Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Thursday, June 27, 2013

Securing your WiFi network

Posted by at No comments:
Labels: , , , , ,

Monday, January 9, 2012

How to Crack a Wi-Fi Network's WPA Password with Reaver via lifehacker.com

How to Crack a Wi-Fi Network's WPA Password with ReaverYour Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.

Here's the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.

In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.

How to Crack a Wi-Fi Network's WPA Password with Reaver First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.

What You'll Need

You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:

  • How to Crack a Wi-Fi Network's WPA Password with Reaver

    The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page and burn it to a DVD. You can alternately download a virtual machine image if you're using VMWare, but if you don't know what VMWare is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.

  • A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
  • A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
  • A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.

Let's Get Crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

How to Crack a Wi-Fi Network's WPA Password with Reaver

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type startx and press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.

  1. Click Applications > Internet > Wicd Network Manager
  2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

apt-get update

And then, after the update completes:

apt-get install reaver

How to Crack a Wi-Fi Network's WPA Password with ReaverIf all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.

Find your wireless card: Inside Terminal, type:

iwconfig

How to Crack a Wi-Fi Network's WPA Password with ReaverPress Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.

Put your wireless card into monitor mode: Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router your cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.

Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

Read more details about the vulnerability at Sean Gallagher's excellent post on Ars Technica.

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.

You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.

Double bummer. So what will work?

I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.

Further Reading

Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you're interested in reading more, see:

Reddit user jagermo (who I also spoke with briefly while researching Reaver) has created a public spreadsheat intended to build a list of vulnerable devices so you can check to see if your router is susceptible to a Reaver crack.

Have any experience of your own using Reaver? Other comments or concerns? Let's har it in the comments.

via lifehacker.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , ,

Friday, November 11, 2011

What You Should Do to Protect Yourself in the Wake of the Steam Hack via lifehacker.com

Media_httpfastcachega_jidbb
via lifehacker.com

What You Should Do to Protect Yourself in the Wake of the Steam HackIf you're a user of the popular Steam gaming platform, you've likely heard about the hack that potentially compromised passwords and credit card information. Although much of the damage has been done, but there are still things you can do to protect yourself. Here's a look at your options moving forward.

Change Your Passwords

Perhaps you use a good, strong, unique password on your steam account and, despite being stolen in the hack, it still remains safe and encoded. You may not be so lucky if you have a weak password. Either way, now is a good time to change it if you haven't already. When you're choosing a new password, it helps to know what the pros look for when they try to guess and methods hackers use to crack them so you can avoid falling into those traps. There are also a few good practices to follow. The most secure password is often one you don't even know. If you'd prefer something memorable, however, a multi-word password is generally considered to be among the most secure types. When you've come up with a password you like, be sure to test it so you know you didn't come up with one that's easy to guess or hack. Change it on your Steam account and you'll be in better shape.

Change Your Email Password, Too

If you're feeling a little worried, one thing worth noting is that Steam pays attention to when you access it from new computers. You have to enter a new code each time that is delivered via email, so even if your password was compromised the person trying to use it would also need access to your email account. It's best to have unique passwords for all your accounts, but if you've been using the same password this might be a good time to change. At the very least, make sure your email password doesn't match the one you use for any other service.

Monitor Your Credit and Debit Cards

It is still unclear whether or not any credit cards associated with Steam accounts were actually compromised, but you're going to want to keep a close eye on your statements to make sure there are no fraudulent charges. You may also want to call your bank and see what they suggest you do in this situation. They'll likely err on the side of security and suggest a replacement card with a new number. This can be a little inconvenient as it means being without your card for awhile, but if you go into one of your bank's branches you can usually get a temporary ATM card so you'll at least have easy access to your money.

Additionally, one of the best ways to protect yourself in the future is to use virtual credit cards. These virtual numbers often allow you to set specific spending limits so that if they're stolen your risk is minimized. Usually you can also specify timeframes and set them as single-use cards so you don't get any surprise charges. This is one of the best ways to protect yourself from credit card fraud when paying online, but it does require a bit of upkeep when it comes to recurring payments.

via lifehacker.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , ,

Thursday, November 10, 2011

Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi Hotspots via lifehacker.com

Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi HotspotsFiresheep Sniffs Out Facebook and Other User Credentials on Wi-Fi HotspotsFirefox: Firesheep sniffs out and steals cookies—and the account and identity of the owner in the process—of popular web sites (like Facebook and Twitter) from the browsing sessions of other users on the Wi-Fi hotspot you're attached to.

