Archive for the ‘Uncategorized’ Category


 

 

Detect Shell is a tool developed by Amit Malik for the presence of  Shell Codes within a file or network traffic. With it you can analyze binary (as generated by Metasploit for example) or files to a network stream (capturing traffic with tcpdump / wireshark ).


Today attackers distribute malicious files containing Shell Codes hidden. When you open these files, the Shell Code run in silence , which compromises the integrity of the system. This is more dangerous when the operation is ” Zero Day ” , and not be detected by the signature traditional of anti-virus . In these cases ShellDetect help to identify the presence of Shell Codes and assist in the task of keeping the system safe .

To run ShellDetect need to install Python also recommend running it on a virtual machine
( VMware / VirtualBox ) as the tool is still very beta and Shell escape him even more advanced Codes, but the important thing is to detect those of Metasploit which are the most used.



 The use of the tool is very easy (and for now just runs under Windows XP ), simply use the console: ShellDetect.py file_name and parses the file or the network traffic captured.

First analyzing a file (pgeneric-12.txt), then network traffic captured (network_stream).
As I said above, the tool is in beta, but I find it very useful and I see enough future.

More information: http://securityxploded.com/shell-detect.php

ShellDetect Download v1.0

Advertisements

Set within a dystopian world that
is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns
that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means and what unknown event the pending zero-hour will bring


 
 

Rosa Entertainment and Jan-Ken-Po Pictures just announced that their cyberpunk thriller short film “Reboot” will launch with a Sneak Preview at DEFCON.

(LOOK FOR LINK OF FANMADE THEME FOR CHROME AT THE END OF THE POST)

Written and Directed by Joe Kawasaki, and Produced by Sidney Sherman, the film stars a bevy of hot up-and-coming actors including Emily Somers (Gabriele Muccino’s upcoming “Playing the Field”), Travis Aaron Wade (“War of the Worlds”), Martin Copping (Australian series “Neighbours”), Sonalii Castillo (“NCIS”), and Janna Bossier (Slipnot’s “Vermilion”).

Set within a dystopian world that
is a collision between technology and humanity, “Reboot” touches upon many of the current social and political concerns
that arise from becoming more and more intertwined with the virtual. In contemporary Los Angeles, a young female hacker (Stat) awakens from unconsciousness to find an iPhone glued to her hand and a mysterious countdown ticking away on the display. Suffering from head trauma and with little recollection of who she is or what is happening, Stat races against time to figure out what the code means and what unknown event the pending zero-hour will bring.

The recent launch of their ARG (Alternate Reality Game) has caught the attention of hackers and cyberpunk fans via Twitter. Basically, some Easter Eggs are hidden in the film trailer for viewers to find. When a player thinks they have found anything, they simply send a direct message to@reboot_film on Twitter for confirmation. As players find things they are awarded points and the Top Ten players will be awarded some cool prizes. For more ARG details, please go to:www.rebootfilm.com/scoreboard. To view the trailer: www.rebootfilm.com/trailer.

The film is the product of a successful Kickstarter campaign and has been building momentum ever since it was first announced on kickstarter.com in August of last year. Kawasaki said, “It (the film) was originally designed to simply be a great little ride, but as real world events keep developing around us (regarding issues of cyber-freedom, online privacy, security, etc.); the connotation of the film evolves and changes with it.”

“Reboot” is a co-production of Sherman’s production shingle, Rosa Entertainment, and Kawasaki’s Jan-Ken-Po Pictures; and the filmmakers are aiming for international film festivals like Cannes, Locarno and Toronto, as well as distribution via the internet.

Don’t Forget to leave your comments and Subscribe and like:D PEACE

     LINK: REBOOT THEME DOWNLOAD


People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

CUPP v3

Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability.

Common User Passwords Profiler version 3 comes with some fixes and new options!

Download: cupp-3.0.tar.gz

SHA-1: 477e8e8c060f0da2e2039dc3af1ba4b17a421cd1


1. Secure your WIFI connection

secure your digital life from hackersHome users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

secure your digital life from hackersIt’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive as well.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

secure your digital life from hackersIt’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

secure your digital life from hackersIt’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

secure your digital life from hackersMany people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site. Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

secure your digital life from hackersLaptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

secure your digital life from hackersMost people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

9. Use online backup to keep an offsite storage of your files.

secure your digital life from hackersA great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

secure your digital life from hackersAdditionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop. I hope this article helped you all for sure. And do follow these above 10 steps and secure your digital life from hackers.


Microsoft is facing a lawsuit for allegedly tracking its mobile customers’ locations without permission, as concerns continue to mount over wireless privacy issues.

