White Hackers

I just got back from a few weeks traveling around Europe, presenting at Cisco Live Europe, and meeting with customers and partners. It is obvious that this blog is very much needed for a lot of the deployments that we discussed, so as promised in the Load Balancing Blog, I am following up with a blog on how to "hack" the certificate for a Cisco Identity Services Engine (ISE) node, so that we may include entries in the Subject Alternative Name (SAN) field. Why do we need to do this?  There will be plenty of occasions in which you’ll want to reach ISE with a DNS name that is not the exact same as its hostname. If you’ve ever tried to reach an https:// website by IP address, you most likely have experienced the web browser arguing that the certificate name is mismatched and that the browser requires you to accept the warning in order to proceed. An example is shown below. Cisco ISE has a few different portals that you may connect to: Sponsor Portal:  https://ISE:844...

Do you ever wonder how all these celebrities continue to have their private photos spread all over the internet? While celebrities' phones and computers are forever vulnerable to attacks, the common folk must also be wary. No matter how careful you think you were went you sent those "candid" photos to your ex, with a little effort and access to public information, your pictures can be snagged, too. Here's how. Cloud Storage Apple's iCloud service provides a hassle free way to store and transfer photos and other media across multiple devices. While the commercial exemplifies the G-rated community of iPhone users, there are a bunch of non-soccer moms that use their iPhones in a more..."free spirited" mindset. With Photo Stream enabled (requires OS X Lion or later, iOS 5 or later), pictures taken on your iPhone go to directly to your computer and/or tablet, all while being stored in the cloud. If you think the cloud is safe, just ask Gizmodo ...

Columbia computer scientist Ang Cui helped uncover a weakness in Cisco IP phones that can let a hacker take complete control of them. Read more at  http://spectrum.ieee.org/computing/embedded-systems/cisco-ip-phones-vulnerable

Hi folks, In this article I’ll share the results of ad-hoc security vulnerabilities research I’ve done on windows 8 apps deployment. Specifically, we’ll discuss fundamental design flaws that allow to Reverse Engineer Win8 apps, modification of installed apps and the negative implications on Intellectual Property rights protection, Licensing models and overall PC security. Finally we’ll discuss some creative ideas on how to mitigate these security issues.  Meet the mother-load: C:\Program Files\Applications All Windows 8 applications in the developer preview are installed under the clandestine  C:\Program Files\Applications  location. I will hazard a guess and say that once the Windows App Store goes online it will install all apps under that folder. Currently the folder is an invisible one and cannot be accessed from Windows Explorer user interface on a new Win8 developer preview install. Here’s an example of some of the 29 apps Win8 apps installed on the...

It can sometimes be difficult to balance out ease of use with security. Software companies and online services can be under pressure to make the user experience as smooth as possible, even for potentially risky services like password resets, which saves the company money on tech support and help costs. Unfortunately, rounding off corners can also create gaps in security. A security hole was found in  Skype ‘s password reset procedure that could have allowed anyone who knows your email address to “hack” into your Skype account, and only gained attention after the vulnerability was posted on  Reddit . The issue was caused by a flaw in Skype’s password reset scheme, which allows password reset tokens to be activated through Skype instead of through the original account email. All you needed to do was sign up for a new Skype account with the victim’s email address–despite the notification that the email is already associated with a Skype account, log in to Skype, and re...

  A former information technology director of a Tampa advertising firm is facing jail time after some unauthorized "facetime" with a couple of female co-workers. Thursday, Christopher Channer pleaded guilty to federal charges of intercepting communications after the FBI determined that back in 2010, he tapped into webcams of female employees of the Atlanta office of 22squared from his Tampa office without their knowledge. They say he gained access through a program on the computers that was designed to track down stolen laptops. Channer, who according to a plea agreement captured more than 1200 images of the woman, including the exposed breast of one woman, is facing five years in prison. Channer was an experienced IT director tapping into pre-loaded software on company owned computers, but the experts say you don't need that kind of experience to hack a webcam. "It doesn't take a genius to be able to figure out how to get into someon...

Dan Petrovic has explained how he  hijacked a few pages in Google  to show his copied version over the original version of the page. For example, he was able to confuse Google into thinking a page on MarketBizz should really show on dejanseo.com.au instead of on marketbizz.nl. How did he do it? He simply copied the full page, source code and everything and put it on a new URL on his site. He linked to the page and gave it a +1 and the result worked days later. He is a picture of Google’s search results for the page using an info command and also searching for the title of the page: He did the same thing on three other domains with varied levels of success. We emailed Google last week for a comment but have yet to hear back. In some cases, using a rel=canonical seemed to prevent it from hijacking the result fully but not in all cases. There also seems to be a case where using the authorship might be prevent this as well. Dan Petrovic was even able to hijack t...

You probably own a personal Wi-Fi hotspot at home. Having several devices under one roof seems like a good reason to convert your broadband internet into a wireless connection. Some internet providers in your area might even have paid Wi-Fi hotspots for homes and establishments. Since anyone can connect to your  Wi-Fi network , the next best idea is to protect it with a WPA password. A WPA password prevents freeloaders from using your internet and deal with more pressing issues such as privacy and hacking. However, this is not a full-proof method. Securing your Wi-Fi network no longer guarantees safety from prying eyes; let alone people who want to get free internet. People can easily crack your network’s password with the aid of certain tools. In the early part of this article, we will teach you how to hack your own WPA-secured network with a tool called Reaver. Later on, we will explain how to protect your home network from Reaver attacks. Note : Hacking of other ...