Showing posts with label e hacking. Show all posts

Monday 9 December 2013

FBI Can Spy Through Your Webcam - And Much More

Posted by Unknown on 19:38:00 Be The First To Comment

The FBI has developed advanced surveillance techniques that give it the power to covertly activate Web cams to spy on unsuspecting computer owners.

Tech savvy G-men can remotely turn on cameras that transmit real-time images to investigators — without triggering the light that shows the camera is in use, according to The Washington Post.

The FBI can also burrow into a suspect’s computer and download files, photographs and stored e-mails.

The new snooping capabilities came to light during an investigation of a mysterious man named “Mo’’ – who threatened to blow up a building filled with innocent people unless authorities free Colorado movie-theater shooting suspect James Holmes.

He also threatened to bomb a jail, a hotel, three colleges and two airports.

No bombs were found at the targets he mentioned.

He first contacted federal authorities in July 2012. It’s not clear how long Mo and the FBI were in touch.

The paper said he sometimes used an untraceable e-mail, other times an encrypted phone.

Mo even sent the FBI pictures of himself fashionably decked out in an Iranian military uniform.

The FBI, frustrated in its attempts to track him down, used special software that would install itself in Mo’s computer when he opened his e-mail.

It was designed specifically to help agents track his location and his movements.

But the software never worked as designed, the paper said, and Mo remains at large.

The feds had gotten permission to install the software from a Denver judge.

The agency tried to use it on at least one other probe, but a Houston judge described the method as “extremely intrusive’’ and probably unconstitutional — and shot it down.

The FBI has had the capability to sneak into computers’ Web cams for several years, a former employee of the agency told the Washington Post.

It was not clear how many times it tried to do it, but the paper’s source said the FBI has used its tool mainly in terrorism and the “most serious’’ investigations.

The technology is highly controversial.

“We have transitioned into a world where law enforcement is hacking into people’s computers and we have never had public debate,” Christopher Soghoian of the American Civil Liberties Union complained to the paper.

Attention: The NSA is Tracking Online Porn Viewers to Discredit

Posted by Unknown on 08:42:00 Be The First To Comment

Sitting on the wire, the NSA has the ability to track and make a record of every website you visit. Today, the Huffington Post revealed that the NSA is using this incredible power to track who visits online porn websites, and to use this information to discredit those it deems dangerous. Their porn habits would then be "exploited to undermine a target's credibility, reputation and authority."

The story was illustrated with six individuals, none of whom are designated terrorists themselves. Instead, they are deemed "radicalizers," people—two of which the NSA itself characterized as a "well-known media celebrity" and a "respected academic"—whose speeches and postings allegedly incite hatred or promote offensive jihad.

The report raises the specter of abusing online viewing records to discredit other political opponents of the US government. The NSA document was reviewed not just by the NSA and counter-terrorism officials, but by entities like the Department of Commerce and the US Trade Representative. The USTR negotiates treaties (like the controversial Trans-Pacific Partnership), and one could certainly imagine that the leverage from this program could be useful in pushing for the US position. In fact, EFF and three dozen civil society groups have already asked the NSA to explain if they are spying on those advocating for the public interest in US trade policy.

Ed Snowden's latest revelation may leave SEC officials quaking as the NSA "has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches." Of course, as we have seen, this 'information' would never be used by the government for non-radical-terrorist suppressing reasons, as the ACLU notes, is is "an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information using tactics associated with the secret police services of authoritarian governments."

Via Snowden...

The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document.

The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target’s credibility, reputation and authority.

The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger.”

Full ACLU Statement:

The NSA considered discrediting six people by revealing surveillance evidence of their online sexual activity, visits to pornography websites, and other personal information, according to a report today in The Huffington Post. The article cited documents leaked by former NSA contactor Edward Snowden. The targets of the NSA’s plan were all Muslims whom the NSA characterized as “radicals” but who were not believed to be involved in terrorism. The documents say one of the targets was a “U.S. person,” a term describing American citizens and legal permanent residents, but all of the targets were reportedly outside the United States.

