Password Cracking – Part 4 – Online vs. Offline Password Cracking

 

When performing a password cracking attack, it is either an online or offline attack. Let’s look at each method in detail.

Online Password Cracking

Online attacks are necessary when you don’t have access to the password hashes.

When performing an online attack, you are usually presented with a web form asking for a username and password combination. There, you could try to guess the password, but that usually won’t get you anywhere. Instead, you could create or use an available automatic password guessing tool. Luckily for those of you who can’t program, there are already hundreds of these tools freely available online.

The downside of performing an online attack is that it can be very noisy, extremely slow and sometimes just not feasible.

Many login forms have a lockout feature that locks you out after a certain number of failed login attempts. For example, one of my cPanel hosting accounts will completely block my IP address if I fail to login after five attempts. When this happens, I am forced to contact customer support to have my IP address manually unblocked so that I could access the site. Another example is if I fail to login into my online banking after multiple tries, my account will be locked for 20 minutes.

If the target websites doesn’t have a lockout feature, that doesn’t mean you’re golden. Online password cracking attacks are very noisy, and when you are throwing random wrong passwords at a system, its log file will grow tremendously. It looks very suspicious when there are hundreds of wrong password attempts logged to the same IP address.

To get around these factors, you might try to cover up your IP address via a proxy, use a different proxy for every 5 to 10 guesses, or even attempt a few guesses every 30 minutes so it looks less suspicious. Many of the password cracking programs out there have these features available.

Online attacks can be very slow because the speed of the attack depends on the speed of your internet connection and the speed of the target server. Because of this, the best and really the most effective type of attack is a dictionary related attack. So if you have a fairly secure password you will most likely not fall victim to an online password cracking attack.

Offline Password Cracking

Offline attacks are only possible when you have access to the password hash(es). The attack is done on your own system or on systems that you have local access too. Unlike an online attack, there are no locks or anything else to stop you on an offline attack because you are doing it on your own machines. The only thing that could hold you back is the limits of your computer hardware because an offline attack takes advantage of its machine’s processing power and its speed is dependent on the speed of the actual machine. So the better the processor and nowadays even graphics card, the more password guessing attempts you can get per second.

Now that you know the difference between online and offline attacks, I’m sure you’ll agree with me that you should try to use offline attacks whenever possible. This obviously won’t be possible most of the time, so we will look at real world examples of both methods later on in this course.

Former cybersecurity czar: Every major U.S. company has been hacked by China

Richard Clarke says evidence 'pretty strong' that China is stealing commercial secrets

Former White House cybersecurity advisor Richard Clarke has made a career out of issuing security warnings.
His most famous, of course, was his alert to Bush Administration officials in July 2001 -- 10 weeks before 9/11 -- that "something really spectacular is going to happen here, and it's going to happen soon."
Clarke was talking about an attack on U.S. soil by Al-Qaida, the terrorist group he had been warning the new administration about -- to virtually complete indifference -- since that January.

• Richard Clarke: Preparing For A Future Cyberwar

Now Clarke, author of the book Cyber War, is issuing an alert via Smithsonian magazine that the U.S. is defenseless against a cyberattack which could take down major parts of the nation's infrastructure, including civilian, military and commercial networks.
What makes the U.S. especially vulnerable, Clarke says, is that its aggressive "cyberoffense" -- “the U.S. government is involved in espionage against other governments,” he tells Smithsonian -- isn't matched by an effective, or even competent, cyberdefense, making the nation particularly vulnerable to blowback.
Clarke says he's concerned that hackers on the Chinese government payroll are threatening the U.S. economy.
"I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China,” Clarke says in the Smithsonian interview:

Clarke claims, for instance, that the manufacturer of the F-35, our next-generation fighter bomber, has been penetrated and F-35 details stolen. And don’t get him started on our supply chain of chips, routers and hardware we import from Chinese and other foreign suppliers and what may be implanted in them—“logic bombs,” trapdoors and “Trojan horses,” all ready to be activated on command so we won’t know what hit us. Or what’s already hitting us.

To Clarke this is a more insidious and dangerous attack than some high-profile, real-time assault on commercial and government networks.
"My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese," Clarke tells Smithsonian. "And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete."
It's easy to dismiss this as alarmism, but the man has a track record of being right.

Celebrity hacker pleads guilty to Scarlett Johansson e-mail hack

"Operation Hackerazzi" comes to a close as the hacker most known for sending private nude photos of Scarlett Johansson to gossip Web sites pleads guilty.

Christopher Chaney entered guilty pleas to nine felony counts in federal court today, admitting that he hacked into dozens of celebrities' e-mail accounts, including those of Mila Kunis and Scarlett Johansson, according to the Los Angeles Times.
"Today's guilty pleas shine a bright light on the dark underworld of computer hacking," said U.S. Attorney Andre Birotte Jr., whose office prosecuted the case, according to the Los Angeles Times. "This case demonstrates that everyone, even public figures, should take precautions to shield their personal information from the hackers that inhabit that dark underworld."
Chaney, 35 of Jacksonville, Fla., faces a maximum of 60 years in federal prison when his sentence is announced in July. He was nabbed last October following an 11-month investigation that federal officials named "Operation Hackerazzi."
Originally he was charged with a 26-count indictment that accused Chaney of unauthorized access of protected computers, wiretapping, identity theft, and damaging computers. While more than 50 victims from the entertainment industry were connected with the case, only five people were identified by name: Johansson, Kunis, Christina Aguilera, Simone Harouche, and Renee Olstead.
After the bust Chaney initially pled not guilty, but, according to TMZ, he struck a plea deal with the prosecutors and ended up agreeing to nine counts, including identity theft, wiretapping, and unauthorized access of protected computers. He also agreed to surrender his computers, external drives, and cell phone.

