Home » Tag Archives: Hack

Tag Archives: Hack

10 Tricks Securing Your Account from Thieves

Yahoo! admitted that over 450,000 username and password users have been hacked as hacker group publication, D33Ds, who on Wednesday (11/7) last claimed responsibility for the attack. Although confirmed only less than 5 percent Data that leaked D33Dsn is valid, Yahoo! recommends users change their passwords.

In addition to changing passwords here are some tips you can consider for safe surfing in cyberspace.

1.Password Manager

The use of a password manager help you make a strong and unique passwords for various online accounts. These services also prevent you from using the same password for multiple accounts.

Because it is integrated with a web browser, a password manager will automatically save and fill website login forms and securely set up your online life. Several password manager of choice, such as: LastPass, KeePass and 1Password.

2. Secure Gmail

Not good if you have a Gmail account and use the same password with other online accounts. You need to enable Google two-step verification to ensure that no person who opened e-mail without your knowledge. These features are ensure to login to your account process into two steps. Before you can open an account, Google will send a verification code to your mobile phone to make sure whether you want to access your Gmail account. If necessary activate this feature in Google account settings.

3. Full Disk Encryption

Set up and use the full disk encryption to protect your data, especially when you’re on the way. Full disk encryption uses a mathematical technique for scrambling data so it can not be understood without the correct key. Please check here the usefulness and how to use. Windows users have access to the Microsoft BitLocker while TrueCrypt provides cross-platform compatibility at the most.

4. Switch to Google Chrome

Google Chrome so far considered the most secure browser than others. You can download the KB SSL Enforcer extension that will forced search encrypted when possible. The extension also automatically detect if a site supports SSL (TLS) and redirect search session to session encryption.

5. Secure Cloud Data Store

Get used to store contents your computer to an external hard drive or to a secure online service. Companies like Mozy, Carbonite or iDrive can be used each one to back up data from files, music, to photos.

6. Uninstall Java If not Used

Uninstall Java from your computer if it is not necessary because past two years Java vulnerabilities are always targeted by malicious hackers.

7. Adobe Reader Sandbox Technology

Adobe Reader often become main target group of skilled hackers and organized, especially for business groups. The latest version of Adobe, Adobe Reader and Acrobat X has a Protected Mode sandbox technology which serves as a major deterrent from harmful exploitation. Sandbox is a technology for secure web through isolation, without a gap that can be hacked by hackers. If are not already using, you should immediately update as soon as possible.

8. Install VPN Service

We all used to check e-mail or Facebook status update from a coffee shop or public WiFi network. It’s important to install virtual private network (VPN) to encrypt your activities and keep your personal data falling into the hands of malicious hackers. The following video explains everything you need to know about VPN and how to set it up to authenticate and encrypt your search on the web. If using a public computer, consider using a VPN application that can run with a portable USB drive.

9. Don’t Share ‘Anything’ in Social Network

Social networks like Facebook, Twitter and LinkedIn are good hunting ground for cyber criminals. Use common sense when sharing data, even when you think were in a trusted environment. Do not share any sensitive issues or excessive because your privacy is never guaranteed. Consider the safety features and try to avoid clicking on the video or a foreign link that could lead to attacks.

10. Always Update to Latest Version

Hackers rely on security vulnerabilities as the entrance to your device. It’s important to make sure your computer is always safe and allows the automatic update every existing software. Use the Windows Automatic Updates to ensure improvement of operating system always on time. Use a reliable anti-malware software and delete any that do not want to use.

How to Secure Online Transactions? Tips to Securing and Vulnerabilities

Can not be denied, the number of users online transactions each year continues to increase. Harris Interactive survey conducted in February-March 2012 said there were 57 percent of Internet users who manage bank accounts online and make online shopping. Of these, about 31 percent admitted they store data banking on the hard drive.

Therefore not surprising that banking information is very tempting targets for cyber criminals. The target was none other data such as login passwords, code validation and confirmation of transactions that they could use to fake himself as the owner of an electronic account. In addition, e-mail is also often used as one of the simplest ways to get financial information.