American Civil Liberties Union Deputy Legal Director Jameel Jaffer had this reaction:

“This report is an unwelcome reminder of what it means to give an intelligence agency unfettered access to individuals' most sensitive information. One ordinarily associates these kinds of tactics with the secret police services of authoritarian governments. That these tactics have been adopted by the world’s leading democracy – and the world’s most powerful intelligence agency – is truly chilling.”

The administration keeps on attempting to justify the NSA spying by claiming there is oversight from the other branches of government. But, as Pentagon Papers whistleblower Daniel Ellsberg noted in the Why Care About NSA Spying video, spying makes a mockery of that separation. How can that oversight be meaningful if the NSA's huge storehouse of information contains the private viewing habits of every senator, representative, and judge? When the only protection against abuse is internal policies, there is no serious oversight. Congress needs to take action now to rein in the spying.

2 million Facebook, Google, Twitter passwords stolen

Posted by Unknown on 08:32:00 Be The First To Comment

Times of India |1 day ago |Posted By: landmarkvacanc ymanagemen

Security experts have uncovered a trove of some 2 million stolen passwords to websites including Facebook, Google, Twitter and Yahoo from internet users across the globe.

Researchers with Trustwave's SpiderLabs said they discovered the credentials while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers known as the "Pony botnet."

The company said that it has reported its findings to the largest of more than 90,000 websites and internet service providers whose customers' credentials it had found on the server.

The data includes more than 3,26,000 Facebook accounts, some 60,000 Google accounts, more than 59,000 Yahoo accounts and nearly 22,000 Twitter accounts, according to SpiderLabs. Victims' were from the United States, Germany, Singapore and Thailand, among other countries.

Representatives for Facebook and Twitter said the companies have reset the passwords of affected users. A Google spokeswoman declined comment. Yahoo representatives could not be reached.

SpiderLabs said it has contacted authorities in the Netherlands and asked them to take down thePony botnet server.

An analysis posted on the SpiderLabs blog showed that the most-common password in the set was "123456," which was used in nearly 16,000 accounts. Other commonly used credentials included "password," "admin," "123" and "1."

Graham Cluley, an independent security expert, said it is extremely common for people to use such simple passwords and also re-use them on multiple accounts, even though they are extremely easy to crack.

"People are using very dumb passwords. They are totally useless," he said.

Top 10 Websites To Test Coding Online

Posted by Unknown on 10:20:00 Be The First To Comment

In this article I want to outline 10 interesting web apps for testing your code online. All of these apps require an Internet connection, and some of the more advanced editors offer pro plans to upgrade your account features. But most of these tools will surely come in handy when you’re scrambling to debug a block of JavaScript or PHP.

Modern trends and webapps have dramatically changed the way web developers can build. Obviously you need some type of IDE to code new files and save them for deployment. But what about just testing your code snippets? There are more tools available now than ever before!

1. CodePad

codepad is an online compiler/interpreter, and a simple collaboration tool. Paste your code below, and codepad will run it and give you a short URL you can use to share it in chat or email.

2. Write Code Online

The main website for WriteCodeOnline.com actually redirects to their JavaScript editor. You can choose among JS, PHP, and basic URL encoding. Their application is very safe to use and feels lighter than other alternatives.

What’s interesting is that you’ll see the output results directly underneath the text field. So when you hit “run code” it will parse through everything and display the result for you to see. It can be tough debugging some larger PHP scripts because you need to include other files.

3.TinkerBin

Tinkerbin lets you play with HTML,Javascript and CSS without creating files or uplading to servers. It also supports Coffeescript, Sass(with compass), Less, HAML and more. Tinkerbin may actually be my favorite online code editing resource. It supports web developers coding in HTML5/CSS3/JS and renders the output directly on-screen. The application is still in Alpha development, but most of the tools work perfectly and can quickly catch bugs.