Related stories

• Ex-News Corp. exec re-arrested in hacking scandal, report says
• Vatican: Anonymous hacked us again
• FBI says $700K charged in Anonymous' Stratfor attack
• Hacker 'Sabu' worked tirelessly as FBI informant
• AntiSec hacks security site to protest LulzSec arrests

Over the course of the federal hearing, Chaney admitted to hacking into celebrity accounts, obtaining private e-mails and confidential documents, publicizing their personal information, and sending photos to two celebrity Web sites. Some of the photos of Johansson were nude photos she took privately to send to her then-husband Ryan Reynolds, according to The Guardian. Chaney gained access to the accounts by using the "Forgot your password?" feature in their e-mail addresses, according to the Los Angeles Times. He then would reset the passwords by answering security questions from public information he found by searching the Web. According to the plea agreement, Chaney received thousands of e-mails from the victims' accounts.

Cracking the cloud: An Amazon Web Services primer

It's nice to imagine the cloud as an idyllic server room—with faux grass, no less!—but there's actually far more going on than you'd think.

Maybe you're a Dropbox devotee. Or perhaps you really like streaming Sherlock on Netflix. For that, you can thank the cloud.
In fact, it's safe to say that Amazon Web Services (AWS) has become synonymous with cloud computing; it's the platform on which some of the Internet's most popular sites and services are built. But just as cloud computing is used as a simplistic catchall term for a variety of online services, the same can be said for AWS—there's a lot more going on behind the scenes than you might think.
If you've ever wanted to drop terms like EC2 and S3 into casual conversation (and really, who doesn't?) we're going to demystify the most important parts of AWS and show you how Amazon's cloud really works.

Elastic Cloud Compute (EC2)

Think of EC2 as the computational brain behind an online application or service. EC2 is made up of myriad instances, which is really just Amazon's way of saying virtual machines. Each server can run multiple instances at a time, in either Linux or Windows configurations, and developers can harness multiple instances—hundreds, even thousands—to handle computational tasks of varying degrees. This is what the elastic in Elastic Cloud Compute refers to; EC2 will scale based on a user's unique needs.
Instances can be configured as either Windows machines, or with various flavors of Linux. Again, each instance comes in different sizes, depending on a developer's needs. Micro instances, for example, only come with 613 MB of RAM, while Extra Large instances can go up to 15GB. There are also other configurations for various CPU or GPU processing needs.
Finally, EC2 instances can be deployed across availability zones—which is really just a fancy way of referring to the geographic location of Amazon's data centers. Multiple instances can be deployed within the same availability zone (such as US East Virginia), or across more than one if increased redundancy and reduced latency is desired

Elastic Load Balance (ELB)

Another reason why a developer might deploy EC2 instances across multiple availability zones is for the purpose of load balancing. Netflix, for example, uses a number of EC2 instances across multiple availability zones. If there was a problem with Amazon's US East center, for example, users would hopefully be able to connect to Netflix via the service's US West instances instead.
But what if there is no problem, and a higher number of users are connecting via instances on the East Coast than on the West? Or what if something goes wrong with a particular instance in a given availability zone? Amazon's Elastic Load Balance allows developers to create multiple EC2 instances and set rules that allow traffic to be distributed between them. That way, no one instance is needlessly burdened while others idle—and when combined with the ability for EC2 to scale, more instances can also be added for balance where required.

Elastic Block Storage (EBS)

Think of EBS as a hard drive in your computer—it's where an EC2 instance stores persistent files and applications that can be accessed again over time. An EBS volume can only be attached to one EC2 instance at a time, but multiple volumes can be attached to the same instance. An EBS volume can range from 1GB to 1TB in size, but must be located in the same availability zone as the instance you'd like to attach to.
Because EC2 instances by default don't include a great deal of local storage, it's possible to boot from an EBS volume instead. That way, when you shut down an EC2 instance and want to re-launch it at a later date, it's not just files and application data that persist, but the operating system itself.

Simple Storage Service (S3)

Unlike EBS volumes, which are used to store operating system and application data for use with an EC2 instance, Amazon's Simple Storage Service is where publicly facing data is usually stored instead. In other words, when you upload a new profile picture to Twitter, it's not being stored on an EBS volume, but with S3.
S3 is often used for static content, such as videos, images or music, though virtually anything can be uploaded and stored. Files uploaded to S3 are referred to as objects, which are then stored in buckets. As with EC2, S3 storage is scalable, which means that the only limit on storage is the amount of money you have to pay for it.
Buckets are also stored in availability zones, and within that zone “are redundantly stored on multiple devices across multiple facilities.” However, this can cause latency issues if a user in Europe is trying to access files stored in a bucket on US West, for example. As a result, Amazon also offers a service called CloudFront, which allows objects to be mirrored across other regions.
While these are the core features that make up Amazon Web Services, this is far from a comprehensive list. For example, on the AWS landing page alone, you'll find things such as DynamoDB, Route53, Elastic Beanstalk, and other features that would take much longer to detail here.
However, if you've ever been confused about how the basics of AWS work—specifically, how computational data and storage is provisioned and scaled—we hope this gives you a better sense of how Amazon's brand of cloud works.

Ars readers call for hackerspaces in the Ars OpenForum

So who'd like to get started on an RFID teddy bear?