E-mail like this usually contains a message that entices the recipient to provide personal information or visit the official website of a particular bank. Another way is to include a link that directs consumers to third party sites that contain malicious programs. The cyber criminals can steal information from infected systems, by means similar with theft information through websites ‘official’ that they make, or make the interception of information typed through a browser. Interception can also be done directly using a keylogger.

One of the trojan that took part in a theft trick this is Trojan-Banker.MSIL.MultiPhishing.gen. This Trojan detected by Kaspersky Lab experts in January 2012 ago. This Trojan is designed to steal credentials major banks in Europe.

So, although this trojan has entered into a victim’s computer, but this trojan will not be activated immediately, but waits until the user is logged into one bank online services. How it works, the trojan will display a window that mimics the bank authorization form that is accessible, while the original windows from bank will be closed by this trojan. This Trojan can be detected by antivirus registered in England.

To protect customers from threats that exist when doing online banking, some banks apply to their own protection. For example, multiple authentication which requires customers to use two passwords. The first and second login to confirm payment or other transaction.

This can be combined with one-time password system that sent the bank to make cell phone customers every single transaction. Another way is to give a token to its customers to generate passwords on request. In addition, for the outside teller transactions, such as online banking, mobile banking, SMS banking and others, banking uses SSL secure connection that reduces risk of Data theft during transmission.

To ensure the security of your banking information – and the system you use – it takes a reliable antivirus solution with a reliable Internet security. This solution should be able to protect your computer from malicious software, network attacks and malware in e-mail traffic using traditional technology and proactive. You also need an antivirus program that can protect you while exploring the virtual world. To overcome the keylogger can intercept data to typed on your keyboard, you can use a virtual keyboard.

Safe Money Kaspersky provides technology designed to protect banks and other financial information during transactions. Some of the protection offered by this solution are:

  • Database address of bank and trusted e-payment system that can be modified by the consumer;
  • Tools to verify the identity of a server;
  • Tools to scan your computer and look for vulnerabilities that affect the security of online banking;
  • Protection of the browser creates an isolated environment for bank sites, payment systems and online stores;
  • Features that protect the Secure Keyboard Data entry with the help of a special drive and mouse-driven virtual keyboard.

Useful Security Tips from The Top IT Experts in World

Learning from mistakes makes you getting smarter. Moreover, if existing errors coming from the professionals expert.

IT professionals can get caught on tricks of cyber criminals. However, from there they can share useful lessons for all computer users. CnwinTech ask some leading IT experts about their experiences while connecting to Internet. Their experience could be valuable lessons for Internet users.

CnwinTech does not expecting get so many honest answers and some very open. Eugene Kaspersky tells how he succeeded in thwart the kidnapping of his son. Figure of open source, Richard Stallman also expressed his personal opinion about some errors in Windows operating system.

Actually, anyone can implement its own principles in securing data. However, the experience of the experts may also be a personal safety guide.

Eugene Kaspersky: Kidnapping

Click to Expand

Click to Expand

April 2011 ago while a married couple retired Russian kidnap his son, 20-year-old Ivan. To free his son, Eugene Kaspersky with police setting up a hoax. Utilizing the local media, Eugene Kaspersky maneuver distracted the kidnappers by informed that he had paid a ransom of three million Euros. Hoax was successful and further police make action to liberate Ivan without injury.

However, these events brings its own lessons to Eugene Kaspersky. The investigation revealed that the perpetrators collecting personal information from social networks and observing daily activities of potential victims. With this information, they planned criminal.

“No one knows exactly the reason they chose Ivan as a victim,” said Eugene Kaspersky in a special interview with CnwinTech. “However, I suspect because Ivan publish too much personal information on Vkontakte (Russian Facebook),” he added. With that information, kidnappers can easily find out detailed activities of Ivan, watching, and calculate the level of personal security.

With the case, Eugene Kaspersky today still feel guilty since he did not explain the dangers of using social networking and do not give advice to restrict the publication of personal data. “Do not make the same mistake. Act immediately to protect your children”, he warned. 

