Showing posts with label Hacking. Show all posts

Microsoft, Apple, Facebook and Google attack United Kingdom for its hacking law

United Kingdom lambasted by Apple, Google, Facebook, Yahoo and Microsoft over its proposed hacking law

In a rare bonhomie the three tech giants came together to criticize United Kingdom’s new hacking law. Apple, Microsoft, Google and Facebook criticized plans by the UK government for a new law that would allow government authorities and law enforcement agencies to hack computer systems to access data.

According to the provisions of the draft Investigatory Powers Bill, government authorities and law enforcement agencies like intelligence and security services, police and the armed forces would be free to hack into devices belonging to Britons and visitors to United Kingdom to obtain data, such as communications, when they have a warrant to do so.

The draft bill has been pilloried by netizens on social network however, the government argues that the hacking provisions – part of the wider internet surveillance legislation – are needed so that law enforcement can intercept the communications of criminals even when they are encrypted.

However the gang of four tech companies have put together a warning saying that the plan would set a dangerous precedent that would be followed by other countries, will damage trust in their services and may be impossible to implement anyway.

The tech giants have issued a joint submission to the committee of MP’s overseeing the nitty gritties of the bill before it is submitted before the UK’s parliament for vote.

In the joint submission, Facebook, Google, Microsoft, Twitter and Yahoo state that, “To the extent this could involve the introduction of risks or vulnerabilities into products or services, it would be a very dangerous precedent to set, and we would urge your government to reconsider.”

“We urge the government to make clear that actions taken under authorization do not introduce new risks or vulnerabilities for users or businesses” they said.

In its submission Apple said the plans would put tech companies in a very difficult position. “For the consumer in, say, Germany, this might represent hacking of their data by an Irish business on behalf of the UK state under a bulk warrant – activity which the provider is not even allowed to confirm or deny. Maintaining trust in such circumstances will be extremely difficult.”

All the tech companies have warned that the bill if passed by UK’s parliament would spell doom for, “if followed by other countries, could endanger the privacy and security of users in the UK and elsewhere.”

UK’s largest mobile operator, Vodafone also joined the anti bill bandwagon. It warned that equipment interference elements are perhaps the most contentious of all the powers within the scope of the draft bill.

“The obligations relating to equipment interference have the potential to significantly undermine trust in the United Kingdom’s communications service providers”, it warned.

Firefox maker Mozilla warned that the “bulk systems intrusion” provisions in the bill could be used to “compel a software developer, like Mozilla, to ship hostile software, essentially malware, to a user — or many users — without notice.”

This hacker made Amazon’s Alexa, Google Now, and Apple’s Siri talk to each other

This hacker made Amazon’s Alexa talk to Google’s Now and make it activate Apple’s Siri

What could be better than asking just one voice assistant to call upon the others? In other words, what if we could make them all talk to one another?

An enterprising developer by the name of Leon Nicholls recently activated Siri on an iPhone by going through three different voice-enabled assistants first. Using Amazon’s recently released Alexa voice-command system, a naughty chain of command was created between Amazon’s Alexa, Google Now, and Apple’s Siri.

First, Nicholls used a Raspberry Pi loaded with Amazon’s Alexa Skills Kit, a collection of tools that allows users program new features into the voice service. Then, he starts off by activating voice commands on his Raspberry Pi and he asks it to “Ask Alexa how to use Siri.”

“Alexa, ask Google how to enable ‘Hey Siri,’” says the Raspberry Pi.

“Okay Google,” Amazon’s black cylinder replies, using keywords that activate a Google Nexus 6P phone at its base. “How do I enable ‘Hey Siri’?” asks the Amazon Echo.

The phone pauses to search for an answer on Google.

“According to MacWorld, the next time you summon Siri with a command by either holding down on the home button or by calling out ‘Hey Siri!’ when your iOS device is plugged in, you’ll be prompted with a setup screen,” replies Google Now.

An iPhone 6S takes a moment to recognize the call. It wakes up, asking no person or device in particular, “Yes?”

As the Siri is left hanging, the conversation reaches a dead end.

While it is amusing to see companies who are vying for a share of the nascent market for its virtual assistants, it will equally interesting to see what other tricks people can come up with when using all these different services together.

Opera becomes the first web browser to offer a built-in VPN service

Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks.

Opera has released an updated desktop version of its web browser with a Free built-in VPN serviceto keep you safe on the Internet with just a click.

For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources.