Ars Technica's beginnings are rooted in a community that has always tinkered, built, and modded computer hardware. As it has evolved, the do-it-yourself philosophy has also triggered other communities that make their own stuff. Most recently, the "make movement" has made a name for itself in the world of open source hardware and hacking. The movement covers a broad range of interests, edging into some hardcore do-it-yourself projects. Some groups meet in hackerspaces, but the movement at large seems mostly based on the spirit of building things yourself or with other people.
This month, svdsinner started a fascinating thread in the OpenForum titled "Forums and the modern make movement." He started the thread by discussing "The modern open source hardware/hardware-hacking movement that has arisen with the advent of ultra-low cost micro controllers, the skyrocketing usefulness-to-cost ratio of interesting electronics sensors like gyroscopes, accelerometers, etc., and the new e-commerce-enabled ease of buying a vast array of inexpensive electronic components regardless of whether they are 'available locally' or not. There is a huge alpha-geek driven culture (personal fabrication, 3d printers, home CNC, hobby robotics, rapid prototyping, quad-rotators, etc.) that while on one hand is a perfect fit with the targeted readership of Ars, has no place in the open forum where it can be discussed where it would not be out-of-place."
Other readers in the thread noted that they'd like to see a dedicated space for some of these make projects in the Ars OpenForum. We are taking in all these recommendations from the Forum as we evolve the topics and forums in the near future.
Though the definition of a make project can be quite broad, svdsinner provided a nice list of different types of makers out there: Engineer-types who just love to have an extensive toolset to fix/build whatever they want, robotics tinkerers, academics, small businesses, artists, and of course, alpha geeks. If you feel there's other types of projects that fall under the definition, be sure to let us know in the comments or via our Ars pages on social sites.
Ars reader Chuckaluphagus has started his own RFID Teddy Bear project, and is hoping that there will be interest in him chronicling his project in the forums. What's more, that post brought out other makers out of the woodwork. If you have a project similar to his, or simply want to bounce ideas off other members in the forum, you can add your contribution to the thread or register for an account to get started.
We'd like to ask you, the readers, where to take this next. Would you like to see expanded coverage of makers and their projects? Like some of the readers in the thread mentioned, should there be a dedicated space in the OpenForum for make projects? Let us know what you think.

Learn to hack with a Hacker Lab (see my personal set-up)

You have a choice little one. To be a poo-poo pounded legit hacker. Or just a legit hacker. What separates the two? – The right hacking environment.

To become a good hacker, actually, to actually learn how to hack in general, one must practice what he learns. And to practice hacking without the risk of getting in trouble with the authorities and ending up in a bad place (thus the poo-poo pound reference) one must practice in a safe environment. Otherwise known as a Hacker Lab.

In the video below, I show you how to set one up, and give you a tour of my own personal set up. A must watch. Watch now. Now!

<object width="640" height="360"><param name="movie" value="http://www.youtube.com/v/BMh7eWbuOIQ&rel=0&hl=en_US&feature=player_embedded&version=3"></param><param name="allowFullScreen" value="true"></param><param name="allowScriptAccess" value="always"></param><embed src="http://www.youtube.com/v/BMh7eWbuOIQ&rel=0&hl=en_US&feature=player_embedded&version=3" type="application/x-shockwave-flash" allowfullscreen="true" allowScriptAccess="always" width="640" height="360"></embed></object>

CrackerCast Episode 21 – Scanning

This Episode of CrackerCast looks at this weeks hacker news and breaks down the second phase of the hacking process, scanning.

CrackerCast Episode 21 - Scanning Hide Player | Play in Popup | Download

Items Mentioned on the Show

• Nmap.org

Hacker Website of the Week

• SecurityTube

News Mentioned this Week

• Cyberwarrior Shortage Threatens U.S. Security
• Hacker Proves Facebook’s Public Data Is Public
• Security researcher demonstrates ATM hacking
• Defcon hackers release Android rootkit, total control of smartphone possible
• Hacker Snoops on GSM Cell Phones in Demo
• JailbreakMe: Apple iPhone 4 hack released

Download Episode

• Download .mp3 (right-click -> save link as…)

You can subscribe to the podcast feed via one of the two feeds below (might take a day for itunes to update it) :FeedBurner or iTunes

Hacking Software – Ophcrack

Software: Ophcrack
Description: Ophcrack is a free Windows password cracker based on rainbow tables. If you have no idea what a rainbow table is, see this article. It comes with a Graphical User Interface and runs on multiple platforms.
Screenshot:











Features:

• Cracks LM and NTLM hashes
• Free tables available for Windows XP and Vista
• Brute-force module for simple passwords.
• Audit mode and CSV export
• Real-time graphs to analyze the passwords.
• LiveCD available to simplify the cracking.
• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included

How to use it:

• If you have access to the Windows installation already, but don’t know the password. You can run this program within Windows and it will load the local SAM file that holds the login details and attempt to crack it using the rainbow tables you downloaded.
• If you have access to the computer, but can’t log into the computer, you can download and use the Ophcrack LiveCD. This simply runs Ophcrack from the CD by booting into the CD instead of into Windows. It will attempt to load and crack the Windows passwords.
• If you can’t run the LiveCD on the machine, but have access to the hard drive, you can attach the hard drive to a separate computer and load the encrypted SAM from it and crack it on your computer. Or, if you have an encrypted SAM from anywhere, ophcrack can load it and attempt to crack it.

Video Demonstration:
Download: http://ophcrack.sourceforge.net/download.php

Password Cracking – Part 3 – Password Hash

Passwords are most often stored in their plaintext format or in their hashed value format in a file system or in a database. If your password was “password” and it was stored as just “password” this would be an example of your password stored in its plaintext form. So if you could extract the password list from your victim and the passwords were stored in their plaintext form, then you have no need to crack anything because you already know the passwords. Da tu du! But if you extracted the list of passwords or dumped the database of passwords, and they were stored in their hashed values, then it’s crackin’ time! But before we go any further, let’s look at the basics.
What is a password hash?

A password hash is the password after it has gone through a one-way mathematical process, or algorithm, producing a completely different string. So let’s say your password is “password” and you run it through the MD5 algorithm, one of the many cryptographic hash functions out there, your final outcome will be 5f4dcc3b5aa765d61d8327deb882cf99. There is now no possible way of changing that back to the word “password”. The only way to reproduce that key combination is to either know the word and run it through the same hash function, or by trying to crack it, which is essentially the same thing.
The Login Process

Before you even go to login to one of your many password/username protected websites, you must first create your login details. So what happens when you create your login details and hit submit? It’s pretty simple. Most websites run your password through a cryptographic hash function like the one mentioned above and then store it in a database. Here is an example of how a PHP script would hash your password before it is stores it in a database.
$Password = MD5($_POST[‘password’]);
In the above PHP line, the script takes the password you submitted via $_POST and runs it through the MD5() cryptographic hash function, which transforms the submitted password into its MD5 hash value. Then the hash is stored in the variable $Password, which is later stored in the database.
Now that you have your login details created, next time you go to login, the PHP script will take the password you submitted, run it through the hash function, and compare it to the hash stored in the database. If the two hashes match, it means that the password submitted is the same password stored in the user database, so the website will log you in. Here’s an example in pseudo-code.
If (md5($Submitted_Password) == $Stored_Password_Hash) Then

Login()

Else

Display_Wrong_Login_Details_Message()

What is a password salt?