Thorsten Holz: Hackers who hacked

Click to Expand

Click to Expand

Cyber criminals can also be trapped. When Thorsten Holz see better control server of a network bot for research purposes, he did not believe he was seeing. Bot network administrator does not change the default password server. Thus, the researchers were able to copy and analyze the huge numbers digital loot.

“With the verification of two factors, the network must be more secure (from us)”, says Thorsten Holz. In addition to the password, the user must enter a TAN which will be received on mobile phones via SMS or TAN-apps. Login is just using your username and password hacker easier. With a trojan keylogger, hackers can read any password easily. Currently, Google and Facebook have provided two-factor login.

Mikko Hypponen: Account hijacked

Click to Expand

Click to Expand

Finnish men began a career as a creator of virus. When teenager, Mikko Hypponen make Omega virus which he said is not dangerous. However, he quickly turned toward becoming a major virus hunters at F-Secure and consultants of international security institutions.

Since the 90’s, cyber crime is a billion-dollar business and virus makers likes to targeting community. From there, Mikko Hypponen draw lessons, a program whose name is not familiar (not known) rarely get into the target criminals. “Use another program,” Mikko Hypponen advice. There are many alternatives, like Linux replacement for Windows 7, Foxit Reader replacement Acrobat Reader, or IE replacement Opera.

Bruce Schneier: Brain-Backup

Click to Expand

Click to Expand

Bruce Schneier store data in two brains. Laptop containing e-mails, contacts, and agenda, it’s easy to hijacked. “Backup in my brain,” joked Bruce Schneier. However, this is true because if your life a lot going on computer, data leakage will be more easily happen. With distributed backups across multiple storage media, data security will be more preserved. “Always make backups!” Bruce Schneier said.

Konstantin von Notz: Encrypting e-mail

Click to Expand

Click to Expand

Konstantin von Notz, one of the Green party politicians in the state of Schleswig, Holstein, Germany, fighting for security e-mail as connection between the community and board members via e-mail that encrypted and providing a free application to open it. E-mail encryption is always discussed within the community. Communication without encryption is not compatible with data protection. E-mail without encryption can be read by anyone in the network.

Jacqueline Beauchere: Choose your friends

Click to Expand

Click to Expand

Children are a favorite target of ID thieves. Jacqueline Beauchere, Microsoft security experts found several cases of ID theft on behalf of children who can make many losses. With a social insurance number, criminals get credit for shopping. Losses borne by parents of course.

Therefore, Jacqueline advises young parents to make online security an family theme. You have to explain certain restrictions, including checking list of Facebook friends on a regular basis. This must be done because the case has been common, the best friend today could be the main enemy in the next day.

Digital clean-up on a regular basis can prevent cyber-mobbing. “The end of school year or when changing schools is a good time to do it,” said Jacqueline. “Check your list of friends on social networks with your child and remove any of some can be dangerous,” she said.

Brian Krebs: Unfriendly Resources

Click to Expand

Click to Expand

Brian Krebs has learned from bad experiences. “Internet is good, but with good control as well”, said Brian. Several years ago a hacker wrote to him: “Hi Brian, look at this link”. He not only saw, but clicking on it. After that, the operating system is destroyed. For hours he tried to make computer work again.

Since then, this security experts separate work environment from external communication. “You never know who sent people through Internet, even by friends though. They can send malware”. Now, Brian Krebs much more cautious. “I only install programs that I know and I really want,” added Brian.

Joanna Rutkowska: Secure System

Click to Expand

Click to Expand

Overcoming the problem at its root is the principle of Joanna Rutkowska. For her, a computer security should start from hardware. “During this operating system uses too few hardware technologies that can further improve computer security,” she said.

This Polish security researcher has argued like that because with their team Invisible Things Lab, she has been working on open-source operating system QubesOS extremely secure. Therefore, Joanna Rutkowska does not offer a general security solutions are sold, but with the right answer to the question. For example, how to surfing every day in cyberspace safely?

