Mac OS X Lion Passwords Compromised by a Security Flaw

 Security, Technology  No Responses »
Sep 272011
 

Do you really think Mac OS X is safe from viruses and hacks? Well, Patrick Dunstan, famous for his article back in 2009 “Cracking Mac OS X passwords“, has found a security flaw within your Mac OS X Lion that essentially allows non-root users to easily view and extract the SHA512 hash using Directory Services (dscl command).

After getting the SHA512 hash, you can basically use your regular brute-force techniques to discover the user password. I’ve tried it out personally, so I know it works.

Interesting? Indeed. Check out his full article - Cracking OS X Lion Passwords.

U.R.G.E. by Anonymous – Hijacking Trending Topics on Twitter

 Security, Technology  No Responses »
Sep 122011
 

I’m sure you’ve all should have heard about Anonymous, if you haven’t you’ve been living under a rock. Anonymous has released a windows application to hijack trending topics on twitter. This is used for spreading the word of Anonymous’ activities. This is not a hacking tool nor is it an exploit tool, it was created to make it easier for them to tweet faster without copying and pasting constantly.

You can download this program HERE (Windows-Beta)

You will need .NET Framework 4 to run this program. You can get it: HERE

U.R.G.E Users Manual

Source Code

Beware of Twitter Phishing Attack (WARNING)

 Security, Technology  2 Responses »
Sep 052011
 

There’s a twitter phishing attack going around that’s being passed through DM. The url posted is “http://itwitier.com/login/sessions/” – please do not log in there. Those accounts that are compromised will send this DM to their friends:

If you do receive this DM from your friends, please inform your friends that their twitter accounts have been “phished” and should change their passwords IMMEDIATELY.

Learn more about “Phishing” on Wikipedia.

The Moonwalking Bear Con

 Security  5 Responses »
Aug 152011
 

It’s been a long time since I’ve written anything about security, and I love watching Leverage TV Series for their various con techniques. The latest episode uses the “Moonwalking Bear” con, is one of the many types of  distraction con by using two cons interleaved together to distract the target by a main con while executing the real con right under the target’s nose without him realizing it.

As seen in the video above, if you concentrate on counting the number of passes the team in white makes, majority of the people will not be able to notice the “Moonwalking Bear” in the background. The same concept applies to this “Moonwalking Bear” con.

In order to make this successful, you’ll need the target to know that both cons are happening, but the distracting con will be the main focus with the knowledge that it will fail, while the “Moonwalking Bear” con will be downplayed in the background happening at the same time.

This is a fairly difficult con to execute because both cons needs to be well orchestrated to interleave with each other, together with providing enough distraction for the target to focus all his efforts on the main con, all the while letting the main con help the real con succeed. Furthermore, the target needs to already know there’s a con happening and wants to beat you at your own game.

Perfect for those who think they are smart enough to outwit you. :)

Using Facebook to Recognize You and Getting Your Information

 Security, Technology  No Responses »
Aug 152011
 

Alessandro Acquisti from Heinz College, Carnegie Mellon University presented a research on how they could essentially get every private data about you from just your face, with the help of Facebook’s database of images.

The research called “Faces of Facebook: Privacy in the Age of Augmented Reality“, shows how the lack of privacy on Facebook (and other social networks), or rather the lack of awareness and privacy management, can allow anyone including yourself find out about their names, where they live, cell numbers, birthdays, monikers, sexual orientation, credit ratings, social security numbers (or NRICs), even inferring various information – basically everything about you in an instant by just your face.

Combine that with your phone’s camera, Augmented Reality, and cloud computing to crunch and data-mine those data, and I can walk down the street, flash my phone at you and I will know everything about you.

Scary? It’s becoming a reality. It’s only a matter of time.

Find out more about the research, experiments, and capabilities - http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/

Microsoft Singapore warns of “Windows Live” Phone Scam

 Security, Technology  2 Responses »
Apr 202011
 

Scammers are using several well-known brands, including Microsoft, to fool consumers into believing that something is wrong with their computers. The scam typically unfolds in the following manner:

  • A cold caller, claiming to be a representative of Microsoft, one of its brands, or a third-party contracted by Microsoft, tells the victim that they are investigating a computer problem, infection or virus that has been detected by Microsoft.
  • They tell the victim that they can help and direct them to a website that then allows the scammers to take remote control of the computer.
  • The cold caller will then spend some time on the computer trying to demonstrate where the ‘problems’ are and in the process, convince the victim to pay a fee for a service that will fix the computer.

Singaporeans are advised to simply hang up if they receive a call of this nature and not to respond to any communications from these scammers.

For more information, Microsoft recommends the following resources:

Source: http://microsoftsgnews.com/?p=151

Sony PS3 Public Private Key Found and Hacked (Video)

 Security, Technology  No Responses »
Dec 302010
 

fail0verflow, famous for their Wii hacking, did a presentation yesterday called Console Hacking 2010 at the 27th Chaos Communication Congress (27c3). One of the major highlights was the dongle-less jailbreaking by breaking the PS3 loaders, giving complete control over the system. They showed how they retrieved the Sony PS3 private cryptography key, giving users the ability to sign their own SELFs. Apparently, Sony uses the same “random” number all the time. If you can’t wait, skip to 33:00 for the good stuff. You can follow @fail0verflow on twitter.

Microsoft Security Essentials 2.0 Released

 Security, Technology  No Responses »
Dec 292010
 

This totally slipped off my radar. Microsoft Security Essentials 2.0 is released and ready for download! The update should be available on Windows Update soon, but if you can’t wait, you can download Microsoft Security Essentials 2.0 directly.

The major features in this new release is the Network Inspection System, a network intrusion detection system that works on Windows Vista and Windows 7, as well as a new anti-malware engine that employs heuristics in malware detection.

Hacker Halted Egypt 2010 Hosted in Cairo from December 13-14

 HackerspaceSG, Security  1 Response »
Dec 062010
 

For the first time in Africa and the Middle East, Hacker | Halted conference will be held in Egypt on 13th and 14th December 2010, Hacker Halted Conference is the ultimate white hat hacker con in the Middle East and Africa, Hacker Halted is slated to be the world’s largest reunion of Certified Ethical Hackers to date. If Information Technology, Information Security, Computer Hacking, and black hat techniques with white hat professionalism sounds enticing to you, Hacker Halted Egypt 2010 is the IT Security Conference to attend.
For more information about the H@cker | Halted Conference Click Here ..

Page 1 of 2 1 2