No, it’s not the type of salt that stings your eyes when you open them in the ocean because you thought you saw some sort of sea creature next to your legs and then find out it’s just a shell until you get your head out of the water and that “shell” starts chomping on your big toe causing you to scream like a three year old girl and splash around like a dying fish on the shore. True story. Password salts are completely different, even if they have the same affect on password crackers.
A password salt is a string that is added on to a user’s password before it is encrypted. This string could be anything, the user’s username, the exact time the user signed up, or something completely random.
The point of a password salt is to make a password more secure by making it much harder to crack. It does this by making the password longer, and by making each password hash different from every other, even if the password is the same.
For example, if the password was “123456”, the final hash would be MD5(“random-salt”+”123456), so even if someone else used that same password, their salt would be different, which would result in a different password hash. This way, if the attacker cracks a password, he wouldn’t be able to find every other user with the same password because their hashes would be different.
We’ll get more into salts once you learn more about password cracking.

v2.0

It’s finally here! Well, most of it, I decided to release it a bit early, so some features will be slowing added. Here’s a list of what’s new and old but revived.

• New quick read eBook to help those of you struggling with getting off your feet and learning how to hack. If you are already part of my email newsletter, you should have received it by now.
• I’ve revived the newsletter, it will come out every week with the latest hacker news and other awesome goodies.
• I’ve revived the podcast. The newest version will released in a week or two and after that, new episodes will come out every 2 weeks.
• I’ve added a new video section. I plan to launch at least one video post a month.
• I’ve added a new toolbox section, where I will post new tools and how to use them starting March 19th.
• Everything I do will be influenced by what you guys want, so on the right side, click on the button that says “Tell us what YOU Need? and tell me!
• I’ve created a new facebook group for MrCracker.com. LIKE IT! On the right sidebar.
• I’ve created a Google+ Group as well. You can join it by clicking the link in the header.

Password Cracking – Part 2

This is part two of the Password Cracking course within the  (previously known as the Hacker Institute).  

What is Password Cracking?

Password cracking is the act of recovering passwords through unconventional and usually unethical methods from data that has been stored or sent through a computer system.

Password cracking is a very popular computer attack because once a high level user password is cracked, you’ve got the power! There’s no longer a need to search for vulnerabilities and all that other mumbo jump needed to take over a system that we won’t be discussing in this course.

Also, everyone is susceptible to a password cracking attack. Unless you live in a remote, technology absent area, you have a password for something, and there’s usually something to gain from obtaining your password.

To show you how real and popular this form of attack is today, here are a few recent happenings.

• Password cracking was used to take over a few high-profile twitter accounts, including President Barack Obama, Britney Spears, Kevin Rose, and Rick Sanchez.
• Wal-Mart was a victim of a security breach where sensitive information was taken. Password cracking was one of the many methods used to gain entry.
• 10,000 cracked Hotmail passwords were publicly posted, and every day crackers continue to post new lists on forums all over the internet.
• phpBB.com was hacked and their 200,000+ username/password database was dumped and made publicly available to anyone willing to download it. Of those passwords, over 80,000 were reported to have had been cracked.

What is Password Cracking used for?

Password cracking can be used for both good and evil. If I forgot my password for a certain system or program, I might try cracking it before I completely give up on it. Now if it’s for any other reason, then it probably has an evil basis and is most likely illegal as well.

Notice how for my legitimate reasons I didn’t mention cracking services. Services are usually things like your ISP (Internet Service Provider), email, social networking and other related passwords. The reason why I didn’t mention these is because even if I legitimately forgot my password for a site like Facebook or Yahoo, it is still against their TOS to attempt to crack those passwords. Why? Because you will be attempting 100’s of password/second over the internet which could put a strain on their system and cause a DOS (Denial of Service) attack. Also, if not done properly, most systems would detect it as an attack and lock you out, sometimes even blocking your IP address completely so that you have absolutely no access to the website from your current ISP given IP address. Even though it is possible to change your IP address, you don’t want to keep doing that. No matter what your reasons are for attempting to crack a password from a service site, it will always be seen as a malicious attack because the websites provide methods for the owner to retrieve their forgotten password. With that said, cracking service site passwords is still very possible and in some cases very easy. It will be discussed later on in the course.

Password Cracking Methods

There are many different types of password cracking methods, and I will introduce you to each one of them within this course. Below is a list of the methods you will soon become a pro in:
 

• Dictionary Attacks
• Brute Force Attacks
• Hybrid Attacks
• Rainbow Tables

Cyber snoopers target NATO commander in Facebook attack

China blamed again

NATO’s most senior military official has come under a concerted cyber attack from hackers believed to be operating from the People’s Republic of China.
The Observer reported on Sunday that cyber fiends had targeted Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis by opening fake Facebook accounts in his name in an attempt to trick colleagues, friends and family into giving away his personal secrets on the social network.

Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.

As such, the attackers may have been looking for information they could use to guess Stavridis’ email or other log-in credentials which they could subsequently use to infiltrate NATO systems and steal sensitive military information.
NATO confirmed to the paper that Stavridis had been targeted several times in the same way over the past two years, with Facebook co-operating in taking down the offending fake SACEUR pages.
Although NATO itself said it wasn’t clear who was responsible for the cyber snooping attempt, the Observer spoke to “security sources” who had no hesitation in blaming China.
"The most senior people in Nato were warned about this kind of activity. The belief is that China is behind this," one of them is quoted as saying. One possible reason why the hackers decided to use Facebook as its initial attack vector is that Stavridis is an avid social media user and, unusually considering his senior position, is pretty vocal on Facebook.
In October, for example, he announced the end of NATO operations in Libya via his Facebook page.
While the attack has some of the hallmarks of a state-sponsored espionage attempt, it does appear somewhat less sophisticated than some of the APT-style attacks which have come to light in recent years.
These include Operation Aurora, which targeted Google and scores of other western firms, as well as Operation Night Dragon, the series of attacks on global energy firms in 2011.
Despite its protestations of innocence, the People’s Republic has time and again been singled out by officials in the UK and US as one of the main actors in cyber space when it comes to state-sponsored snooping.
Just last week US defence contractor Northrop Grumman released a 136-page report which pointed to China arming its military with information warfare capabilities which could prove a “genuine risk” to US military operations.