4. JS Bin

In a similar fashion as above, jsbin is a simple JavaScript debugging console. Their pitch involves a collaborative effort where you can share a private link with other developers and write together in real time.

As you’re coding different elements the drafts will autosave. You have the ability to download your final product or keep the source code saved online. Their system is much more advanced for exporting and keeping your code as a bare template.

5. JS Fiddle

jsfiddle is one the most popular playground for web developers. It’s an online editor for snippets build from HTML, CSS and JavaScript.You can also share your code snippets with others and embed them in a blog.

Anybody who has browsed through Stack Overflow must know about jsFiddle. Their interface is a whole lot difference compared to JS Bin, along with support for more complex functions. Right away you can signup for a free account and start saving your code samples online. jsFiddle offers a short URL which you can share around the Web via Twitter, Facebook, even Stack. But notice you do not need an account to start coding. It’s just a handy feature to keep everything organized.

6. CSS Desk

Moving from the world of scripting into stylesheet language, we have CSSDesk. You’ve got a similar setup like all the rest, with your source code on the left and final webpage render on the right. This webapp is great for building small webpage templates and testing the longer CSS3 properties with gradients and box shadows.

7. JSdo.it

Some of the apps appear to have Japanese writing which makes me believe it was originally created somewhere in Asia. But what I love about their interface is how you can actually upload files you’ve already created and store them into a project. It’s such an easy process to store full webpage mockups online where you can access and edit them from any computer.

8. Google Code PlayGround

I would recommend saving this tool only as a resource. It’s not perfect for debugging everything you write. But Google is a huge company with a lot of open source API data. If you ever need to pull content from YouTube or custom Google Searches, this is the sandbox you want to use.

Google Code Playground is another great online tool test and run your code without opening an external editor.All of the API’s are loaded for you in the Pick an API box

9.IDEOne

What’s so great about their app is how you can quickly debug many different programming languages from the same page. You can also store this source code via a unique URL to share around the Web. However I do feel that their layout is very cluttered with ads and other content, it makes using their website difficult. It would be really cool to see the option of including alternate code libraries, such as Cocoa Touch for iPhone app development.

10. Viper 7 CodePad

This webapp also named Codepad is hosted on a website viper-7.com, which also redirects to the same online editor. Their debugging tools are setup for PHP output where you can change between PHP5 and PHP4.

If you create an account you can use their service as a personal storage system. Much like other online editors, you can name each PHP project and keep them hosted online for free. It’s such a powerful code editor because you don’t need any software on your computer at the time. As you parse each script the editor will offer additional meta details, such as browser request & response headers.

Top 5 Beautiful Female Hackers in the World

Posted by Unknown on 21:14:00 Be The First To Comment

Hacking has traditionally been a man’s world, but women are quietly breaking into the hacker subculture. Take a look at top 5 female hackers in the world.

1. Kristina Vladimirovna Svechinskaya

Kristina Svechinskaya, a New York University student is one of the most common names in the hacker’s world. She is Russian money mule maker who was arrested on November 2010 and accused of breaking into millions of dollars from several banks in Britain and America and for usage of multiple fake passports. Svechinskaya was dubbed "the world's sexiest computer hacker" for her raunchy, but casual appearance.

Svechinskaya used Zeus trojan horse to attack thousands of bank accounts along with nine others and opened at least five accounts in Bank of America and Wachovia to disburse the theft money. For all her hacking activities and for using the passports fraudulently it is said that she may have to pay huge penalty of 40 years of imprisonment. It is estimated that with nine other people Svechinskaya had skimmed $3 million in total.

2.Joanna Rutkowska

Joanna Rutkowska is a Polish woman who is interested in the world of hacking security. Her name first became known as the Black Hat Briefings conference in Las Vegas, August 2006. Rutkowska presented during which the attack she had done to the security system windows vista. Not only that, Rutkowska also been attacked Trusted Execution Technology and Intel's System Management Mode.