Firesheep is a proof-of-concept Firefox extension created by Eric Butler to show how leaky the security many popular web sites (like Facebook, Flickr, Amazon.com, Dropbox, Evernote, and more) employ is. The problem, as Firesheep shockingly demonstrates, is that many web sites only encrypt your login. Once you are logged in they use an unsecured connection with a simple cookie check. Anyone from your IP address (that of the Wi-Fi hotspot) with that cookie can be you. When using Firesheep on a public hot spot any session it can intercept is displayed in the Firesheep pane with the user's name and photograph (when available). Simply click on their name to intercept the session and start browsing the website as though you are them.

What can you do to protect yourself against such a painfully easy attack against your privacy and security? You can set up an SSH SOCKS proxy to encrypt your traffic, effectively sending your site sessions and accompanying cookies through a sniff-proof tunnel. For a less involved alternative, however, you could use something like the previously mentioned HTTPS Everywhere Firefox extension or Force-TLS (highlighted by TechCrunch). Essentially, these extensions will force popular sites to send data via the more secure HTTPS protocol, which encrypts data as it's sent, and while it's slightly slower, it's definitely worth using HTTPS when available.

Firesheep is free, works wherever Firefox does, and requires a wireless card capable of operating in promiscuous mode.

Firesheep [Code Butler via TechCrunch]
via lifehacker.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, November 9, 2011

Apple’s App store security breached via geeksaresexy.net

A man who created a bogus stock price tracker app for the iPhone that was in fact malware has been thrown out of Apple’s developer program. That would seem uncontroversial until you discover the app was designed to highlight a security flaw rather than cause damage or steal data.

Charlie Miller was told his right to create and upload apps had been terminated “effective immediately.”

If Miller’s name seems familiar, that may be because he’s a perennial winner at the PWN2OWN competition, held at the CanSecWest security event in Vancouver each year. Contestants can ask judges to visit a URL using various combinations of hardware, operating system and browser, with the latest publicly available security updates applied. Last year was a particularly bad day for Apple with a MacBook Pro running Safari the first computer to fall (Miller being the successful attacker) and the iPhone the first smartphone hacked.

According to Miller, his latest “attack” came after he spotted a security flaw in iOS. The flaw, unwittingly introduced in a recent iOS update, appeared to allow code to be added to an app after it had already been vetted by Apple and installed on devices.

To prove this was a genuine threat, Miller released an app named InstaStock in September. Using a post-approval update, he says he was in a position where he could have remotely downloaded contacts and pictures from phones running the app.

Miller says he reported the flaw to Apple in mid-October. He went public yesterday and was barred from the program a few hours later. He’s scheduled to unveil more details of the flaw at a security conference next week.

The BBC quotes one possible overenthusiastic analyst who calls the revelation the “the most significant threat yet to Apple’s app store economy.”

Meanwhile The Register has more details on the flaw, making the important point that it merely allows would-be attackers the same opportunities they’ve had on Android devices for some time.

(Image credit: Garret Gee)

via geeksaresexy.net

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , ,

Thursday, November 3, 2011

How to Secure Your Torrent Downloads via maketecheasier.com

secure torrent downloadsInternet security and privacy are two topics that are frequently in the news. Those Internet users who use the BitTorrent protocol to share files are perhaps more aware of these security and privacy issues than others. Many government agencies, special interest groups, corporations, and hackers with malicious intentions monitor torrent downloads and look for people to catch, sue, or attack.

Because of this reality, it is important for torrent file sharers to find ways to protect themselves from litigation, prosecution, bandwidth shaping, and malware. The following tips should help you make your torrent experience safer, private, and more secure.

Disclaimer: Downloading copyrighted media without the owner’s permission is illegal is some countries. Under no circumstances is this article intended to encourage illegal activity, and there are no guarantees that this information will protect you from any legal action.

1. Port Forwarding

Every modern router has some form of port forwarding that you can use for your bittorrent client. With it, you can circumvent ISPs that may block common torrent ports or limit their bandwidth usage. Using port forwarding, you could, for example, forward your BitTorrent traffic through the standard web port (80). Some torrent clients also support randomizing of ports so that they will use a different one every time you start them.