Thus, you should try to own and use a variety of tools for different tasks. “I use the iPad for surfing and computers backed up to work,” says Joanna. However, it is no longer required when using QubesOS. “Maybe a few more years I can tell you, for those who want a secure computer, you only need to use QubesOS” added Joanna little promotion.

Richard Stallman: Windows spy

Click to Expand

Click to Expand

He is a tireless fighter for freeware applications. Not only that, he did not consider himself to security experts, but he relentlessly warn people about the dangers of computer. “For me the best example is Windows because it has monitoring functions, digital cuffs for user files, and security holes,” said Stallman warned. Therefore, he recommends using freeware software which no longer free to spy on users.

Stephen Pao: Dealing with errant staff

Click to Expand

Click to Expand

Each time Stephen Pao hiring a new employee, co-founder of Barracuda Networks WLAN is always keep an eye in the company. If these new employees brave to log on Facebook without HTTPS protection, hacker software Firesheep Pao’s will turn on alarm.

Furthermore, this network expert can log into a Facebook profile corresponding to view and modify various data at will. Pao just leave funny notes and warns employee with a special note that said “You already know, you work in an IT security companies? Use HTTPS!”

Without HTTPS, usually Data sent without any encryption between website and PC. In an open WLAN, it is an invitation for hackers. On Facebook, its setting option at “Account Settings | Securit | Secure Browsing“. If you have not already, please do. The same function is also offered many other web services.

Candid Wuest: innocent Flash disk

Click to Expand

Click to Expand

Due to already believed to their friends, without thinking Candid Wuest meets the friend request. However, Candid surprised by things he found in his friend flash disk? A vicious USB autorun worm that exist in flash disk. Ultimately, the worm can be active when the flash disk is inserted in a USB slot. Furthermore, the Worm can directly infect the test system’s Candid Wuest.

“I have to reinstall all the computers,” he said. An error due to lack of caution which is not easy to avoid this Symantec experts. Because not all programs recognize the security of any virus, online scan actually can help it. Virustotal.com web service instance can check files with assistance of more than 40 different virus scanner applications.

Sebastian Schreiber: outdated code

Click to Expand

Click to Expand

As request of company, Sebastian Schreiber had infiltrated into network as testers. However, he even panic when installing an application, but he forget the code. By doing a simple trick, still he did not succeed. Currently, simple tips and tricks are actually outdated. To protect your computer, you must take care with difficulty, making it vulnerable to dangers, and should be careful on Internet. Tips from Sebastian, if an expert promise a simple solution, always be skeptical because the experts themselves are not free from error.

Break Up to 450 Million Passwords per Second with Extreme GPU Bruteforcer

Extreme GPU Bruteforcer, developed by InsidePro is a program meant for the recovery of passwords from hashes of different types, utilizing the power of GPU which enables reaching truly extreme attack speed of approx 450 Millions passwords/Second .

The software supports hashes of the following types: MySQL, DES, MD4, MD5, MD5(Unix), MD5(phpBB3), MD5(WordPress), NTLM, Domain Cached Credentials, SHA-1, SHA-256, SHA-384, SHA-512 and many others.

The software implements several unique attacks, including mask and hybrid dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second!

Type hashes average speed (Using NVIDIA GTS250):

  • MD5 420 000 000 n/a
  • MySQL 1.08 billion n/a
  • MD4 605 000 000 n/a
  • NTLM 557 000 000 n/a
  • SHA-1 120 000 000 n/a
  • MySQL5 66 million p/s
  • LM 49 million p/s

The Program is easy to use, to launch the program, just pass the command-line parameters like – Name of the INI file with attack settings and Name of the text file with hashes.