Early 2007 she formed Invisible Things Lab in Warsaw, Poland. A company that focuses on OS security research and consulting services as well VMM internet security. The year 2010 also Rutkowska with Rafal Wojtczuk form Qubes, an Operating System that is very full protect security. Rutkowska also open to advise Vice President of mikocok Security Technology Unit to further tighten the security system in windows vista. Waw, Rutkowska is a hacker who is very welcome to work with.

3. Ying Cracker

Cracker ying, a teacher from Shanghai China. SHe taught about the basic process of hacking guide, how to change the IP address or manipulate office password, wow!
She is also an expert in making software hackers.

In a forum titled Chinese Hackers Hottie, his name is much discussed and it makes its popularity gaining altitude. In the forum she's also got a lot of fans members. It was the beginning credibility soar.

4. Raven Alder

Raven graduated from high school at the age of 14 and college at 18. She was the first woman to give a presentation at the DefCon hacker’s conference. Adler an half ISP engineer, half security geek, is a contributing author to several technical books, magazines and a frequent speaker at conferences She designs, tests and audits intrusion detection systems for large federal agencies. She has worked as a Senior Backbone Architect and Senior Security Consultant in IT security. Her interest in securing networks end-to-end has led her to examine and pioneer standards in the security of network infrastructure.

5. Xiao Tian

Xiao Tian, just out of her teenage became famous after forming China Girl Security Team, a group of hackers especially for woman which is China's largest today, the group has over 2,200 members. Tian created the now-infamous hacking team because she felt that there was no other outlet for teenage girls like herself in the male-dominated world of hacking. Its time to Move over male Asian nerdy computer geeks, female Asian nerdy computer geeks are here to stay.

10 Ways To Secure Your FACEBOOK Account

Posted by Unknown on 20:49:00 Be The First To Comment

If you are like millions out there, Facebook has become your no. 1 website on the Web. As you login to it every single day from many devices, be it from your mobile phone, computer, laptop and office workstation, there is a chance that you may leave your Facebook account on without logging out. If your account gets accessed by strangers, it’s going to open up a large can of worms, so you should seriously try to prevent unwanted access to your account.

There are many ways to prevent access to your account by the next person to use the device, the easiest of which is to log out. However if your smartphone or device gets stolen, it’s a whole different matter. In this article, we will go through some important options you can take to prevent others from accessing your personal Facebook account.

1. Create Strong Password

Chances are, you already have your password created for Facebook however it is advisable for you to make sure your Facebook password is one of a kind and different from your other online accounts e.g. email, blog, hosting etc. To change your password, go to Account Settings > General > Password.

The best passwords would have the combination of small and capital letters, numbers and symbols.

2. Confirm Your Mobile Number

Confirming your mobile number is one of many ways to enhance your account security on Facebook. This way, even when you lose or forget your password, Facebook will be able to send you a new one via SMS.

To add your mobile number, go to Account Settings > Mobile and click on Add a Phone.

3. Activate Secure Browsing Now

Among other things, to make sure your browsing activity within Facebook is safe, you can turn on the Secure browsing option. By doing this, you automatically limit all external applications that are integrated with Facebook from doing any harm or taking your personal information without your knowledge or approval.

To start securing your account, click on the drop down menu from the top right corner of your Facebook account and go to Account Settings.

4. Activate Login Approvals

Login approvals is an extended security feature offered by Facebook, and it will require you to enter a security code each time you try to access your Facebook account from unrecognized devices. To activate Login Approvals, go to Account Settings > Security, look for Login Approvals and click on the Edit button.

5. Disconnect Previous Session

The good thing about Facebook is that it lets you know about your previous active sessions, where you login from, and what devices you used to access your Facebook account. Now to make sure your account is safe, from the Account Settings > Security page, look for ‘Active Sessions‘ and click on Edit.

Now all previous sessions will be listed, together with the current active session at the top of the list.