A class action lawsuit, filed Wednesday in a Seattle federal court on behalf of a Windows Phone 7 user, claims Microsoft’s Windows Phone 7 OS has camera software that ignores customers’ requests not to be tracked.

The lawsuit says Microsoft sent Congress a letter earlier this year insisting it only collects location data with users’ consent. Instead, the litigation claims, “Microsoft’s representations were false,” because the Windows Phone 7 OS transmits data, including latitude and longitude, when users activate its camera app.

The class action suit comes just a few weeks after the Redmond, Wash.-based software giant said it improved location filtering, so its phones and laptops no longer return exact locations.

Microsoft’s software update followed a report from Stanford security researcher Elie Bursztein, who alleged Windows devices stored Wi-Fi data that pinpointed peoples’ past locations. Every Wi-Fi device has a unique ID, called a “MAC address,” which the previous software could easily track.

Microsoft’s data collection policies differ from Apple’s and Android’s methods. Apple came under fire earlier this year for recording the locations of iPhones and iPads in an unencrypted file on the device, which quietly logged more than a year’s worth of unencrypted data even when people disabled location software. Google’s Android devices collect tracking data, but records only the last few dozen locations.

Microsoft, on the other hand, says only user-allowed apps collect location data from its phones, and adds the apps don’t store data on the phone itself, so it can’t be hacked or synced back to the company.

But while location tracking is under fire from U.S. lawmakers, who have been investigating how mobile devices collect personal data without permission, location tracking will likely continue in phones and their apps.

Many app developers are small businesses with fewer than 10 employees. Their apps collect user data, including location, e-mail and phone numbers, which they sell to advertising networks who use the data to target their products.

Without advertising revenue, app developers may have to charge more for their software programs, and customers may need to decide whether privacy or less-expensive apps are more important. It may also mean further legal scrutiny and potential crackdowns on how wireless businesses use customers’ personal information is in store for the mobile industry.


When Michael Arrington announced he planned on starting a venture capital fund using money from his employer AOL, it sounded like a giant conflict of interest to us. But then it seemed like maybe he was only kind of sort of staying on with TechCrunch, the AOL-owned blog–“reports suggested Arrington would remain at TechCrunch and AOL with only a title change – from ‘editor’ to ‘founding editor and writer,’ Business Insider’s Nicholas Carlson and Henry Blodget explained. That was still pretty shady. Then last night AOL changed its tune: Arianna Huffington herself said that Arrington no longer works at TechCrunch–making things a bit better. Yet it was unclear if AOL still employed him and since Arrington would continue to blog, it looked like an empty gesture. This morning AOL clarified that AOL no longer employs Arrington, period: Huffington Post spokesperson Mario Ruiz said this, again to Carlson and Blodget at Business Insider. Now the latest development has Arrington still employed by AOL, working for AOL Ventures–that one came from AOL’s SVP of corporate communications Maureen Sullivan, again to Business Insider. As we wait to see just how involved Arrington will remain, as a media company that should supposedly hold up some sort of journalistic ethics, AOL is coming out looking quite sleazy.

Of course having Arrington at the helm of a blog that covers the firms that he would invest in as well as support the fund presents a big, fat conflict of interest, and AOL should’ve anticipated that. AOL could have quelled initial outrage by employing a different order of operations, explains AllThingsD’s Kara Swisher. “This could have been a lot cleaner, of course, by Arrington simply resigning from TechCrunch, becoming a VC and perhaps starting a new blog where his agenda is much clearer, from which he could huff and puff away as he does with much entertaining gusto at real and (mostly) imagined slights.” But of course it didn’t go down like that, and with each new development contradicting the next, AOL’s image as an ethical media company deflates.

And given all of the back and forth, it looks like Arrington will remain somewhat involved–even if he’s not blogger-in-chief by name, his new positioning as “contributing blogger,” or part of AOL Ventures, or what have you, still smells a bit fishy. Before CrunchFund, Arrington not only broke and was the source for many tech stories on the site, but he also attracted entrepreneurs to invest. Swisher’s pretty sure that won’t change. Without Arrington’s aura and connection, TechCrunch loses value. The title change means little, adds VentureWire editor Scott Austin in a tweet. “It’s like a manager ejected from the game but still calling the shots from the clubhouse.” And it doesn’t help that Arrington has put a clause in his limited partnership agreement that he can report on anything he likes he likes, and in any way, about his investors and their companies, however confidential, except those he invests in, Swisher continues.

Maybe Arrington will defect completely, probably not–we’ll keep updating as the story evolves. But AOL should’ve known better–and it makes you wonder what the future of journalism is at the media corporation.

Update 12:46 p.m.: Arrington doesn’t even know if he works for AOL anymore, he told The New York Times. “I have no idea what AOL’s final position on this will be. I look forward to hearing it. I’ll respond once Arianna has made her last statement.”