Free VPN Service with Unlimited Data Usage

Unlike several other free VPN services, Opera's built-in free VPN service will offer you unlimited data usage as well. You just have to turn on a virtual switch in the Settings menu to enable the feature.

So you required to install no third-party extensions, pay no monthly fee as well as set no limit on data usage.

"By adding a free, unlimited VPN directly into the browser, no additional download or extensions from an unknown third-party provider are necessary," Opera's engineering chief Krystian Kolondra wrote in a blog post.

"So, today, our Opera desktop users get a handy way to boost their online privacy, as well as easier access to all their favorite online content no matter where they are."

Opera's Free VPN service uses 256-bit encryption to hide all your connection details and replaces your IP address with a virtual one, making it difficult for the government or anyone to trace your location, identify your computer or block content they do not want you to see.

The free VPN feature in Opera has been made possible after the company acquired VPN providerSurfEasy last year.

Here's How to Try Opera's Free VPN

To give Opera's Free VPN a try, install the latest developer version of Opera for Windows and Mac, look for the 'Privacy & Security' tab and toggle this feature ON.

Since Operas Free VPN service is available in the latest developer version of Opera, the service lets you switch between three virtual locations: The United States, Canada, and Germany.

However, the company says it will add more countries in the stable version of its browser.

Want To Hack Into Your Android-Powered Smartphone? Here Are 10 Neat Tips!

A lot of tech savvy users like to play around with their smartphones. From editing your lock screen to using your phone to perform other activities, your smartphone can be used for all of them. Here are a few fun hacks that can come in handy!

1.Force reboot

-Press Power Button + Home Key + Volume up button simultaneously, and you can reboot your Android smartphone in case it's frozen.

2.Quick Google Access

Did you know that Android smartphones provide an easy way to access Google search in just a single click.

-Press menu key, hold it for couple of seconds and you'll have Google search ready for all your search needs.

3.Reboot Android in safe mode

Android versions jelly bean and upwards provide an option to reboot in safe mode.

To reboot in safe mode:

-Long press the power button

-Long press on the power off option

Users will be prompted to confirm a reboot in safe mode

The trick will disable all the 3rd party applications on your device, and is particularly helpful when either of these apps is playing spoilsport. You can re-enable the applications when you reboot your phone normally.

4.Unlock android phones by face detection

Android versions jelly bean and upwards provide a way to unlock your smartphone using face detection. Android jelly bean has added another layer of protection to make the feature even more secure. The smartphone can only be unlocked when the face matches as well as you require to blink your eyes to allow access. The blinking feature tells the device that you're alive and not a still image used by someone other than you to access your device.

To turn on the feature:

-Settings > Security > Screen lock > Face unlock

5.Get detailed information about phone status

Get detailed statistics like phone information, battery information, usage statistics and WiFi information by simply dialing the USSD code *#*#4636#*#*.

6.Move android apps to SD card

To move apps from your Android phone memory to SD card:

-Settings > Application settings > Manage application > Select the application > Move to SD card

7.Hard Reset and Factory reset your android phone

-In case of factory reset, your phone will be formatted to factory level: all your settings will go back to factory default and all the internal data will be deleted.

To factory reset a phone dial *#*#7780#*#*.

-In case of hard reset, all the data (including internal and external SD data) as well as settings of your android phone will be deleted without prompting for a confirmation.
To hard reset a phone dial *2767*3855#.

8.Context menu in android

Long pressing on the screen will bring out additional options for customising your android device.

9.Taking screen shots on android phone

You can take the screen shot on your Android phone without using any 3rd party application.

-For most Android phones: Press the Home button + power button.

-For Galaxy Nexus: Power button + volume down button.

-For Galaxy Note 2 and S3: Swipe your palm on the screen to take screen shot.

And so on.

10.Android Version Animation

-settings > about phone > Tab repeatedly on ‘Android version’.

The Android version will be animated after sometime.

5 Common Mistakes That Fresh Hackers Make

Starting out as a beginner in hacking can be a lot of fun, but there are some common mistakes that most make. If you’re reading this, then you have the unique advantage of avoiding these mistakes when you’re still news. The following five points will tell you what not to do in your journey towards becoming a true hacker.

1. If you see a website offering hacking software or offering to hack email ids for money, avoid them. These websites are nothing but scams and won’t work.

2. A software that claims to hack giants like Google, Facebook, Yahoo and the like is a hoax. There are no such software available. You may get yourself hacked while trying to get these.