Router configuration port forwarding

2. Limit Downloads and Uploads

Since many ISPs now limit the amount of bandwidth you can consume within a month (or even at certain times of the day), it is important to not let your torrent downloading and uploading go unchecked. Torrent clients like qBittorrent have features that allow you to limit the number, speed, and even time of day that downloads are allowed.

qBittorrent download limits configuration

3. Encryption

Encryption is all about privacy. There is no reason for anyone, even your ISP to know exactly what sites you are visiting or what files you are downloading. Most torrent clients support some type of encryption for the data and/or header information. It is important to note that encryption will not mask your IP address, so anyone spying on the torrent (i.e. actively connected to the tracker) will still know you are downloading it, but anyone trying to spy on your Internet traffic in general will not be able to see what you are doing.

qBittorrent encryption configuration

4. Filter Lists

There are plenty of organizations that are known for their snooping or malicious intent. With an IP filter list, you can completely block them from connecting to you as peers, thereby eliminating any chance of them monitoring you and catching you in the act of downloading something. This may also help reduce the chance that you will connect to a peer that sends out harmful data or malware.

5. Proxy or VPN

Of all of the security measures on the list, this is by far the most effective. By routing your torrent traffic through a proxy or VPN, you can completely hide yourself from the outside world. Used in combination with the other tools on this list, your torrent downloading will be virtually covert. Proxy providers usually charge a subscription fee, and they will require you to either download a specially configured bittorrent client or reconfigure yours to use their proxy (often utilizing a SOCKS5 protocol).

Your privacy, however, is only as secure as the company offering the service. If they are under investigation or are willing to sell your information, using their services may not help you at all. Therefore, it is a good idea to ask around and do your research before using a proxy or VPN service.

qBittorrent proxy configuration

Privacy and Security

The media often associates BitTorrent with illegal file sharing, but there are numerous legitimate organizations, from Linux distribution developers to content delivery networks (CDN), that make use of bittorrent technology. Furthermore, many free media distributors who use open licenses, such as Creative Commons, use bittorrent to help reduce their bandwidth costs.

With a little effort, you can use the above-mentioned tools to help you take back your right to download and share legitimate content and software, while also maintaining your privacy and security.

via maketecheasier.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , ,

Sunday, February 6, 2011

Owning Metasploitable with Armitage

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , ,

Saturday, February 5, 2011

How To Hack Wireless w/BackTrack4

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , , ,

Wednesday, November 24, 2010

MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

main MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

Apple recently announced the availability of its Find My iPhone service for those who upgrade to iOS 4.2 but do not have a MobileMe account. That’s right. No more $99 annual charge if you want to keep a close watch on your iPhone, iPod touch (4th generation), or iPad’s location. This feature has been particularly interesting to me since I was once mugged in San Francisco (surprisingly good timing considering the 3GS became available a month later). And, now that the Find My iPhone service is free from its MobileMe subscription-based clutches, I thought I’d walk you through the ins and outs of locating, locking, and wiping your iPhone from the comfort of your couch.

After upgrading my iPhone 4 to iOS 4.2, I followed Apple’s simple instructions to set up Find My iPhone. Two minutes later I was all set up and ready to start tracking my iPhone on a convenient Google Maps-based map.

If this is your first experience with MobileMe then the above map is what you see after signing in. After selecting your device you have the following options:

  • display a message over your current task
  • play a sound
  • lock the device with a 4 digit code
  • wipe (erase) everything on the phone

Below is an example of displaying a message that gets displayed on your iPhone’s display:

popup copy MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

Once Apple has confirmed that the message was delivered, a confirmation email is sent to your MobileMe account’s email address. Note: The screenshot below is from a hot new email application named Sparrow.

email MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

If you’d rather take things one step further, you can lock your iPhone and prevent unauthorized access.

Remotely locking your iOS device is easy. Just tell Find My iPhone that you’d like to “Lock” your phone. After entering a pin code twice the device locks within seconds. A confirmation email also arrives similar to sending a message.

lock and screenshot MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

In addition to the Map view you can also choose Satellite and Hybrid views just like Google Maps.

satellite MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

hybrid MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

So, there you have it. The above walkthrough should give you a good idea of what to expect when you fire up the Find My iPhone feature for the first time on your desktop or laptop computer. If you’ve been thinking about buying an iPhone for yourself, you’ll be happy to know that you now get all these phone-tracking features for free.