SXSW: 'Hot-spot honeypot' hacker's heaven

For a hacker, the thousands of smartphone junkies tweeting and checking in on Foursquare at South by Southwest are like a flock of lambs.

Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple Mark IV honeypot.

(Credit: Declan McCullagh/CNET)

AUSTIN, Texas--Some funny things were happening at the South by Southwest conference here today. My virtual private network connection kept getting disabled, and even stranger, on a friend's laptop a window popped up showing an animated cartoon cat flying through the air with a rainbow in its wake.
The image, known as Nyan Cat after a popular 2011 Internet meme, immediately alarmed me because it was used by the hacker group LulzSec on at least one occasion. I joked about being hacked, and my friend quickly turned off his laptop. (See CNET's related story about how to protect your Wi-Fi links, and a slideshow.)
A few minutes later we found the culprit around the corner standing in a Starbucks line: Darren Kitchen, founder of the Hak5 show, who had just given a talk about security at the conference. In his session he demonstrated for the audience how easy it can be to intercept unsecured Wi-Fi connections with a special router and custom software he wrote that he calls the WiFi Pineapple. His talk was appropriately titled "Securing Your Information in a Target Rich Environment." During the demo, audience members who were surfing the Web were surprised when the silly music that plays during the Nyan Cat video blared out of their laptops.

Hacking Wi-Fi networks with the Pineapple Mark IV honeypot (photos)

4-5 of 5

Scroll Left Scroll Right

• 
• 
• 
• 

Thousands of SXSW attendees with lots of social-media moxie but little to no security savvy were easy prey for a hacker like Kitchen. The interface he was using on his Galaxy Note smartphone showed a long list of BlackBerrys, iPhones, Androids, and laptops that thought they were connecting to the hotel or Starbucks Wi-Fi (which uses the name "attwifi"), but were actually being tricked by Kitchen's WiFi Pineapple. "Nobody has any sense of security here," he said, scrolling through the list of devices connected to his Wi-Fi router. If he wanted to, Kitchen could do something malicious, like a man-in-the-middle attack, and steal passwords and other data from unwitting victims. But his mission is to educate people by demonstrating what the risks are and not attack them. So his device was programmed to replace every Web page on the Internet with a Nyan Cat.
"When the device is kicked off it tries to get back on the network, and since I'm in closer proximity than the Wi-Fi router, it picks up my signal instead," Kitchen said. "In the demo I had half the audience connected to my Wi-Fi router."
Basically, his WiFi Pineapple is what is known as a "Hot-spot Honeypot" that attracts the devices looking to connect to Wi-Fi. The devices send out probe requests when the user turns the Wi-Fi on or turns on the device, and then Wi-Fi is automatically enabled. The messages are asking for a connection from a list of Wi-Fi networks that the device has remembered. Kitchen's router pretends to be the Wi-Fi network the user's device is seeking. This only works with an open Wi-Fi network, not one that's protected with the WPA encryption standard, which requires users to type in a password to connect. "It's an inherent flaw in the trust model of open Wi-Fi," he said.
Prototype software on his laptop was doing something similar with Wi-Fi connections, only the messages it was sending were de-authorization packets to interfere with the current Wi-Fi connection by saying the security equivalent of "this is not the Wi-Fi router you are looking for."
The problem is that the devices are set to automatically remember networks they've connected to in the past and it reconnects automatically when in range. "The security is in the way vendors implement it and all they care about is network name," Kitchen said. The solution would be requiring a challenge and response protocol for authentication and encryption, he said. But the mobile device makers haven't implemented that, probably because users would need to make a few more clicks to get on the network, he added.
Kitchen has a more ominous version of his WiFi Pineapple that resides in a simple aluminum box with a rechargeable lithium battery and magnets on the back so he can attach it to many surfaces in public spaces. He attached one on an ATM and an escalator. The box also could easily be designed to plug into a hidden wall outlet under a hotel hallway bench, for instance. "You could plug it into an outlet and remote-in over a 3G network and it can stay there forever," he said.
Kitchen sells his WiFi Pineapple for $90, mostly to governments and security professionals that are hired by corporations to do penetration testing of their own networks as part of security audits.

Read more: http://news.cnet.com/8301-27080_3-57394887-245/sxsw-hot-spot-honeypot-hackers-heaven/#ixzz1om8hGGmU

Password Cracking – Part 1 – Passwords

This is the beginning of the Password Cracking course within the Tech Tips (previously known as the Hacker Institute). A preview. Enjoy!

What are Passwords?

A password, also known as a PIN, passcode or secret code, in its simplest form, is just a secret word or phrase used for authentication, to determine whether you are who you say you are. Nowadays when you hear the word password, you automatically assume they are talking about a website or something related to computers and other electronic devices, but computers haven’t always been around, passwords have.

Where did Passwords originate?

Passwords have been around since before you or I can remember. In ancient times, as recorded in literature, they were used by sentries to challenge people who wished to enter their territory. If the approaching people knew the “watchword”, then they were allowed to pass. If not, then they were shot in the throat with a couple arrows, left to die, and then brought in for food. Actually, I don’t know about the last part.

After some research I have yet to figure out where passwords originally originated from, but I would assume it’s safe to say they have been around since cave men time. Keeping cavemen out of the caves they don’t belong in.

How are Passwords used?

Passwords are a big part of our daily life. We have passwords to protect our email, voicemail, phones, ATM cards, lockers, online banking, wireless networks, encrypted data and I can go on forever! Well maybe not forever, but you get the point.