3. Don’t use keyloggers and Trojans found as freeware online. These software aren’t meant to be free and you will be giving access to your own computer to another hacker.

4. Programming and scripting languages are very important parts of any hacker’s arsenal. If you plan to use software only then you would also be limited by the software’s functionalities.

5. A good hacker is a good programmer, security expert, developer and good script writer. It is usually not the other way around. You must known this for cross site scripting like P

So, hacking is not simply about making your way into websites and leaving your mark. You have a great set of talents a can also get the best jobs in the industry.

Here Are The Top 6 Free Legal Hacking Sites!

Not that all hacking is necesserily evil! Hacking is knowing about how things function and knowing why things function the way they do. In their quest to either understand potential attack vectors or simply for the sheer fun of it, there are some basics that they need to know and follow. Before you blindly dive into the world of hacking, make sure you have your basics right!

Here's a list of six best hacking sites to get you started:

1. HellBound Hackers

-Covers an expansive range of topics including ethics, social engineering and phreaking.

-Has a community of almost 50,000 members.

2. Hack This Site

-Provides realistic challenges which allow you to practice your cracking skills in a safe, legal environment.

-Interactive hacking tutorials, with the associated articles and guidance is a treat for potential hackers.

3. Ethical Hacker Network

-Features articles and interviews with key figures in cyber security.

-Provides information on certifications.

4. 2600

-First published in 1984, the 2600 magazine has been the inspiration for several generations of ethical hackers.

5. Hacker Games

-Offers a range of challenges for budding hackers.

-Provides a great, safe avenue for investigating complex security setups.

6. SlaveHack

-This free hacking simulator pits you against thousands of competitors all looking to get one over on you.

7 Great Mozilla Add-Ons For Hackers

The creation of penetration testing labs in Kali Linux or Backtrack, has been a popular topic for a long time, but the fact remains that all challenges, practice, and hacking need tools. One of the better known tools is the Addons which comes in many types and forms. We thought it would be fun to bring to you a list of important add-ons for hackers and pentesters. Here are the top 7 that we shortlisted:

1. Tamper Data: This is one of the most used Addons for Pentesters, who traditionally make use of it for viewing and modifying HTTP/HTTPS headers and post parameters, trace and time HTTP response or requests, security test web applications by modifying POST parameters and a lot more. The add-on can be downloaded here.

2. Hack Bar: Another well known and very often used tool, it is mostly used for security audit , and comes strongly recommended for installation and XSS, SQL Encoding/Decoding - MD5, SH1, Base64, Hexing, Splitting etc. The add-on can be downloaded here.

3. Live HTTP Headers: Similar to the Tamper Data add-on, the one big difference this add-on has is that it allows for viewing HTTP headers of a page while browsing. The add-on can be downloaded here.

4. User Agent Switcher: This particular add-on works wonders in adding a menu and a toolbar button to switch the user agent of a browser. This is, in turn, helpful in the changing of a User Agent to IE, Search Robots, I-Phone (I-OS). Besides this, the user can also use this add-on in the creation of his or her own User Agent. The add-on can be downloaded here.

5. Cookie Manager+: This is a great add-on for viewing, editing, creating and injecting cookies. The best thing about the add-on is the fact that it displays extra information about cookies, allows edit multiple cookies at once & backup/restore.

6. HTTP Fox: This add-on works for those looking to monitor and analysing all incoming and outgoing HTTP traffic between the browser and the web servers. The aim of the add-on is to bring the functionality known from tools like Http Watch or IE Inspector to the Firefox browser. The add-on can be downloaded here.

7. Passive Recon: This add-on gives its users the capability of performing "packetless" discovery of target resources utilizing publicly available information. The add-on can be downloaded here.

Here Are 8 Wild Android Hacks!

The Android platform has reached unsurpassed glory and fame in recent times. Endless customisation means you can do anything and everything with devices that have Android running under the hood. However, there are some who still want more from life. A little tinkering, or shall we say hacking doesn't kill anybody, does it?

1.Streaming music from PC to your Android-powered smartphones

The Gmote app lets you to stream stuff from PC to your smartphones using Wi-Fi, particularly helpful when you're low on storage space in your device. The app turns your phone into a remote control for your computer, allowing you to start and control movies and music at a distance.

2.Customising your user interface as you like!

The stock Android wallpapers and themes lack inspiration. The Beautiful Widgets app give you one stop access to tonnes of customised and animated wallpapers that you can use on your phone making it much more interesting.