I presume Apple is trying a new strategy to persuade people to sign up for the full MobileMe service. Releasing the Find My iPhone feature for free should get new visitors to me.com and, in theory, more paying customers. As soon as you begin typing your username and password on me.com, a large set of icons appear for email, address book, calendar, photos, iDisk, and Find My iPhone. It feels like a tease. After signing in you only have one of those features. This will leave newcomers asking the question, “What are those other icons for?”

It also makes sense that Apple make this iPhone-tracking service free, as Microsoft’s Windows Phone 7 handsets and select HTC-made Android phones offer similar services for free.

mobileme landing MobileMe Freebie: Find My iPhone Walkthrough with Screenshots

So, we want to know. Does the free Find My iPhone service make you more likely to pick up an iPhone this holiday shopping season? Sound off in the comments below!

via feedproxy.google.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , ,

Tuesday, November 23, 2010

Find My iPhone: 5 Real-Use Cases - Thieves Beware - iSmashPhone iPhone Blog

Fmip_locate_20100622

189diggsdigg

Now that Find my iPhone is free for users with iOS 4.2, why there is little reason not to sign up. The service allows you to locate your device, send it messages, lock it or totally wipe the memory if it happens to get lost or stolen. It's much like HTC's HTCSense.com service.

There have been quite a few stories in the past of people finding their devices by using Find my iPad or Find my iPhone. Let's have a look at some of those fortunate individuals who have been able to track down their devices and been spared the hassle of having to buy a new handset or iPad:

Games - Go to Jail

1) Justice Served

About a year ago 15-year-old Dustin Simantob of Colorado was able to recover his and his father's iPhones using the service. On top of that, the police were able to capture the criminals that did it. Apparently, they had been trying for some time, but until then didn't have enough on them to make an arrest. 

“so, my dad and I went on a 3 day father and son river trip and parked the car where we get out of the river to leave, so we get up to the cars and all 4 cars had one window broken and all the valuables taken from the car, so we ended up submitting our case to the near by cop and started on our 5 hour journey home, when we got back i remembered that i had set up the “track my iphone” on the mobileme site and immediately got on and tracked it.

it ended up being at a house near by where it was stolen, so i called up the cop that had taken our case and told him where it was located. as soon as i told him the address, he started to laugh, apparently the family had done a few things like this before and the local police had been trying to catch and arrest them but could never get proof that they had been the culprits.

now they had proof. so 4 police showed up at the door of this house and ended up getting mine and my dads iphones back along with my wallet and the Garmen GPS, they also were able to recover the two phones and wallet that was taken from the other car that was broken into. so thanks to mobileme we will all be getting our belongings back and a family of criminals will be put in jail.”

Source 

 

6a00d83451b31c69e200e54f53bafc8834-800wi

2) Stop my if you've heard this one: someone loses an iPhone in a bar...

A fellow named Kevin and two of his buddies went to a Lego convention. At the end of the day, they hit up a dive bar to grab a bite to eat. Then it happened, he left his iPhone on the table and had forgotten about it when he left. On his way out, he remembered that he had left the handset on the table and returned to the bar to pick it up. Unfortunately, it was nowhere to be found.

Luckily, he had recently activated his MobileMe account along with Find My iPhone. They began the search, and at first it seemed hopeless. The next day, they were led around town by the tracking service and they eventually found it at a bus stop. One of the bar's employees had found it and said he was planning to return it. Of course that's what he said when caught with it.

Source 

10-Qualities-SM-Art-Img

Image Credit: She Knows.com

3) Mom busts the bad guys

This one happened when a Mom was at the store. She placed the phone down while being attending to her kids, and totally forgot about it, leaving the handset on a store counter.

She and her husband decided to track their iPhone using the service. The were able to pinpoint it down to an apartment complex and called the police. They found the culprit and said that if the thief agreed to give up the handset within five minutes, no charges would be pressed. Needless to say, she got her phone back.

Furthermore, the officer said that he had already found five phones in the exact same manner. In fact, he said that Apple works closely with law enforcement to improve the GPS abilities on the device.

Source

4) Getting even

In Shadyside, a man was attacked by two robbers. They stole his phone and his wallet, asking for his pin number. After a game of cat and mouse, he and the authorities were able to track the thieves, three men with all the stolen property. They were all charged for the crimes, with the two assailants receiving additional charges for the robbery.

