free adobe palace script font download

Adobe Photoshop CS5 cheap free safe download of adobe acrobat reader download crack for adobe authorware 7 cheapest download stand alone adobe flash adobe elements download

adobe cs2 download free crack key generator

Adobe InCopy CS5 for Mac cheapest adobe flashplayer free download adobe version cue update download windows cheapest adobe illustrator 10 free download adobe photoshop 70 download

download adobe photoshop cs2

Adobe Creative Suite 4 cheap adobe photoshop cs3 iso file download free adobe acrabat reader download buy cheap adobe acrobat raeder v7 download free download adobe acrobat professional 6

adobe photoshop font download

Adobe cs5 Design Premium cheap adobe flash reader download free ware download adobe photo shop buy cheap download adobe imageready free adobe dream weaver 8 download

free download adobe photoshop cs2

discount Adobe Flash adobe 8 reader download adobe version 7 download buy cheap manually download of adobe flash player 9 how to download adobe premiere pro free

adobe illustrator download free

cheap PDF to-EXE Converter adobe photoshop font download download adobe indesign cs3 buy cheap adobe reader download full download adobe acrobat megaupload

adobe illustrator cs3 crack download

Autodesk Simulation 2012 buy cheap adobe 5 free download adobe purchase products maintenance download contacting typeface cheapest adobe reader free download for windows vista download adobe premiere pro

adobe acrobat 6 full download

AutoCAD Electrical 2012 discount adobe reader vista download free download adobe photoshop cs3 extended me trial buy cheap download adobe professional download adobe svg viewer

download adobe gamma

cheapest Autodesk AutoCAD download adobe download manager free acrobat adobe download cheapest download adobe reader fur windows 2000 free download adobe flash player

crack adobe photoshop cs3 download

buy cheap AutoCAD 2010 adobe pagemaker download full free free adobe image ready download discount adobe illustrator cs2 trialware download adobe flash player 8 free download

free download adobe premiere pro cs3

AutoCAD 2012 buy cheap adobe image ready download download adobe photoshop elements discount download free adobe standard sf86 sf 86 sf 86 download adobe pdf

adobe download photo shared shop

cheapest AutoCAD for MAC adobe premmiere free download download adobe shockwave player discount free adobe acrabat reader download adobe flash player and download

iran download adobe photoshop

cheap adobe acrobat x free download of adobe reader 8 download and edit adobe files buy cheap adobe fash player download adobe after effects full download

adobe flash lite download

adobe acrobat x suite discount buy adobe photoshop download free download adobe acrobat reader professional 6 cracked discount adobe flash player 9 active x download free adobe ilrator download

adobe premiere tryout download

buy cheap adobe creative suite 4 download adobe photoshop 50 download adobe photoshop full cheap adobe photoshop download discount software download adobe 5

download adobe gamma download

discount adobe creative suite 5 how to download adobe on psp free ware download adobe photo shop cheapest adobe flash player version 9 free download free download adobe lightroom

cnet download adobe

adobe cs5 cheap adobe player download center free download adobe ilustrator discount best adobe acrobat download adobe indesign 2 for windows download

adobe acrobat download for mac

Adobe cs5 Design Premium cheapest adobe audition full download adobe photoshop element download buy cheap adobe acrobat reader 5 0 free download adobe download 8

adobe player 8 download

cheapest Adobe CS5 for mac adobe gamma download adobe acrobe free download cheap free download adobe pagemaker can we download adobe flash player file

download adobe flash player stand alone

buy cheap Adobe cs5 Production Premium adobe internet explorer download security adobe cs3 patch download discount adobe premier download crack free download adobe flash

download and install adobe flash onto my computer

cheap Adobe Dreamweaver CS5 download adobe photoshop 70 adobe pdf reader free download discount where can i download adobe flash player 9 download adobe creative suite 2 premium

how to download adobe flash files

Adobe eLearning Suite discount adobe premmiere free download free download adobe photoshop cs2 cheap pc wont let adobe plug in download download adobe illustrator cs

adobe flashplayer 9 download

Adobe eLearning Suite 2 buy cheap direct download links adobe download adobe illustrator cs cheap adobe illustrator 8 download adobe shockwave player download