3.Going retro on your Android smartphone!

The most recent emulator that was developed by the programmer yongzh is theGameBoid, which is considered to be remarkable in terms of allowing people to play as if they are playing Game Boy Advance.

4.Opening your garage door with your Android smartphone!

The OpenSezMe app is a simple Android application to turn your phone into a "virtual" garage door remote, with the requirements that the application only successfully function when/if the user is within a 1 block quadrant of his/her home, and be protected by a pin code.

5.Overclocking your Android smartphone

The SetCPU app is a tool for changing the CPU settings on a rooted Android phone or tablet. SetCPU works with a great variety of Android devices and ROMs, including the HTC One series, Samsung Galaxy series, and Nexus devices. SetCPU can improve your performance, save battery, or both.

6.Run Android on an Apple iPhone

You need to break into your iPhone first in order to do this. Apps like Redsn0w andPwnageTool can do that for you. You can then install Android on your iPhone and have some fun thereon!

7.Taking screenshots on your Android smartphone

The ShootMe app lets you take screenshots of your Android smartphone (rooted).

8.Blocking ads on your Android smartphone

The Adfree app essentially blocks ads from everywhere on your rooted Android powered phone.

Here Are The Top Techniques To Hack A Facebook Account Password

Social networking giant Facebook is indeed a giant of sorts in the recent times. With more and more people using the platform to connect with their near and dear ones, the chances of being hacked have also gone haywire. Hackers could make use of either of the following tricks to get through your account for their vested interests. Beware!

1.Phishing

Phishing is the attempt to sabotage sensitive information such as usernames, passwords, and credit card details by posing as a trustworthy entity in an electronic communication. These entities normally range from popular social web sites, auction sites, banks, online payment processors to IT administrators. Phishing is normally carried out by means of email spoofing/instant messaging (emails used in the process usually carry links to websites that have been infected with malware.). These spoofed emails/messages usually direct the users to a separate however extremely genuine looking website where they might be asked to re-enter their account information. These genuine-looking websites are in fact fake/scams in disguise and lure users into submitting their sensitive information. Once through, users' account gets hacked!

2.Keyloggers/RATs

Keyloggers are essentially a surveillance tool often used by employers to ensure employees use work computers for business purposes only. However, with time hackers have come to make good use of the tool for their own vested interests. The process of keylogging becomes particularly effective if the miscreant somehow gains physical access to the victim's computer. All that a hacker needs to do now is to install a keylogger into the victims's computer and direct the same to his/her destination. The keylogger will now record all the victim's keystrokes into a log file and send it to the destination chosen by the hacker. The hacker can then use these logs to acquire the victims's account information and hack into it.

3.Primary Email address

This is quite an obvious way for hackers to get through your Facebook accounts. If a hacker is able to somehow hack into your primary email address what you're also using to log into Facebook, well, it's a walk in the park for him/her after that. The hacker can easily use Facebook's 'Forgot password' trick to make the social networking site to send the victim's password to the designate primary email account, that unfortunately has already been compromised.

4.Social Engineering

Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. This will eventually depend upon the hacker's logical expertise. It could involve a probable guessing of the password based on the victim's Facebook and other social networking profiles.

5 Best Wi-Fi Hacking Tools And Software!

Hacking tools make hacking a breeze. But, there is still more to being a hacker than just that. Yes, these tools have made it simple, but unless you have the knowledge about other aspects of hacking you're no good. We have compiled a list of top 5 Wi-Fi hacking tools which you can learn and use. Not only can these be used to do hacking for wireless network, but they can also be used to increase the security on wireless router.

1. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

-Features :

1. 802.11b, 802.11g, 802.11a, 802.11n sniffing
2. Standard PCAP file logging (Wireshark, Tcpdump, etc)
3. Client/Server modular architecture
4. Multi-card and channel hopping support
5. Runtime WEP decoding
6. Tun/Tap virtual network interface drivers for realtime export of packets
7. Hidden SSID decloaking
8. Distributed remote sniffing with Kismet drones
9. XML logging for integration with other tools
10. Linux, OSX, Windows, and BSD support (devices and drivers permitting)

2. NetStumbler

NetStumbler is a tool for Windows that facilitates detection of Wireless LANs using the 802.11b, 802.11a and 802.11g WLAN standards. It runs on Microsoft Windows operating systems from Windows 2000 to Windows XP. A trimmed-down version called MiniStumbler is available for the handheld Windows CE operating system.