Source

5) Amusement Park Idiot

A mom and her daughter were vacationing at a Busch Gardens amusement park. Before boarding one of the roller coasters, they put their belongings in a storage bin meant to safely store items while attendees ride. Unfortunately, someone decided he would run for the woman's purse while no one was watching.

The daughter bumped herself cutting her lip open on the ride. The injury was nothing serious, but in the confusion, someone swooped in and grabbed Mom's purse. The purse was found in the men's restroom, but their phones were gone.

Then, the daughter remembered her MobileMe account. She had the Find My iPhone service activated. Authorities were able to locate the phone, and the culprit and the dirtbag was put in jail. 

 Source

3463_1732_cops-first-day

Thieves Watch Out

Now that everyone on iOS 4.2 can use the Find My iPhone service (even with an older iOS device, if you use a workaround) everyone can locate their lost iOS device. We suggest signing up. After all, it's free.

Isn't technology wonderful?

via ismashphone.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , , , ,

Thursday, November 18, 2010

How to Crack Password-protected Zip Files Using Linux | TechSource

Posted by jun auza On 11/18/2010
How to Crack Password-protected Zip Files Using Linux: In case you or your friend has forgotten the password of your password-protected .zip file that may contain important documents, music, or non-porn movies, there is really no need to worry as there are plenty of password crackers available out there. If you are using Linux, I highly recommend you download and use FCrackZip.

FCrackZip is a simple, fast, free, and easy-to-use zip cracker that is similar to fzc and zipcrack. Partially written in assembler, it uses brute force or dictionary based attacks to find the password. Although you will need the Linux terminal to use FCrackZip, a simple command is actually required to crack the zip password.

If you are using any popular or major Linux distribution, FCrackZip should be available on the software repository, and you could download it using the package manager. You may also download the latest version from HERE.

Since I'm using Ubuntu, I quickly installed FCrackZip from the command line using this command:

$ sudo apt-get install fcrackzip

After installing FCrackZip, you can either use brute force or dictionary mode to crack the password.

Here is a sample FCrackZip command one-liner using brute force:

$ fcrackzip -v -b -p aaaaaa -u your_zip_file.zip

From the screenshot above, you will see that I've successfully cracked a password protected zip file using the brute force method. From my experience, it took around 30 minutes to find password, but it is worth the wait. That's about it. You may also see the manpage of FCrackZip for other options or for further documentation.

You may also like our post about hacking Windows administrator password using Linux.
via junauza.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , , ,

Thursday, November 4, 2010

How to Break Into a Mac (And Prevent It from Happening to You)

How to Break Into a Mac (And Prevent It from Happening to You)

How to Break Into a Mac (And Prevent It from Happening to You)

We recently went through a few ways to break into a Windows PC without the password, and it turns out it's just as easy to break into a Mac too. Here's how to do it and keep yourself protected.

Just like on Windows, there are quite a few ways to break into a Mac, but many of them are variations on the same thing, so we're going to highlight the two easiest ways—one with a Mac OS X installer CD and one without—and show you how to keep yourself protected. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned "lazy method" with a Mac too—just boot up the computer with a Linux Live CD and start grabbing files.

How to Reset the Mac OS X Password

Both of the methods outlined below are ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they're either complicated to use or expensive to buy, so we won't go into them here like we did with Windows (which has the very easy-to-use Ophcrack). Both of these methods assume the target computer is running Snow Leopard.

Method One: Use the Mac OS X Installer CD

How to Break Into a Mac (And Prevent It from Happening to You)If you have the Mac OS X installer CD handy, it's super easy to change the administrator account's password. Just insert the CD into the target Mac and hold the "c" key as you boot up the computer. It will boot into the Mac OS X installer. Once it does, head up to Utilities in the menu bar and choose Password Reset. You'll get a window prompting you to select the drive on which OS X is installed; so choose the drive you want to get into and select the user who's password you want from the drop-down menu.

How to Break Into a Mac (And Prevent It from Happening to You)

Enter a new password for that user and hit the save button. That's it! When you reboot the computer, you can use your new password to log into the computer. Note that unfortunately, you still won't be able to unlock the Keychain, so if what you're trying to access has another layer of password protection, you won't be able to access it.