download adobe media encoder

Adobe Flash Catalyst CS5 cheapest download adobe premiere effects adobe photoshop elements download discount adobe lightroom update download mac osx adobe reader kostenloser download

adobe after effects cs2 download

Adobe Illustrator CS5 cheapest adobe player download center adobe download free premiere discount adobe illustrator 8 download adobe flash direct download

free download for adobe streamline 4

cheapest Adobe Indesign CS5 free download adobe after effects for mac download adobe reader cd cheapest adobe acrobat reader free download download adobe ultra

adobe creative suite 3 download

cheap Adobe Photoshop CS5 adobe audition download free adobe acrobat reader 6 download cheapest adobe acrobat writer download adobe 10 download

macintosh download adobe acrobat reader

Adobe Photoshop Lightroom 3 discount adobe audition 3 free download adobe macromedia flash player 7 download discount free adobe photoshop full download adobe photoshop elements 5 free download

Archive for the 'Security' Category

« Previous Entries
Next Entries »

How to get a Hotmail password (X): Stealing files with NetBIOS

Published by
madelman
March 10, 2006 in Beginner, Passwords and Security. Comment

Finally, we get with the last method in the list. This depends, as always, on the user having a poor knowledge of security and using operating systems not properly secured. It’s really common for a lot of users who have more than one computer connected by a network to share part or all his disks.

In this case the technique is a combination of some the last ones but applied to the shared disk. Most times this shared disks don’t have any protection applied to them, not even a password or the password is blank, so reading its content is as easy as connecting to them with the network browser.

Other times, the shared disks have a password protecting them, but it’s not uncommon to be able to find this password in a few tries. We can also try to do a bruteforce attack with programs like NetBrute, which have an scanner than can find all computers with shared disks and have a version of the programs that allows bruteforcing passwords.

If we want to protect against this attacks, we must check carefully whether we have shared disks and only enable them in case it’s essential. If we have to enable them, we should get a strong password, ideally made from random characters and long enough.

How to get a Hotmail password (IX): Bruteforce

Published by
madelman
March 7, 2006 in Beginner, Passwords and Security. Comment

The title of this post might be a little misleading, as getting a Hotmail password using bruteforce is not really possible. The security engineers at Hotmail have implemented a system that blocks an account when more than some incorrect passwords have been entered, so this will not be really applicable to Hotmail, but might work in other e-mail providers.

But, first of all, we must know what bruteforce is. This is a technique that simply tries all possible passwords from a list until it finds the correct one. The list may consist of some selected words (for example, words extracted from a dictionary) or we can try all possible combinations of letters and numbers with different lengths. Chrootstrap has a good explanation about this.

Fortunately for us, this is a very noisy technique, leaving a lot of logs in the server and easily detectable so not many people are going to try this. Furthermore, most e-mail providers won’t allow use the use of this technique, blocking the account for some time after a few tries, although this can also be a double-edged sword, as if the attacker repeats this for a long time we wouldn’t be able to use our account.

More contests to hack Mac OS X

Published by
madelman
March 7, 2006 in MacOSX, Medium and Security. Comments

In my last post about Mac OS X I talked about someone who asked hackers to try the security of his Mac mini and discovered that it had been compromised in 6 hours. But what I didn’t tell is that he allowed anyone to create an account in his system, from which a local exploit was probably used to gain superuser access.

Usually, local exploits are easier to find and give you full access to the system, so having an account in that computer made the challenge much easier. It’s not very normal to find a server connected to Internet where anyone can login and create his own account.

Another owner of a Mac mini has decided to try this again, but this time not allowing the creation of local accounts. The server is located at the University of Wisconsin and the instructions are at Mac OS X Security Challenge. Will anyone be able to hack into this system and modify the webpage? Maybe or maybe not, but at least, this is a more realistic scenario than the other contest.

From | Netsec 

How to get a Hotmail password (VIII): Breaking into the user’s computer

Published by
madelman
March 6, 2006 in Beginner, Passwords and Security. Comments

One of the most known method used by hackers is breaking into someone’s computer using an exploit, a program designed to benefit from a vulnerability in remote software. In one of the Matrix sequences (The Matrix Reloaded), Trinity uses an exploit to get access to the server.