As you can see, we need to keep them secure because if they fall into the wrong hands bad things will happen. Let’s take a look at some possible outcomes that could happen if such a thing happened.

 
• Your bank account could be emptied to fund a large purchase of socks for Judith’s sock fetish.
• Your sensitive email could be read by the stalker next door.
• You could be visited by the FBI after your wireless network was used to surf child porn.
• Your gym locker could be emptied, except for your pubic lice shampoo that was left out for everyone to see.
• Your love for your friend’s grandmother could be exposed after your Facebook messages were read and made public.

As you can see, none of the above situations are delightful to experience. This is why it is extremely important to know how to secure and create strong passwords. After reading the above, you are probably sweating profusely,trembling in your chair and thinking to yourself, “Oh no! I don’t know how to secure and create strong passwords!?” but don’t worry!

TA DA DA TA! I, David, will show you how, my young apprentice.

  Log into the rohanhande.blogspot.com  to receive access to the full Password Cracking course.

At hacking contest, Google Chrome falls to third zero-day attack

B y RohanLast updated about 2 hours ago

"These kinds of things are finicky." Within seconds of this machine visiting a booby-trapped website, it was commandeered by a remote-code attack that exploited a fully patched version of Chrome.

Google's Chrome browser on Friday fell to a zero-day attack that pierced its vaunted security sandbox, the third such attack in as many days at a contest designed to test its resistance to real-world threats.
A teenage hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7. He spent the past three days holed up in hotel rooms and conference areas refining attack so it would break out of the sandbox, which was designed to prevent code-execution attacks like his, even when security bugs are identified.
"These kinds of things are finicky" PinkiePie told reporters as he finished a blueberry yogurt just minutes after making his booby-trapped website display a picture of a pink pony wielding a medieval axe. He said he "got lucky" because he found a way to break out of Google's sandbox relatively early and then spent the rest of the time identifying vulnerabilities that allowed him to remotely funnel code through the system.
PinkiePie said all three of the vulnerabilities resided in code that's native to Chrome. A Chrome security researcher, who asked not to be named because he wasn't authorized to speak to reporters, said his colleagues in Mountain View, California, were already analyzing the exploit and vulnerability details to confirm that account. If it pans out, the hack will qualify for a $60,000 prize, the top reward for the Pwnium contest Google is sponsoring at the CanSecWest conference in Vancouver.
Google is offering prizes of $60,000, $40,000 and $20,000 under the competition in an attempt to learn new strategies for fortifying Chrome against attacks that expose sensitive user data or take control of user machines. PinkiePie is only the second contestant to enter the contest. Both have demonstrated attacks that allowed them to take control of Chrome users' machines when they do nothing more than browse to an attack site.
On Wednesday, a Russian researcher named Sergey Glaznov bundled two vulnerabilities into his own remote code-execution attack. Less than 24 hours later, Google shipped an update fixing the holes. At the separate Pwn2Own contest a few feet away, a team of researchers successfully exploited Chrome on Wednesday, but it's now almost certain that attack relied on Adobe Flash to break out of the safety perimeter.
The five vulnerabilities exposed during the third and final day of the contest are miniscule compared to the overall number of bugs Chrome's security team fixes each year. A member of the team said the value of Pwnium isn't in the number of bugs that come to light, but rather in the insights that come from watching how a reliable exploit is able to slip through carefully crafted defenses.

Windows Key Keyboard Shortcuts

SHORTCUT KEYS                                                   DESCRIPTION

1. WINKEY                                                  Pressing the Windows key alone will open start.
2. WINKEY  + F1                                         Opens the Microsoft Windows help and support center.
3. WINKEY + F3                                          Opens the Advanced find window in microsoft Outlook.
4. WINKEY +D                                             Brings the desktop to the top of all other windows.
5. WINKEY + M                                           Minimizes all windows.
6. WINKEY +SHIFT +M                              Undo the minimize done by WINKEY +M and WINKEY    +D.  
7. WINKEY + E                                             Open Microsoft Explorer.
8. Winkey + TAB                                            Cycle through open programs through the taskbar.
9. WINKEY +F                                              Display the windows search / find feature.
10. WINKEY +CTRL +F                                 Display the search for computers windows.
11. WINKEY + F1                                           Display the Microsoft windows help.
12. WINKEYS +R                                            Open the run window.  
13. WINKEY +Pause /Break Key                     Open the system properties window.
14. WINKEY +  U                                             Open Utility Manger.
15. WINKEY + L                                              Lock the computer (Windows XP and above only). 