Method Two: Boot into Single-User Mode

How to Break Into a Mac (And Prevent It from Happening to You)

If you don't have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. Type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:

/sbin/fsck -fy /sbin/mount -uw / launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist dscl . -passwd /Users/whitsongordon lifehacker

Replace whitsongordon with the user who's account you want to access and lifehacker with the new password you want to assign to that user.

If you don't know the users username, it should be pretty easy to run ls /Users at any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that, once again, this doesn't give you access to the OS X Keychain, so anything protected with another layer of password s will be off-limits.

How to Protect Your Mac from Being Broken Into

Luckily, while it's pretty easy to break into a Mac, it's also just as easy to protect yourself. Just like last time, our main recommendation is encrypting your entire OS. Note that this does not mean use OS X's built-in FileVault tool. We weren't impressed with FileVault the last time we looked at it, and it turns out it's pretty easy to get past FileVault's protection.

How to Break Into a Mac (And Prevent It from Happening to You)Instead, we recommend you use our favorite free, open-source encryption tool TrueCrypt. It came out with a Mac version back in 2008, and it still works wonderfully at encrypting entire partitions and drives on your computer. And, since anyone wanting to boot the computer needs to know your TrueCrypt password, they'll never even get to the password reset stage—so all your files will be safe.

Update: As many of you have pointed out in the comments, I misunderstood a few things about both FileVault and TrueCrypt. FileVault is not easily bypassable, and while it won't encrypt your entire drive, it should keep you safe from the above methods. TrueCrypt cannot currently encrypt an entire boot drive on a Mac.

However, you also pointed out that there's another simple way to keep people from resetting your password, and that's using a firmware password. If you have a Mac OS X installer CD, you can boot up from it and go to Utilities > Firmware Password Utility and set a firmware password. This prevents other folks from being able to boot up your computer from another hard disk, CD, or in single user mode. Someone with bad intentions could still bypass it, but it would quite a bit of alone time with your hardware. So, for best results, you'll probably want to encrypt your files with FileVault and set up a firmware password.

As always, these are just a few of the easiest ways to break into a Mac. Do you know of any others? Share them with us in the comments (don't forget to share their weaknesses, too, so we know how to protect ourselves from them).

Send an email to Whitson Gordon, the author of this post, at whitson@lifehacker.com.

  • Follow us to see the most popular stories among your friends -- or sign up for our daily newsletter below.


track'); track


Your version of Internet Explorer is not supported. Please upgrade to the most recent version in order to view comments.

Open Firmware will stop both of those.

Now, open Firmware CAN be bypassed, in fact very easily - simply by pulling out a stick of ram and then booting into SUM.

I also believe that OFP is not worth the hassle of losing single user mode, target mode, netboot, or risking forgetting your (hopefully different) password.

What WILL help you is to use Lock with SUM. Linux/Unix users will know that lock is a standard feature on most flavors - and was even included with OS X up to 10.4. setting up lock will password protect single user mode - meaning no sudo rights, meaning no passwd command.

Of course, with enough time and effort, someone will always be able to get to your files - but if you're worried about somebody sneaking a peek at Starbucks, or on your desk without you knowing it - lock or OFP will help. It's not like people walk around with live CDs or Boot discs in their pockets (I don't think...)

[port22tech.com] Reply


In regards to firmware password: Be very careful to never forget that password... those can NOT be recovered or reset, AFAIK. It's a great way to brick your precious Mac. I believe this only applies to Intel-based machines, as the older PPC-based machines could be reset with a hardware hack. Reply

gemcosta approved this comment

You can also hold the T key down on any Mac whilst it is booting and it will be placed in Target Disk mode, which effectively makes the entire machine an external FireWire hard drive. You can copy data as you wish or clone the entire system from Disk Utility on another Mac. Once you have the cloned system, you can restore it onto another Mac and have at it (password reset). This will prevent the user from even knowing you were there, because if you reset the password before you clone the system, they will know as they will not be able to login with their password.

You CANNOT use password reset on an account with FileVault turned on. If you copy the sparse image of a file vaulted machine, you will need the master password to open it, there is no way around this. Reply

omgwtflolbbqbye promoted this comment

Be careful, I've done this twice, and lost all my data both times. Reply


There is no need to do the hardware hack... Just hold command+option+p+r and after 3 or 4 chimed reboots, the FW password won't be there. Hopefully Intel will make something more secure using EFI at some point. Reply


Here's the reality, folks - physical access to a computer = access to the data stored on that computer. There's no way to change this. Reply


"You can do this on a Mac, only faster and more efficiently."