-Used for :

1. Wardriving
2. Verifying network configurations
3. Finding locations with poor coverage in a WLAN
4. Detecting causes of wireless interference
5. Detecting unauthorized ("rogue") access points
6. Aiming directional antennas for long-haul WLAN links

3. WireShark

Wireshark is the world's foremost network protocol analyser. It lets you see what's happening on your network at a microscopic level. It is the de facto standard across many industries and educational institutions.

-Features :

1. Deep inspection of hundreds of protocols, with more being added all the time
2. Live capture and offline analysis
3. Standard three-pane packet browser
4. Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
5. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility

4. AirSnort

AirSnort is a Linux and Microsoft Windows utility (using GTK+) for decrypting WEP encryption on an 802.11b network. Distributed under the GNU General Public License,[1] AirSnort is free software. However, it is no longer maintained or supported.

5. CoWPAtty

CoWPAtty automates the dictionary attack for WPA-PSK. It runs on Linux. The program is started using a command-line interface, specifying a word-list that contains the passphrase, a dump file that contains the four-way EAPOL handshake, and the SSID of the network.

Hack Into Gmail And Facebook Using Kali Linux!

Kali Linux is undoubtedly one of the most popular and advanced penetration testing platforms till date. Many or even most hackers prefer to use this platform for all their endeavours. Ethical hacking also is a much sought after field and here’s something that Kali Linux users will appreciate. The following steps show how to clone Gmail and Facebook using Backtrack 5 or Kali Linux.

1. Open the backtrack terminal use the ifconfig command to find your IP address.

2. On the terminal type cd /pentest/exploits/set

3. You will need to have the Social Engineering Toolkit (SET) for this one.

4. Start this us and then choose the second option, which says ‘Website Attack Vectors’.

5. In the next part, you have to select the fourth option, which says ‘Tabnabbing Attack Method’.

6. Choose the second option, which is ‘Site Cloner’.

7. Now you have to enter the URL of the website that you want to clone or hack into. In this case the URL will be www.gmail.com. The SET will automatically create the clone. Press enter in order to continue.

8. The URL now needs to be converted into the Google URL. For this use goo.gl and send the link address to you’re the person you want to attack. This you can do in a myriad number of ways like email, chat etc.

9. When your victim will open their internet browser for Gmail, they should get a message saying that the page is still loading. As soon as they open a new tab, the fake clone that we made will start functioning.

Here Are 40 Free Hacking Tutorials!

Learning to become a hacker is not everybody's cup of tea, well, at least it's not as easy as learning to become a software developer. It doesn't matter what level you are, a hacker requires to have in depth knowledge of a wide array of topics. Hacking is basically knowing about how things function and knowing why things function the way they do.

Here are some great hacking tutorials and resources that you can explore in your journey to learn hacking:

1. Hacking Tutorials for Beginners By BreakTheSecurity.com

Unless you know how to hack, you cannot defend yourself from hackers. Break The Security(BTS) provides Penetration Testing and Ethical Hacking tutorials. It guides users to get into the PenTesting and Ethical Hacking World.

2. How to learn Ethical hacking By Astalavista.com

You can learn all there is to know about Ethical hacking over here.

3. Penetration Testing Tutorial By Guru99.com

Here you learn Penetration Testing by practice. The goal of this testing is to find all security vulnerabilities that are present in the system being tested. This tutorial takes boredom out of learning and makes education a fun experience.

4. Backtrack Penetration Testing Tutorial

This Backtrack Penetration Testing Tutorial is a penetration testing tutorial using Backtrack Linux. Backtrack is the best penetration testing distribution. Offers some penetration testing programs and these programs will used in this Backtrack Penetration Testing Tutorial.

5. Introduction to Penetration Testing

The difference between penetration testing and hacking is whether you have the system owner’s permission. This tutorial helps you understand this better.

6. Information Gathering with Nmap

This tutorial consists of a series that will give a basic walkthrough of a penetration test. However, many tools on the backtrack distro will not be covered in these and could be asked from the author separately.

7. Simple How To Articles By Open Web Application Security

Series of articles describing how to perform a specific activity that contributes to application security.

8. The Six Dumbest Ideas in Computer Security

Introduces you to the six dumbest ideas in computer security: the anti-good ideas that come from misguided attempts to do the impossible.