INI File Parameters

[Settings]
 AttackMode=1
 LastPassword=
 CurrentDevice=1
 StreamProcessors=128
 PasswordsPerThread=3000
 Base64Hashes=0
 AttackTime=0
 DeleteHashes=0
 OutputFileFormat=0
 AppendToOutputFile=1
 AppendToDictionaryFile=1
 CustomCharacterSet1=
 ; ...
 CustomCharacterSet9=
 CustomCharacterSetA=
 ; ...
 CustomCharacterSetZ=
[BruteForceAttack]
 1=?d,0,9
 2=?l?d,1,7
 3=?l?d?s?u,1,5
[MaskAttack]
 1=?u?l?l?l?l
[DictionaryAttack]
 1=DictionariesInsidePro (Mini).dic
 2=DictionariesPasswordsPro.dic
[HybridAttack]
 Dictionary=DictionariesInsidePro (Mini).dic
 1=@
 2=@?d
 3=@?d?d

The name of a text file with hashes. The format string to hash a “one line = one hash”. In the distribution of the program includes test files with examples of hashes.

Here in above screenshot you can see that a alphanumeric 7 character NTLM password cracked with the speed of 553.510 Million passwords per second, this cracking process takes a few second to get the actual hash value by bruteforce process.

In another Example a 7 character alphanumeric MD5 password cracked with speed of 423.966 million passwords per second.

The main requirement is that your video card must support the CUDA technology. By default, the program is configured to run in the extreme operating mode to recovering passwords at the highest speed possible. But if it slow down your PC, then you can decrease the load on your computer, decrease the value in the PasswordsPerThread parameter in the INI file.

Extreme GPU Brute-forcer in Action:

United States Losing War Against Hackers

FBI is struggling to combat cyberattacks by hackers. “We’re not winning,” FBI executive assistant director Shawn Henry said. Four top government cybersecurity officials have basically come out to say America is getting her hiney kicked in cyberattacks by nation state hackers.

Shawn Henry, who is getting ready to leave the bureau after more than two decades with the law enforcement agency, says the United States is falling behind in the ongoing fight against cyber ne’er-do-wells.

“Your government failed you,” testified Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House. He said that to Congress about 9/11, but now he’s warning the people that we are defenseless when it comes to cybersecurity; our government has failed us again. Clarke stated, “Every major company in the United States has already been penetrated by China.”

Who declared this war and why did they declare it? Who surrenders in these sorts of wars? Who signs the papers? Of course, there is no war. Hackers hack and they will continue to hack. Someone will always try to stop them. Let me assure you burglaries are more frequent and generally more damaging to the man on the street yet nobody has declared a war on burglary.

Then Shawn Henry, the FBI’s ‘top cyber cop,’ told the Wall Street Journal the U.S. is “not winning” the war against computer criminals. Uncle Sam needs hackers because we are, in fact, outgunned.

FBI agents are constantly finding data stolen from companies who are not even aware their networks had been hacked, he said.”We have found their data in the middle of other investigations,” Henry said. “They are shocked and, in many cases, they’ve been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.”

In its war against hackers the FBI is outnumbered, Henry said, with too many hackers around the world and too many entry points in the companies and government agencies the FBI wants to try to protect.

Watch out, Free iPad Bid , turns out a Trap Click!

Trend Micro identifies a trap click of cyber crime to Facebook users worldwide, one of them, on my country.

In this case the user is prompted to share and comment on the death of Steve Jobs to get the prize thousands of iPad. This contest ends until October 10, 2011.

This information has been detected spread by viral, and indirectly provide fraud for millions of Facebook users around the world. Initially Trend Micro, have found a website that contains information to distribute of thousands iPad along with Jobs death to share links for facebook user, once asked to comment on the incident.

But when link clicked that appears about information that program does not exist in the area concerned, rather than thousands reward of iPad, this just advertising offers from some products raised by the scammers. Obviously the scammers will benefit from ad-click and viewed by the victim clicks. Profit increases if users share links to friends.

This incident was reminiscent of all Facebook users, in order to keep raising awareness so that they are more careful in various motives deception launched by these scammers, especially things that require you to click something, it is very important.

Russian Hackers Stealing Money American Citizen, Around U$3,2 Million

More recently, after a weekend that everyone thinks to get ready back activity, Trend Micro, the security company of mobile and cloud in the world , had just discovered the activities from a gang cyber hackers from Russia by using SpyEye-Zeus trojan to steal the money from U.S. citizens since January 2011 around U$ 3.2 million or approximately U$ 17,000 per day.