Nmap_matrix

Having access to another computer can be really useful to apply some of the other techniques explained, like installing a keylogger or sniffing the network data. To hack into a computer, you need some information about it, like the operating system used, the services it is running,… and if some of these services is vulnerable you’ll need to find an exploit for it. Not an easy task.

There is not a single way to protect from these kind of attacks but a firewall is a first step to do it.

Mac OS X not as secure as you thought

Published by
madelman
March 6, 2006 in MacOSX, Medium and Security. Comments

Many Mac users think they are not in danger when using their computer, as Mac OS X is thought to be quite secure. But this isn’t true anymore, as we have seen in recent news with the apparition of two viruses which exploit some vulnerabilities in the operating system. Although these viruses have not been seen in the wild, because they were intentionally crippled, the damage is already done as some simple modifications would allow them to expand.

But these viruses are not the only threats to Mac OS X as the owner of rm my Mac discovered a few days ago. Trusting his operating system, he invited hackers to try to delete (rm is the unix instruction for deleting files) all the files in the disk of his mac mini, which was connected to Internet.

Six hours later, he discovered that it had been hacked, but the attacker didn’t remove his files, although he could have done it. According to the hacker, the machine was attacked with some unpublished exploits for Mac OS X which have not been been made public yet neither have been patched.

So, if you own a Mac you should better be aware of this and try to protect it. A firewall and deactivating all not needed services is the least you can do. I don’t currently own a Mac, so I don’t know if the default configuration already does this (should do it), but better check it before it’s too late.

From | ZDNet

How to get a Hotmail password (VII): Recovering it from another account

Published by
madelman
March 5, 2006 in Beginner, Passwords and Security. Comment

Most web-based mail accounts have an option to recover a forgotten password. They usually work in two different ways: sending the password to a different e-mail acccount or asking a question about something only the owner can know.

In the first case, if we know which account will receive the e-mail with the password we can try to recover it from there if it’s easier than the one we want. Maybe it’s another account which we already have to password or we can get access easily to it.

In the second case, we can try to guess or get to know the answer to the question. Usually, these questions are really easy to answer, for example “mother’s maiden name” or “name of your pet”, and with a bit of investigation we can recover these passwords.

If we want to protect from these attacks, we must choose a hard to answer question. Depending on the email provider we are using they will let us choose the question or we will have to select from a predefined list. If we can choose it it will be easy to enter a really difficult question. If we have to select one from a list we can enter a totally unrelated answer, taking care of remembering it just in case we need it later.

How to get a Hotmail password (VI): Sniffing

Published by
madelman
March 4, 2006 in Beginner, Passwords and Security. Comment

When connected to Internet, all data received and send is transmitted through some medium, be it a network cable, the air when you are using wireless or the telephone when using a modem. This medium is not always protected against eavesdropping, so if the data is transmitted without some kind of protection it can be seen by whoever is listening to it.

For example, in a typical network, like the one you can have at home or at work, it’s usually really easy to intercept all the communication. In the past, Ethernet LANS usually used hubs, a connector which retransmits the data to all computers attached to the network, so everyone could see all the data only by telling the network card to do it. In the present, hubs are quite rare and have been substituted by switches, which work in a similar way but don’t transmit the data to all computers, only to the destination one. But, some software exists which can be used to confuse the switch and make it behave like a hub, making it to transmit to everyone.

If using a wireless network it can be even easier to get this data, as the air is used to transmit it so everyone can read it. By switching our network card to a state called monitor mode all the signal received from the air can be recorded and analized.

We need to get some protection against this kind of attack and the best way to do it is to use Secure HTTP, a protocol which encrypts the data send and received in a way only the original server and the client can read it. We can recognise if we are using this kind of protocol by looking at the URL of the page, which should begin with https:// instead of the usual http://. For example, in Yahoo! Mail you can choose to use one of the two modes: Normal and Secure. Always choose Secure, especially if you are connecting from an unknown network, like in an Internet café or from work.