More News

Rohan

Windows Embedded Standard 8 preview now available for download

More: Computerworld, Microsoft and Neowin.net

March 8, 2012: The impending Internet Doomsday effect on India

		As FBI prepares to shut down DNSChanger Temporary Severs we do a reality check on the impact and rectification measures
		Come March 8, 2012 and for millions around the world Internet will be forcibly shut down. This comes as a consequence of a virus that got so big that it infected millions of computers and is still looming large. The case goes back to 2007 when six Estonian men got together to create a botnet to spread DNSChanger malware that tapped into fraudulent servers, directing Web users to unintended - and sometimes illegal - sites. As a part of Operation Ghost Click, FBI took control over the botnet’s command and control servers in November, 2011 and replaced the rogue servers with temporary legitimate servers that were allowed to run only for 120 days – a deadline that is fast running out. The propagation of DNSChanger was no different from that of other malware. The malware authors learned early that by controlling a user’s DNS servers, they could control and interfere with the user’s Internet browsing habits. This was carried out by manipulating online ads through clickjacking. The victims were unaware that their PCs had been compromised – or that the malware turned their PCs defenseless to a swarm of other viruses. To understand how a DNSChanger works it helps to explore what DNS means and who the stakeholders are. Domain Name System (DNS) is an Internet service that converts domain names into the numerical Internet Protocol (IP) addresses that allow computers to communicate with each other. When you enter a domain name for example, www.india.gov.in in the address bar of your browser, your computer contacts DNS servers to determine the IP address for the website. This IP address is used to locate and connect to that website. DNS servers are operated by your ISPs (Internet Service Providers) and are included in your PC’s network configuration. DNSChanger belongs to a class of malware that works in one of the two ways described below: Alters the user’s DNS server settings to replace the ISP’s good DNS with rogue DNS servers operated by the criminals. Internet devices like routers or home gateways are the targets. If you have a factory set password that is usually easy to break, then the chances are high that the malware can infect the system or a network by changing the DNS settings inside the router as well. Additionally what the malware also does is that it prevents your PC from obtaining operating system and anti-malware updates – both crucial for protecting your PC from cyber threats.  This also widens the possibility of more malware attacks. When FBI made a crack-down on this botnet, approximately 4 million PCs in more than 100 countries had been compromised. The criminals had managed to mint $14 million in illicit fees! The replacement servers provided by the FBI were not supposed to remove the malware or other nefarious viruses that it may have aided – from infected computers. The sole purpose was to ensure that users do not lose DNS services. Over half of Fortune 500 companies and 27 out of 55 government entities have at least one PC or router still infected with DNSChanger. Translating to about 500,000 live infections! Our malware analysis team has reported over 70 variants to DNSChanger malware and thousands of positive cases in India alone. Before the panic attack sets in, it is wise to understand the ways in which you can deal with this issue.  First, the DNSChanger malware must be removed from the system/s. One should take a back-up of all important data and then remove the malware using good Antivirus software. After this has been carried out, the DNS settings on all affected devices must be set to their correct values. You can seek assistance from your ISP for accurate DNS settings to be used. If a network has been affected then the DNS settings of all PCs on that LAN should be rectified. There are no sure fixes to the malware. There are several tools available that will allow you to change the DNS Settings but the rogue entries still remain in the router. To restore settings in the router you would have to either consult your product manuals or contact the manufacturer. Quick Heal has created a free and dedicated webpage for users to determine if their PC is affected by DNSChanger malware, to check please visit:  http://www.quickheal.com/chkdns

No internet starting March 8 ?? Not really!!

There are news going around that there will be complete blockage of the internet from Eight march. Well this is not the complete and true story.

Only the users which are affected with the DNS changer Trojan will be facing the Internet blockage and not all the users.

In order to clear some air regarding this, below is the brief description of the working of one of the DNS changer Trojan.

After execution of the sample, it simply changes the default DNS present on the system to some rouge DNS server and delete the copies of itself.

So whenever the user access any site suppose 'Google.co.in", the request is sent to the Rouge DNS server which uses the query to display relevant ads to the query. This is also used to stop the Antivirus from getting update.

FBI in November found one such Rouge DNS network. Taking down these system at that time could have resulted in complete stoppage of internet for those users having the rouge DNS.

FBI replaced the Rouge DNS server with the legitimate ones-- a measure the agency said to be in effect for 120 days [ i.e till Eight March ]. This is done so as to give some time to the infected users to clean up the system.

To verify whether you are infected by DNS Changer Trojan, do check your DNS Server ip [ Run-> Cmd-> Ipconfig /all ]
and if the DNS server's ip falls in between these range, then it is possible that your system is infected with the DNS Changer Trojan.



We kindly request all the users not to trust such news completely.

With this tool, even you can write Android apps

In this age of app stores for mobile devices, we have hundreds of thousands of choices. Even so, the “perfect” app is one that meets an individual’s specific needs. And in a sea of apps, such a solution may not exist. But could you make it yourself? Perhaps, thanks to Google and the Massachusetts Institute of Technology with the MIT App Inventor. Back in 2010, Google introduced a simple programming interface to create Android applications. My son and I kicked the tires of the App Inventor and found it to be relatively easy to use, even for those without a programming background. The App Inventor allows for drop-and-drag development with all of the objects — buttons, links, images and such — already programmed with basic functionality. You simply need to put the puzzle pieces together, as it were, and add logic or specific features. 
FOLLOW THIS LINK

http://www.youtube.com/watch?v=8ADwPLSFeY8&feature=player_embedded

Google eventually announced plans to turn the App Inventor over to MIT, which was fitting, as some elements used to build the App Inventor already have ties to MIT. This past weekend, the university announced that after two months of closed beta testing, App Inventor is now in an open beta for all who have a Google ID.
Will you be able to create the next Angry Birds and retire rich by making software in the App Inventor? Not likely. But our smartphones and tablets are very personal devices that serve our individual needs. As such, I see truly customized apps, even simple ones, as part of our mobile future.
Recently, I had the need to create a simple but specific app to track an attribute of the running I do regularly. I turned to the Python programming language — ironically, learning about it through an MIT online course — to build the solution. I completely forgot about App Inventor, which likely would have cut hours of time off my little project and wouldn’t have required me learning all of the Python syntax. Sometimes plug-and-play can be a powerful solution.
Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Facebook’s IPO filing: ideas and implications
• 12 tech leaders’ resolutions for 2012
• Connected world: the consumer technology revolution

If you like this story, please share it

Anonymous hacked?

Summary-A report by Symantec suggests that members of Anonymous may have downloaded a Zeus Trojan that gave hackers access to their financial details. Anonymous, for its part, declares Symantec's report "libelous."

(Credit: Screenshot: Chris Matyszczyk/CNET)

As political parties, bank managers, and drug dealers have often found to their cost, infiltrators can be very hard to detect.
This is something that, perhaps, the members of Anonymous recently discovered for themselves, at least according to Symantec, the online security people.
For the company believes that members of the hacking collective were deceived into downloading a Zeus Trojan that gave up their banking details and other personal information.
On its blog, Symantec described how, on January 20--the day of the rather charming Kim Dotcom's sequestration by the FBI--members of Anonymous used their own personal computers to participate in DDoS attacks.
These were launched against a broad and institutional swathe of targets, such as the Recording Industry Association of America and the FBI.
Some mean-spirited--and still anonymous--individual allegedly inserted a Zeus Trojan into the Slowloris attack tool, of which many DDoS-ers are fond.
When members of Anonymous downloaded this tool, their banking details were apparently exposed like boxer shorts above low-slung pants and sent to a remote server.
I am grateful to MSNBC for discovering Symantec's troubling analysis.