During the six periods since January 2011, Trend Micro found that “Soldier” has been infiltrated into various business institutions in America, such as banks, airports, research institutions, and even into the government and the U.S. military.

A total of 25.394 system have been infected because the virus along just 19 April and 29 June, 57% of them use Windows XP and 4500 victims infecting Windows 7. The majority of victims are in the U.S., though the victims spread across 90 countries.

Trend Micro also noted that important data steals is most widely taken from Facebook, Yahoo, and Google. But another page where user data stolen on eBay, Amazon, PayPal and Skype. SpyEye variants that they used in these operations are detected as TSPY_SPYEYE.EXEI.

The virus profile now have been changed dramatically – from a global pandemic into a sophisticated and targeted attacks. Recognizing that techniques they used in past not effective again, cybercriminals are now constantly coming up with new techniques to trick users and infecting. They continue to release new threat variants, improving the threat speed, and using the threat as a random attack, steal data through malware, and botnets.

One of their common practice today is to exploit information taken from social networking sites through the attack on these pages. They make money from here, and take advantage of zero-day vulnerabilities to execute an unknown attack.

This incident was reminiscent of all countries, in order to keep raising awareness that security intelligence in information technology, cloud and mobile, is very important.

NYC Hack Is Back

[ad code=2 align=left inline=1]

There’s something happening in New York City. New York Tech Meetup just announced they will be presenting hack demo at every one of their sold out events, New York’s first Music Hackday is hitting this weekend and it will be quickly followed by Foursquare’s first hackday the weekend after. Did the TC Disrupt Hackathon prefigure a growing trend here in the Big Apple?

This past weekend Columbia students demoed their best hacks, concluding their week-long DevFest 2011. Students had a week of workshops from local startups like Foursquare, Aviary and Bit.ly. The results were team hacks for everything from Facebook-generated birthday cards to time-sensitive, class-based messaging systems. Demos were presented to an audience that included New York startup luminaries including Fred Wilson, Chris Wiggins, Dave Jagoda, Steve Jacobs, Justin Singer and Thatcher Bell. Here are some of our favorites from DevFEst 2011.

Highlights

CU Board – Moses Nakamura, Andrew Hitti, Ephraim Park, & Mark Liu. A brilliant and potentially disruptive (for better or worse) idea for the classroom. Modeled on the anonymous boards in 4chan, the idea is to create discrete, time sensitive, open chat rooms tied exclusively to a class and only for the duration of a class. An online, digital note-passing system of sorts that gives students a voice and instructors an unvarnished, real-time view of their lecture.

CU Generals – Jacob Andreas. Inspired by the university’s existing “assassins” game, Andreas created a mobile web implementation that allows for team play and ongoing campaigns. The game uses location services to ensure that users have to actually run around campus to play and win. Excellent UI and gameplay for one dev over a week, new users were signing up and playing while the demo was happening.

Campus Walkabout – Benjamin Ludman, Jordan Schau & Eli Katz. A smartphone web app to give guided campus tours, Campus Walkabout allows prospective students and family to go at their own pace and cater walks to their particular interests (e.g. the campus history tour or historic building tour). Allows for community generated content and would scale well to other campuses.

More great hacks

MatchU.me – Cole Diamond – A kinder, gentler HotorNot, students browse pictures and decide whether they want to be matched. If two people are matched they can facilitate a meeting.
Chinese OCR – Ben Mann – Chinese OCR is an Android app enabling you to take a photo of Chinese text and translate it quickly into English.
Tangible Ecards – Jason Chekofsky – Presented as wireframe sketches, Tangible E-cards is a simple idea – give facebook users a chance to mail real birthday greetings to their friends a week before their actual birthday.
HackBoard – Sid Nair & Kui Tang – An online web community to form and show off projects you’ve worked on.
Daily Focus – David Hu & Vivek Bhagwat- An online photo scavenger hunt and group querying system.
Zesty Markets – Howie Mao & Samantha Diamond – An e-marketplace platform for niche markets.