How to bypass the BIOS password

Published by
madelman
March 3, 2006 in Medium and Security. Comments

I usually like to put a password in the BIOS, not really for security, but to avoid someone messing up with the settings and rendering the computer unbootable. Unfortunately, sometimes I can’t remember the password I used in some computer and, as they are not very critical, I don’t have them written anywhere.

When in need to change it the easiest way is usually opening the computer case, finding the jumper for clearing the CMOS and setting it for a few moments. If we can’t find the jumper, mainly because we don’t have the mainboard manual, we can remove the battery (if it’s removeable, sometimes they are not) and wait for half an hour. With these methods, the password disappears, but also does all the rest of the information saved in CMOS, so we’ll have to configure the settings again

There are other software methods if you don’t feel like opening your computer case. Get into a DOS prompt and execute the DEBUG command with these instructions

c:\> debug.exe
-o 70 2e
-o 71 ff
-q

This works in almost all cases, but it’s a little dangerous, as you could damage something in memory, so you better take care.

From | Info Directory.

How to get a Hotmail password (V): Passwords stored at ISP

Published by
madelman
March 3, 2006 in Beginner, Passwords and Security. Comment

As we explained in the the second technique, many people use the same password at different places so, if we can find one them it will be easy to try it in other sites.

Passwords stored at the ISP might be more easy to find than in other sites, depending on the ISP used. Some of them don’t care too much for security or have employees who can be tricked with social engineering. It’s a shame that people who should be really conscious about security are sometimes the least informed.

A lot of times a single telephone call can be used to retrieve the password. If this doesn’t work and we know some advanced security we can try to find some bugs at ISP’s site, which sometimes are not as secure as they should be.

For us, as users, it’s quite difficult to defend from this type of attacks, as we must trust the ISP and its security. The only thing we can do is try to get information about past security incidents at the ISP, although this can prove difficult, as they don’t usually publish this kind of information. Luckily, every day ISPs give more importance to security so it’s more difficult to accomplish this attacks.

How to get a Hotmail password (IV): Keyboard logging

Published by
madelman
March 2, 2006 in Beginner, Passwords and Security. Comments

Keyboard logging is the name of the technique used to record all keys pressed by the user of a computer so we can know what he has been doing and all the text he has entered. Of course, if he has used that computer to log into his email account he will have entered the password so it will be recorded with the rest of the data.

There are two different types of keyloggers, software-based and hardware-based ones. The hardware based ones have to be connected between the keyboard and the computer, so you need to have physical access to it to install and to recover the data. On the other hand, these can not be detected with software so they can be hidden quite easily if the keyboard connector is not at plain sight.

Hardware keyboard loggers are not always a malign tool, they can also be used to keep a backup of text written in your computer. For example, Keyghost sells loggers with up to 1 megabyte of memory, where you can save lots of keypresses. If you are a writer or are writing something really important for you, as your thesis, it might be handy to have one of this in case something happens to your harddisk. Any way, this should be no substitute of correct and timely backups, but can be of great help.

The software based ones are simple programs which remain resident in the memory of the computer, monitoring all pressed keys and recording them to a file which can be later retrieved by the attacker. The most sophisticated ones are really stealthy and can even send the collected data by email, so the process is automated.

To protect against keyloggers the most important measure we can take is not to use critical passwords in computers not owned by us. So, don’t login into your bank or your email account in an Internet café, at university or from work, only do so from your home machine. If you must do it, then you better check the connection from the keyboard to the computer to see if there’s some strange gadget attached to it.

To protect against software keyloggers, we can use classical antivirus or antispyware but some keyloggers (mainly custom made ones) are not detected by these utilities, so we can use KL-Detector, a software that checks if any program is recording the keys to a file.

« Previous Entries
Next Entries »
Text Link Ads

About

Becoming paranoid is a weblog about computer security, privacy and staying safe online, specially dedicated to novices
If you want to know something more about us, visit our contact page.

If you enjoyed Becoming paranoid, you can have a look at the rest of our blogs:


Latest

RSS

Sponsored links


Search

Search in the Becoming paranoid Archive


Subscribe

Enter your email address:

Delivered by FeedBurner

Archives

Categories