(Credit: Screenshot: Chris Matyszczyk/CNET)

However, Anonymous seems to have unloaded its own feelings about it.
For, on the YourAnonNews Twitter feed, there was posted a fierce rebuttal: "This post from @Symantec about @YourAnonNews's spreading the DDOS hijacking trojan is wrong & libelous to say the least http://goo.gl/MUVxD."
The following tweet read: "Dear @Symantec - @YourAnonNews NEVER posted the DDOS hijacker nor did we attempt to trick people; instead we WARNED of it."
And a third offered: "Also, @Symantec - maybe if you paid attention to more details and did proper due diligence, your source code wouldn't have been stolen. SMH."
So there.
Some will chortle with schadenfreude that the hackers may have themselves been hacked. But doesn't this tale, if true, offer something greater--and something sadder--about the brittleness of human trust?
In Anonymous' case, one assumes that many of its members have never met in person. Their relationship is guided entirely by their ability to trust through gadget-based means.
It is the equivalent of trying to find a lover online and only ever having dates with them online. You can't so easily look them in the eyes and see if their facial expressions and body movements betray their true thoughts. Skype doesn't quite deliver the same chance of interpreting human nuance.
Whenever you're trying to collectively build something--or even collectively trying to destroy something--a twisted being will soon waft into your day, pretend they're on your side, and then try to ruin things.

Read more: http://news.cnet.com/8301-17852_3-57390098-71/anonymous-hacked/#ixzz1o73hSMwU

Something's Not Right: German User Has To Use Chinese Proxy To See New Music Video

We've been writing about German music collection society GEMA's bizarre fight against YouTube for a few years now, in which all major music videos are blocked from YouTube in Germany because GEMA is suing YouTube and refuses to even discuss a potential license until the lawsuit is over. As we noted recently, this is even frustrating the labels who feel that GEMA is costing them serious money in not just doing a deal to make videos available. While researching something else on Twitter, I came across this telling tweet, from an individual in Germany talking about how they had to use a Chinese web proxy just to watch a new Sting video, and properly notes just how screwed up the world is when people in Germany are relying on Chinese web proxies just to watch music videos. I'm still trying to figure out what good this does anyone... other than GEMA.

MICROSOFT WINDOWS SHORTCUT KEYS

Shortcut Keys                              Description

1. Alt +Tab               -        Switch Between open application   

1. Alt +Shift +Tab       -      switch backwards between open applications.
2. Alt +double-click    -      display the properties of the object you double click on. 
3. Ctrl + Tab               -      switches between program groups or document windows in application                               that       support this feature                   
4. Ctrl +Shift +Tab     -       Same as above but backwards
5. Alt +Print screen      -     Create a screen shot only for the program you are currently in.
6. Ctrl +Alt +Del          -     Reboot the computer and/or bring up the windows task manager.
7. Ctrl +Esc               -       bring up the Windows start menu. In windows 3.x this would bring up the task manager.
8. Alt +Esc              -         switch between open application on task bar.
9. F1                        -        activates help for current open application
10. F2                         -       Renames selected icon
11. F3                          -      starts find from desktop.
12. F4                           -     opens the drive selection when browsing
13. F5                            -    Refresh contents
14. F10                         -     activates menu bar.
15. Shift + F10               -    Simulates right-click on selected item.
16. F4                             -   select a different location to browse in the windows explorer toolbar
17. Alt +f4                       -  closes current program
18. Ctrl +F4                  -     Closes window in program.
19. F6                             -   move cursor to different window explorer pane
20. Ctrl + space bar          - Drops down the window control menu.
21. Ctrl +(the '+' key on the keypad) - automatically adjust the widths of all the columns in windows explorer
22. Alt +Enter               -     opens properties window of selected icon or program
23. Shift + Del              -    delete program/ files without throwing them into the recycle bin.
24. Holding Shift          -     boot safe mode or by pass system files as the computer is booting
25. Holding Shift            -   when putting in an audio Cd, will prevent Cd Player from playing.
26. Enter                       -    activates the highlighted program.
27. Alt + down arrow     -  display all available option on drop down menu.
28. *(on the keypad)        - expands all folders on the currently selected folder or drive in windows explorer.
29. +(on the keypad)         - expands only the currently selected folder in windows explorer.
30. -(on the keypad)           -  collapses the currently selected folder in windows explorer.

Cached Pages

Sometimes your company , colleges or government firewall may have blocked access to particular webpages, but you still be able to access it by viewing a cached copy of it on a search engine!
                       All you have to do is:
Step1-Start your browser and connect to any popular search engine of your choice .I am going to use Google  for this example.
Step 2-Search for blocked webpage that you wish to access.(In this case I am going to search for the keywords 'why this kolaveri di wikipedia'.
Within the search result that get displayed, look for the relevant blocked page that u wish to access and click on the CACHED link below it or next to it to access its cached copy. On Google ,in case you do not see the cached link below the search results, then u need to move your mouse over the instant preview
button next to search result and the on the right hand side preview space, the CACHED link will appear .
The best part about the technique is that network will think that u r simply accessing Google(which may not be blocked), but in reality u r using the search engine to access blocked content. As simple as that!
When u clicked on cached link of a search result, then within a few seconds, Google will open the most recent cached copy of that page and display it for u. Irrespective of whether that page may be currently down or may have been blocked by your network, u r still able to see it.
It is also possible to directly view a cached copy of a particular webpages or URL by using simple search operators on Google.For example, on Google if u were to search for cache:www.timesofindia.com,it will automatically display the most recent cached copy of Times Of India home page.

Note-When u r viewing a cached page, typically google will mention at the top the date n time from which the cached copy  is being displayed.This may vary from webpages to webpages.
It is possible for a web developer to specify that google should not Cached its webpage and in such a case the cached link or the cache operator  may not work or may just display the most current version of the page