Click on the link ‘End Activity‘ to kill the activities from other devices.

6. Activate Secure Browsing

Another way to prevent another person from accessing your account is by activating the ‘Private Browsing’ option from your browsers. All browsers have this private browsing option, and by activating this option, your activity will not be logged into the browsing history.

Safari If you are using the Safari Browser on Mac, activate Private Browsing from the menu with Safari > Private Browing.

Firefox For Firefox, go to Tools > Start Private Browsing.

Chrome If you are using Chrome, there’s an option to browse using the Incognito window, it’s a version of Chrome window where all browsing activity will not be logged in. To open this window, go to File > New Incognito Window.

7. Don't 'Keep Me Logged In'

The moment you want to login to your Facebook account, at the Log In page, there’s a small checkbox that says Keep me logged in. Make sure this box is unchecked. Then, log in as usual. With this on, you will be asked for your email and password every time you launch Facebook.

8. Avoid Spam Links

Facebook is serious about spam and is always enhancing its features to make sure you are safe from being a victim to scams. The types of attacks include money scams through direct or indirect requests via Facebook messages, chat etc, phishing links that will redirect you to fake websites,malicious links that could retrieve your personal information or even harm your computer. There are also chances you may receive emails from ‘Facebook’ but it is actually from a phishing website, this modus operandi is part of a scam.

9. Tailor Your Tags

An easily missed entry in the Privacy Settings is one innocuously labeled How Tags Work. However, it is essential to tweak the settings found here if you want to take control of your profile's privacy, as some tagging actions can be pretty invasive.

The first two settings (Timeline Review and Tag Review) are particularly useful. When you enable them, you can review posts and photos that friends tag you in, as well as the tags friends add to your own posts -- all before this information goes public. That's especially valuable if you have well-meaning friends who think tagging you in those Vegas party photos is a good idea.

10. Sign Out After Use

Lastly which is the most important of all (and definitely worth repeating), never forget to log out from your Facebook account.

credit http://www.hongkiat.com

How to Use Google for Hacking and also its Prevention

Posted by Unknown on 16:30:00 Be The First To Comment

Google is a very very very powerful tool! If you know how the Internet worksand you know how Google works, you can find out some “very secret information” from the dark corners of the Internet.
You see, Google tries to “index” everything that is on the Internet. What does “index” mean? Basically, “index” means, read and remember!You see, Google is reading websites on the Internet 24 hours a day. It is looking at new websites and new web pages. It looks at each web page and finds out what the web page is about. It decides how good the web page is and also decides many other things about the web page…
Google does all this so that when you search for something using Google, it can give you the most relevant results from among the web pages it has visited. This is what we mean when we say that Google tries to index everything on the Internet.

Hackers use botnet to scrape Google for vulnerable sites

Some 35,000 sites that use vBulletin, a popular website forum package, were hacked recently by taking advantage of the presence of files left over from the program's installation process, according to security researcher Brian Krebs.

The hack by itself is fairly standard, but the way in which it was carried out shows how search engines like Google can unwittingly become a party to such hacking.

Krebs' findings were unearthed in conjunction with work done by security research firm Imperva, members of which believe the hacks are being executed by way of a botnet. The botnet not only injects the malicious code into the target sites, but also scrapes Google in a massively parallel fashion looking for vBulletin-powered sites that might make good targets.

Why scrape Google in parallel? As a workaround for Google's defense mechanisms against automated searches.

Such defenses work well against a single user scraping Google, since after a certain number of such searches from a single host, the user is presented with a CAPTCHA. This typically stops most bot-driven scrapes. But if a great many such searches are performed in parallel, it doesn't matter if each one of them eventually runs afoul of a CAPTCHA. Together, in parallel, they can still scrape far more than any one system alone can. (Krebs did not describe the size of the botnet used, however.)

