bypasses the security of WPA and WPA2 by brute-forcing the WPS pin that is enabled by default on many home/SOHO wireless routers. The WPS pin in a non-complex 8 digit number. Because it isn't complex, it can be cracked in hours instead of days, weeks or months.

The simplest command you need to run while your wireless card is in monitor mode is:
reaver -i mon0 -b [BSSID] -vv Of course some access points are pickier than others, there are a bunch of different switches you can use to get better results. You can find out more on their Google Plus page.

Former Hacker Reveals How Business Owners Should Protect Their Web Sites


Kevin Mitnick
Mitnick was wanted for computer hacking — he bypassed security systems in organizations such as Motorola, Sun Microsystems, Pacific Bell and the FBI themselves — and he served five years in prison.
Today, he owns a security consulting firm called Mitnick Security. As a computer security consultant, Mitnick works with companies to prevent them from intruders like his former self. Below is a lightly-edited transcript of our conversation: Should businesses spend money on employing security consultants?

Businesses should absolutely set aside funding in their budgets for security consultants. What happens with smaller businesses is that they give in to the misconception that their site is secure because the system administrator deployed standard security products — firewalls, intrusion detection systems, or stronger authentication devices such as time-based tokens or biometric smart cards. Most people assume that once security software is installed, they’re protected. It’s critical that companies be proactive in thinking about security on a long-term basis. Social engineering is when an attacker does thorough research on the company, using various simple investigative techniques to hack a company based on human error.

An attacker would call to ask a simple question; once they get that information, they make another phone call using the previous information provided. The hacker will go after the weakest link and if he can get one person in the business to make a bad decision, none of the security precautions taken will matter. I recently partnered with a company called KnowBe4 that specializes in security awareness training — a niche that wasn’t really available before. It’s important to note that information security policies cannot be written in stone. As a business needs change, new security technologies become available, and security vulnerabilities evolve, the policies need to be modified or supplemented. You should review security at least on an annual basis, but if you’re a bigger company, on a quarterly basis. Back in my hacking days, I was able to remain in some systems for over a decade as a result of companies failing to review their security measures.

If credit card information or other data is stolen, can I figure out exactly what has been taken?
In some cases, we can go into the system and see the logs of exactly what information was viewed, taken, and when it was retrieved.