He Hee. Reply


Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage. Reply

Whitson Gordon promoted this comment

Just target boot it into an external firewire drive status and then take whatever you want. Reply


What I'm wondering is, why is Lifehacker teaching people how to do break into other people's Macs? It's great to educate people of the danger and how easy it would be for someone to do it, but detailing exactly how to go about doing it makes this just as helpful to someone wanting to break into a Mac as it is for someone who wants to protect themselves from it.

It's like detailing how to make the bomb while telling people how to protect themselves from an explosion. Reply

Whitson Gordon promoted this comment

I totally posted this on the facebook link of the last breaking in post. :P

I love single user mode, amazing exploit. My school has a 63 character WPA2 wifi code and the Macs allowed me to bypass it easily (after I'm in as admin, just go to wireless settings and view passwords). Easy.

Also, if you want to find out the password itself rather than changing it, you can use the command "nidump passwd" to give you the password hash which can then be cracked with John the Ripper. Reply


Does the CD have to be the one that came with the Mac? For instance, my friend and I both have MacBooks, but he lost his CD. Would my CD work on his? Reply
danielblakes promoted this comment

"it turns out it's just as easy to break into a Mac too"

I'm going to go out on a limb and say it's even easier. A decent amount of Mac owners believe that their computers are basically immune to this kind of thing, so they're less likely to take some of the precautions that Windows users might take.

That said, of course, it comes down to the individual users at hand, so it's good that you're providing ways that we can protect ourselves, Mac or PC. When you see how easy something is, it makes you that more likely to realize you might just need protection. Reply


I think you might be missing a few things.

On the Mac side of TrueCrypt...it supports encrypting entire volumes - but not the boot volume. You actually have to boot the OS and login in order to use TrueCrypt volumes. You cannot encrypt the OS itself...so it would not prevent resetting user passwords by either of the methods you described - or protect the OS from tampering. It would just potentially prevent access to the files inside a TC encrypted volume - which is admirable, but can be accomplished via many methods, including encrypted image files within OSX.

Also the article (from 2005) that you referenced on FileVault does not actually provide a way to magically bypass the master password and access FileVault folders...it allows you to reset a forgotten password. Any volumes that were already encrypted with FileVault would be inaccessible to you unless you knew the specific volume password.

One can also set a firmware password that will disable booting from anything but the harddrive, disables auto-login for single user mode and turns off firewire DMA...but unfortunately pulling a stick of the ram and powering up will bypass that otherwise fairly decent bit of security. Reply

Whitson Gordon promoted this comment
bobeyjoe approved this comment

I remember stumbling across a great article a while ago about how to extract and crack the Salted MD5 password hashes on OSX.

I haven't been able to try it yet because I haven't been able to compile John The Ripper properly, but it honestly doesn't seem that hard. Reply

Whitson Gordon promoted this comment

Golf clap. ;)

Firewire access used to be another attack vector that works on Windows, Mac and Linux. Reply


Wow, great article Whitson. I knew about the DVD password reset, but never knew about the command-line. It's scarily simple. Reply


Just assume if someone has physical access to your computer, your information is compromised. Reply
damis648 promoted this comment

You can also use your OS X install disc to set up a firmware password. This prevents booting to anything other than the hard drive without first entering the firmware password, and also prevents single-user mode. Shy of physically removing the drive, this should be sufficient to protect your Mac, in addition to a strong user password. Reply
pedersencato promoted this comment

Very good article. It's also possible to prevent this by setting up firmware password protection (can't boot CD or get into single user mode).

Also, using FileVault for your home directory will protect it, even if the account password is changed.

PS. Doing
rm /var/db/.AppleSetupDone
is a neat trick in single user mode, and will bring up the Setup Assistant at the next boot, as if the Mac was brand new, and offer to formally set up a new admin account. Reply


Wow, this was enlightening. Thanks for the read! The CD reset one is ridiculously easy. Command line isn't hard either. It's really surprising how easy it is to bypass what is seen as a very secure method of keeping your files safe.

I once read about how to use TrueCrypt to load two OSes on a single harddrive, with one a hidden OS and the other a decoy. Does that work with Macs, as well? Reply


via lifehacker.com

Posted via email from ://allthings-bare

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)