The hacks themselves, of which Krebs has identified two, are fortunately rather easy to detect. One involves adding surreptitious admin accounts to the vulnerable vBulletin installations. The other hack, "apparently used in a mass website defacement campaign," adds an admin account named "Th3H4ck".

Now the good news: The very thing that made it possible to find those vulnerable vBulletin sites -- a properly crafted Google search -- can also be used to identify any existing hacked vBulletin installs. If you see a site you know on that list, tell the administrator. There's a good chance he doesn't know he's been hacked.

Scanning for vulnerabilities with Google isn't by itself new; Bruce Schneier pointed out in 2008 how this process was not only possible but could be automated. But deploying such Google scanning via a botnet for the sake of seeking out vulnerable sites in a massive parallel operation is a relatively new wrinkle -- at least until Google finds a way to block such things en masse without impacting regular search services.

Krebs points out it's difficult to place the blame exclusively on vBulletin. The makers of the software point out that its installation instructions ask that users remove the "/install" and "/core/install" directories after setting up the program.

In that sense, this issue is akin to the ways ColdFusion projects have been plagued by break-ins -- in part because many outfits are running older, unpatched versions of the software, but mainly because many firms don't follow Adobe's own instructions for hardening ColdFusion setups.

The oft-targeted WordPress has the same issue: It's easy to set up, but securing it requires that the end-user take a number of steps that often aren't followed.

How can you prevent Google hacking ?

Make sure you are comfortable with sharing everything in your public Web folder with the whole world, because Google will share it, whether you like it or not. Also, in order to prevent attackers from easily figuring out what server software you are running, change the default error messages and other identifiers. Often, when a "404 Not Found" error is detected, servers will return a page like that says something like:

Not Found

The requested URL /cgi-bin/xxxxxx was not found on this server.
Apache/1.3.27 Server at your web site Port 80

The only information that the legitimate user really needs is a message that says "Page Not found." Restricting the other information will prevent your page from turning up in an attacker's search for a specific flavor of server.

Google periodically purges it's cache, but until then your sensitive files are still being offered to the public. If you realize that the search engine has cached files that you want to be unavailable to be viewed you can go to ( http://www.google.com/remove.html ) and follow the instructions on how to remove your page, or parts of your page, from their database.

Top 10 Proxy WebSites To Unblock Any Site

Posted by Unknown on 17:10:00 1 Comment

If you have a slow connection to a certain website, or can’t access it at all because of the restriction of your ISP, workplace or school, or simply desired to protect yourself online by hiding your private information, then an online proxy website will help you.
With the assistance of an online proxy service, you do not access your target website( e.g. Facebook ) directly, you make a request, the web proxy fetch the web page( and encrypt its content, remove scripts and advertisements ), and send it back to your browser. This makes it possible to unblock any banned site, or surf any site anonymously without leaving your footprint.

image credit www.techroadies.com

While surfing online, sometimes we come across websites which can’t be accessed due to our location or IP restrictions. Have you ever noticed this type of problem while browsing websites? This happens usually because the owner of website restricts access of website to only specific IP addresses. Sometimes they also block IP ranges of whole country so that no one from that country can access their website or content. The other reason can be that your internet connection provider restricts access to specific websites.Similarly most of the USA based websites are not available in other countries.

In order to access blocked websites, you will need a proxy server that automatically randomize your IP address and will assign a different IP address of another country to you. So, if your IP address is of USA, then you will be able to access websites that are blocked in your country and their access is only limited to US users. For example, YouTube is blocked in Pakistan and now only option for opening YouTube in Pakistan is with proxy. There are also some Google chrome extensions that can help you open YouTube and other blocked websites with the help of proxy. Most of the time in colleges, universities and offices etc. internet access is restricted to only specific websites. So, in order to unblock other websites, you can use proxy websites or softwares.

If you do not want to go through installation of Proxy softwares then anonymous browsing with proxy websites is the best option for you. So, in this article I am sharing a list of 5 best free Proxy websites of 2013 that will let you surf internet anonymously and securely.