9. Secure Design Principles

While there are many specific security practices, they flow from a small set of well-accepted principles. Understanding the fundamental principles puts you in the best position to implement specific practices where needed in your own projects. This tutorial guides you through the same.

10. 10 steps to secure software

The author and security analyst recommends that programmers follow some principles for developing secure software that is today's weakest link.

11. Introduction to Public Key Cryptography

Public-key cryptography and related standards and techniques underlie security features of many Red Hat products, including signed and encrypted email, form signing, object signing, single sign-on, and the Secure Sockets Layer (SSL) protocol. This document introduces the basic concepts of public-key cryptography.

12. Crypto Tutorial

The page contains many crypto tutorials, totalling 973 slides in 12 parts, of which the first 10 (+ part 0) are the tutorial itself and the 12th is extra material which covers crypto politics.

13. Introduction to Cryptography

Deals with the very basics of cryptography.

14. An Overview of Cryptography

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter.

15. Cryptography Tutorials Herong's Tutorial Examples

Collection of notes and sample codes written by the author while he was learning cryptography technologies himself. Topics include blowfish, certificate, cipher, decryption, DES, digest, encryption, keytool, MD5, OpenSSL, PEM, PKCS#8, PKCS#12, private key, public key, RSA, secret key, SHA1, SSL, X.509.

16. The Crypto Tutorial Herong's Tutorial Examples

Easy-to-use, interactive cryptography tutorial. You have the opportunity to learn the secrets of cryptography in 30 lessons without having any background knowledge.

17. Handbook of Applied Cryptography

This ebook contains some free chapter from one of the popular cryptography books.

18. Network Penetration testing Guide

Risk assessment is a critical first-step in the information security lifecycle. Network penetration testing offers an invaluable way to establish a baseline assessment of security as it appears from outside the organisation's network boundaries.

19. How to hack anything in Java

Many applications in the enterprise world feature thick Java clients. Testing the security of such applications is considered practically more difficult than a similar browser-based client because inspecting, intercepting and altering application data is easy in the browser.

20. Mcafee on iPhone and iPad Security

Mobile application penetration testing is an up and coming security testing need that has recently obtained more attention, with the introduction of the Android, iPhone, and iPad platforms among others.

21. A Good Collection of White papers on security and vulnerabilities

Collection of white papers from different sources and some of these white papers are really worth referring.

22. Engineering Principles for Information Technology Security

The purpose of the Engineering Principles for Information Technology (IT) Security (EP-ITS) is to present a list of system-level security principles to be considered in the design, development, and operation of an information system.

23. Basic Principles Of Information Protection

As computers become better understood and more economical, every day brings new applications. Many of these new applications involve both storing information and simultaneous use by several individuals. The key concern in this paper is multiple use. For those applications in which all users should not have identical authority, some scheme is needed to ensure that the computer system implements the desired authority structure.

24. Open Web Application Security Project

Application security principles are collections of desirable application properties, behaviors, designs and implementation practices that attempt to reduce the likelihood of threat realisation and impact should that threat be realised.

25. Cryptography Course

Learn about the inner workings of cryptographic primitives and how to apply this knowledge in real-world applications!

Websites

26. http://www.astalavista.com/

27. http://packetstormsecurity.com/

28. http://www.blackhat.com/

29. http://www.metasploit.com/

30. http://sectools.org/

31. http://www.2600.com/

32. DEF CON - Hacking conference

33. http://www.breakthesecurity.com/

34. http://www.hacking-tutorial.com/

35. http://www.evilzone.org/

36. http://hackaday.com/

37. http://www.hitb.org/

38. http://www.hackthissite.org/

39. http://pentestmag.com

40. http://www.securitytube.net/

Password Cracking Anyone? Here Are 10 Tools To Help You!

While a great deal of time and effort is invested in designing and developing a software, it only takes a few seconds to bring it down on its knees via hacking. You might choose one of the most secure passwords (according to you, that is) for your online activities, but the fact is cracking the same is no big deal. With the right tools at hand, cracking a password can be a walk in the park. However, in all purposes, do remember the deed takes considerable risk. Do it at your own risk!

1.Brutus

Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UNIX version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page.

2.Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

3.RainbowCrack

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It crack hashes with rainbow tables. RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.

4.SolarWinds

Transform the complexity of IT security and compliance management with SolarWinds Log & Event Manager (LEM) — powerful, easy-to-use Security Information & Event Management (SIEM) in an affordable, all-in-one virtual appliance.