 


7 Hottest Hacker Chicks in Internet History All People (Adeanna Cooke)

7 Hottest Hacker Chicks in Internet History

These 7 computer freaks are a security breach we’d totally let happen. To us. As men. Hacker chicks have got to be the internet’s greatest product. Their mix of intelligence, geekiness and sex appeal is a code nobody wants to crack, and the fact that they play with fire makes them that much hotter. So here are the hottest hacker chicks in internet history along with their stories, what they’re good at and a few pics of what they look like.

=================++++++++++++++++++++++++++++========================

1 Kristina Svechinskaya

Kristina Svechinskaya 7 Hottest Hacker Chicks in Internet History People picture

Before these chicks THIS was the hottest hacker we all knew and loved.

Kristina Svechinskaya is a New York University student who was arrested on November 2, 2010 for defrauding US and British banks out of millions of dollars — and you thought your ex was insane.

Along with eight other people, Svechinskaya hacked into thousands of bank accounts and skimmed $3 million in total. That’s right. The bra you see her wearing in this picture could possibly be made of diamonds.

The group had plans to steal a total of $220 million, you know, just enough to get by. Acting as a “money mule,” the Russian beauty was charged with opening at least five bank accounts which received $35,000 of the stolen money.

It’s no surprise why Svechinskaya is being dubbed the “world’s sexiest computer hacker.” Her seductive gaze and revealing outfits can melt the firewalls off any server (that’s how you say that, right?)

The New York hacker was released on $25,000 bail, though her sentence is still being pushed through the system (which means that hey, $10k in profit.)

If convicted on the plot charges and false passports charges, Svechinskaya can serve up to 40 years in prison, which would really amount to a huge h**l of a waste — but hey, if Mila Kunis gets her Russian accent working, then she may have another Black Swan level movie to star in.




================================++++++++++++++++======================


Signage at the SEGA Launch 'Super Monkey Ball Step & Roll' for The Wii at the Hiro Lounge at The Maritime Hotel on February 3, 2010 in New York City.

Signage at the SEGA Launch ‘Super Monkey Ball Step & Roll’ for The Wii at the Hiro Lounge at The Maritime Hotel on February 3, 2010 in New York City.

Photograph by: Amy Sussman, Getty Images

Japanese video game developer Sega Corp said on Sunday that information belonging to 1.3 million customers has been stolen from its database, the latest in a rash of global cyber attacks against video game companies.

Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been compromised, Sega said in a statement, though payment data such as credit card numbers was safe. Sega Pass had been shut down.

“We are deeply sorry for causing trouble to our customers. We want to work on strengthening security,” said Yoko Nagasawa, a Sega spokeswoman, adding it is unclear when the firm would restart Sega Pass.

The attack against Sega, a division of Sega Sammy Holdings that makes game software such as Sonic the Hedgehog as well as slot machines, follows other recent significant breaches including Citigroup, which said over 360,000 accounts were hit in May, and the International Monetary Fund.

The drama surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April.

Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry.

Sega Europe, a division of Sega that runs the Sega Pass network, immediately notified Sega and the network customers after it found out about the breach on Thursday, Nagasawa said.

Lulz Security, a group of hackers that has launched cyber attacks against other video game companies including Nintendo, has unexpectedly offered to track down and punish the hackers who broke into Sega’s database.


The iPhone 5 will land on September 7th, and will com pre-loaded with iOS 5, or at least that’s what The International Business Times says.

Here’s the meat of the ‘rumor.’It’s a little over two more months of agonizing wait for iPhone fans. The latest buzz in the market is that Apple will release the much-awaited iPhone 5 in the first week of September, and some tech websites have gone ahead to make the prediction that the device will arrive on September 7.

The iPhone 5 will come pre-loaded with the iOS 5, the latest version of Apple’s mobile operating system. Apple fans were dejected that the tech giant broke with tradition this year and refrained from saying anything about the next generation iPhone in its annual Worldwide Developers Conference (WWDC).

I want to go on record saying that this is one of the lamest Apple rumors I’ve come across in a while. There seems to be no substance to the story beyond IB Times picking this date because ’some tech websites have gone ahead to make the prediction.’ Personally, I think the date could be any work day in September (or August/October for that matter …). I can see nothing special about this date

So, when do YOU thing that the iPhone 5 will be released? Let’s kick off an iPhone 5 launch day prediction pool. There are no prizes other than the satisfaction of knowing you were right while I was wrong, but that’s enough bragging rights, right?

By the way, I have no insider info on when the iPhone 5 is due out. If anything, the rumors I’m getting are all over the place, making it very confusing.