Skip to main content

Posts

Showing posts from March, 2013

How to Hack Samsung Phone Screen Lock

I have discovered  another  security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing. Video . Of course, if you are unable to download a screen unlocker, this security vulnerability still allows you to  dial any phone number and run any app ! HOWTO From the lock screen, hit the emergency call button. Dial a non-existent emergency services number - e.g. 0. Press the green dial icon. Dismiss the error message. Press the phone's back button. The app's screen will be briefly displayed. This is just about long enough to interact with the app. Using this, you can run and interact with any app / widget / settings menu. You can also use this to launch the dialler. From there, you can dial any phone...

Xbox Live accounts hacked

Allegedly, the hackers who targeted Krebs did so because he helped to reveal the method by which they have been compromising the accounts of "Microsoft employees who work on the Xbox Live gaming platform," Krebs writes . The method apparently involves acquiring and then utilizing the employees' social security numbers along with some social engineering to obtain access to those accounts. "Attackers are targeting high-profile Microsoft employees by social engineering other companies." In a statement given to The Verge, Microsoft confirmed that "a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees" have in fact been compromised. However, Microsoft denies that it in any way collects or utilizes SSNs in conjunction with Xbox Live accounts. We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accoun...

Hacking NVidia Cards into their Professional Counterparts

I did originally post this on the nvidia forums but they have silently deleted it   , obviously they do not like what I have found becoming public   . Firstly I will give a bit of history for those that are unaware. NVidia's has for a long time had two ranges of cards, the GeForce for the gaming market, and Quadro for the professional market, and more recently the Tesla range for high end parallel computing stuff. As I am sure most of you would be aware, it is cheaper to manufacture a single chip and cripple it in some way for different product lines then it is to make different silicon for every product. In the past it has been possible to convert the GeForce cards into Quadro if you could find what they call 'hardware straps' on the board and change them. These straps control the PCI Device ID that the card reports to the computer, and as such, what the drivers will allow the card to do. Recently nVidia changed the way this all works and it has not bee...

How to Hack 30+ Highly Popular Websites

# March 13, 2013 # FULL-DISCLOSURE Exclusive - Vielen Dank John! # # VULNERABILITY SUMMARY # --------------------- # A confirmed security vulnerability has been identified with 30 high traffic web # sites owned by QuinStreet.   Vendor stores database IDs in cookies which are # easily spoofed (USERID_COOKIE), allowing all user information to be accessed.  # Seven million users are reportedly in the database: # http://www.itbusinessedge.com/about-itbe # # Web sites include: # # Ziff Davis # ---------- # http://www.eweek.com/ # http://www.baselinemag.com/ # http://www.cioinsight.com/ # http://www.channelinsider.com/ # http://www.eseminarslive.com/ # # Developer.com Network # --------------------- # http://www.developer.com/ # http://www.devx.com/ # http://www.codeguru.com/ # http://www.htmlgoodies.com/ # # IT Business Edge Network # ------------------------ # http://www.itbusinessedge.com/ # http://www.datamation.com/ # http://www.smallbusinesscomputing.com/ ...

How to Hack Any Facebook Account...Again!

just to clarify there is no need for any installed apps on the victim's account, Even if the victim has never allowed any application in his Facebook account I could still get full permission on his account via Facebook Messenger app_id (This bug works on any browser), Also, It's important to mention that there is a special regex protection in Facebook Messenger app_id (app_id=220764691281998), I was able to bypass it.   Bug 1: Reported this bug at 6/03/2013, Facebook Security Team Fixed it immediately , Also reported more OAuth bugs at 26/02/2013, Facebook Security Team Fixed it very quickly Regarding Facebook OAuth Double URL Encoding (Firefox), Reported at 6/02/2013, Fixed it very quickly Details: So after the first OAuth Vulnerability discovery  http://www.nirgoldshlager.com/ 2013/02/how-i-hacked-facebook- oauth-to-get-full.html Facebook Security was trying to protect OAuth Token Hijacking attacks by using  Regex Protecti...

TOP WEBSITES TO LEARN HOW TO HACK PROFESSIONALLY

Hacking is definitely not as easy as shown in various movies, still there are thousands of newbies who wants to learn hacking for one or another reason but don’t know where to start from. So, below is a list of some website to start your journey. list of various Ethical hacking Sites Backtrack : Rating (5/5) No need to introduce this software. If you have a little bit of experience in hacking then you must have heard about Backtrack. This website provide many hacking tutorials using Backtrack. Have there own Training programs, blog and large community. Backtrack is highly popular among Security Professional and many top certifications like CEH use backtrack for teaching penetration testing. If you are a Backtrack beginner then you must bookmark this website. Hell bound hackers : Rating (4.5/5) Hellbound Hackers is a security training website which covers large number of security topics like programming, Encryption, Cracking etc. HellBound is one of largest hacking teachi...