5.L0phtCrack

L0phtCrack 6 is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. Yet it is still the easiest to use password auditing and recovery software available. Software runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.

6.Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible.

7.Ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

8.THC-Hydra

A very fast network logon cracker which support many different services.

9.John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

10.Aircrack

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimisations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Top 10 Android Apps That Turn Your Phone into a Hacking Device

Hacking is an art that requires significant in depth knowledge of everything that abounds the digital world. Tech savvy users like to play around with their smartphones. Android devices are everywhere these days. The following apps are aimed at turning your mobile into a hacking device. Let's have some fun, shall we?

1.SpoofApp

SpoofApp is a Caller ID Spoofing, Voice Changing and Call Recording mobile app for your iPhone, BlackBerry and Android phone. It's a decent mobile app to help protect your privacy on the phone. However, it has been banned from the Play Store for allegedly being in conflict with The Truth in Caller ID Act of 2009.

2.Andosid

The DOS tool for Android Phones allows security professionals to simulate a DOS attack (an http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones.

3.Faceniff

Allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks.

4.Nmap

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyses the responses.

5.Anti-Android Network Toolkit

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

6.SSHDroid

SSHDroid is a SSH server implementation for Android. This application will let you connect to your device from a PC and execute commands (like "terminal" and "adb shell") or edit files (through SFTP, WinSCP, Cyberduck, etc).

7.WiFi Analyser

Turns your android phone into a Wi-Fi analyser. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router.

8.Network Discovery

Discover hosts and scan their ports in your Wifi network. A great tool for testing your network security.

9.ConnectBot

ConnectBot is a powerful open-source Secure Shell (SSH) client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on UNIX-based servers.

10.dSploit

Android network analysis and penetration suite offering the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

12 Of The Best Firefox Security Add-Ons!

Mozilla's Firefox is crisp and easy to operate making it by far one of the most preferred of web browsers. The fact that it supports a plethora of add-ons makes it an added choice for web users around the world. Security is a mejor concern while browsing. Not to worry, there are a number of excellent add-ons that will make your browsing experience safer.

1. Beef TACO

A Firefox add-on to opt-out of ad networks. Sets permanent opt-out cookies to stop behavioral advertising for 100+ different advertising networks: Google, Yahoo, Microsoft to name a few.

2.SpamAvert.com

Allows you to right-click any text field on any website, and paste a free, one-time e-mail address from Spamavert.com. These disposable addresses comes in handy when registering on websites you don't trust. The extension also opens the Spamavert.com mailbox and waits for new e-mail for the address it generated for you.

3.BugMeNot

Activate the extension by right-clicking on a user name and/or password field of a site that asks for registration. BugMeNot will log in for you automatically using user-submitted passwords. Features: multiple login attempts, failure reporting, and auto-submittal.

4.NoScript

It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts.

5.BetterPrivacy

Better Privacy serves to protect against special longterm cookies, a new generation of 'Super-Cookie', which silently conquered the Internet. This new cookie generation offers unlimited user tracking to industry and market research.

6.LastPass

Only remember one password - your LastPass master password. Save all your usernames and passwords to LastPass, and it will autologin to your sites and sync your data everywhere you need it.

7.AdBlock Plus

The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains.

8.Web of Trust (WOT)

WOT is a website reputation and review service that helps you make informed decisions about whether to trust a website or not when you are searching, shopping or surfing online.

9.BrowserProtect

Today's internet landscape include a new threat even from presumably legitimate downloads. Configuration changes (or hijacks) have gone into mainstream habits of software publishers. That's where BrowserProtect comes to rescue. It monitors your browser against homepage and search hijacks.

10.QuickJava

Easily turn on or off Java, Javascript, Cookies, Animated Images, Flash, Silverlight, Stylesheets, Proxy and Automatic loading of images from the Statusbar and/or the Toolbar without having to open the Options or Plugins dialog.

11.Close’n forget

Close the current tab and forget about the visit : suppress the cookies related to the current page and, if configured, the whole domain from the history.

12.Ghostery

It’s the web’s largest, most comprehensive and most user-friendly privacy tool. An easy add-on for every major browser and available as an iPad and iPhone app, Ghostery helps people around the world understand and control more than 1,600 trackers that are tracking them when they browse.

10 Places To Get Training On Ethical Hacking!

So you love hacking and want to fight against the bad folks of the field? It's time to get trained and certified in Ethical hacking to gear up and win the battle! Here we bring to you 10 online places where you can get training on various aspects of Ethical Hacking. While some of these institutions provide you certifications, others prepare you for some popular certifications. And if battling is not a good enough reason for you, then the fact that companies are actively looking for ethical hacking professionals may be!

1. Forward Discovery:

Learn computer forensics, incident response and digital investigation from those who were on the front lines. Forward claims to have instructors who have taught at the military, federal, state, local, and corporate levels. Few things that you can learn on Forward includes information protection and risk mitigation, digital investigations and computer forensics, data incident response, electronic discovery and vulnerability assessment.

2. 7SAFE

7Safe provides post graduate level and 11 certificate cources on different aspects of ethical hacking. The Postgraduate Qualifications includes: MSc Professional Practice in Digital Forensics and Security, Postgraduate Certificate in Computer Security and Forensics, MSc Computer Security and Forensics. The certification courses includes: CSTA Ethical Hacking Training, CSTP Ethical Web Application Hacking Training, CAST Application Security Training, CWSA Wireless Security Training, CFIP Forensic Investigation Training, CMI Malware Investigation Training, CSIS Incident Response Training, CMFS Mac Forensics Training, PCI DSS Implementation, CIIP Implementing ISO 27001, and Incident Response & Computer Forensics Awareness Training. The courses offered are authored and delivered by the expert practicing consultants of 7Safe.

3.Hacker Academy

The Hacker Academy provides training courses in infosec from the hacker’s perspective. The Hacker Academy not only provides the necessary skills to the students but also polishes them by providing required knowledge to practice, implement, and deploy what they have learned. It works on Learn-Practise-Use module where whatever you learn is practiced immediately.

It provides courses on Ethical Hacking, Penetration Testing, Digital Forensics and Reverse Engineering. You can even go for a free trial.

4. InfoSec Institute

The infosec institute have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. The institute have trained over 18,000 professionals by now. The institute offers a vast range of certifications courses a few popular ones out of which are: Advanced Ethical Hacking & Advanced Persistent Threat, Reverse Engineering, SCADA Security, Advanced Computer Forensics, Web Application Penetration Testing, Penetration Testing, Mobile Device Penetration Testing, Advanced Reverse Engineering Malware, Reverse Engineering Android, Expert Penetration Testing etc.

5. International Council of Electronic Commerce Consultants

The International Council of Electronic Commerce Consultants is already a known name amongst IT security professionals seeking certifications. The ECC council provides many popular certifications including: Certified Ethical Hacker, Computer Hacking Forensic Investigator – CHFI, Certified Chief Information Security Officer – CCISO, Licensed Penetration Tester – LPT, EC-Council Certified Security Analyst – ECSA, EC-Council Network Security Administrator – ENSA, EC-Council Certified Incident Handler – ECIH, EC-Council Disaster Recovery Professional – EDRP, Certified Secure Computer User – CSCU, Certified Network Defense Architect – CNDA, EC-Council Certified Security Specialist – ECSS, EC-Council Certified Secure Programmer – ECSP, EC-Council Certified VoIP Professional.

6. Logical Security

The Logical Security provides comprehensive and varied educational solutions while offering private, on-site classes for organizations. They also provide Self-Study Solution Packages, Computer Based Training, On-Line Training, and customized training tailored for your needs. Logical security is the place to get video and online tutorials for various security certificates like CEH, Security+, SSCP and CISSP.

7. Mile2

The developer and provider of proprietary vendor neutral professional certifications for the cyber security industry, Mile2 administers its certification exams through the MACS (Mile2 Assessment and Certification System) system. It provides Information Assurance services meeting the military, government, private sector and institutional standards and specifications. The certification courses are programmed to teach the fundamental and advance principles of cyber security and follows a course/certification track that leads to advanced hands on skills training for penetration testing, Disaster Recovery, Incident handling and Network Forensics.

8. PaulDotCom

PaulDotCom Enterprises is an organisation dedicated to security, hacking, and education. It encompasses weekly podcasts, monthly webcasts, security consulting, and numerous articles, papers, and presentations.

9. SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organisation. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. SANS training can be taken in a classroom setting from SANS-certified instructors, self-paced over the Internet, or in mentored settings in cities around the world.

What's interesting is SANS runs continuous competitions for security instructors around the world to find the best teachers in each topic.

10. Security University

Security University is one of the popular providers of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals. The University offers various certification courses including a few like Qualified/ Ethical Hacker Certification, Qualified/ Security Analyst Pen Tester Cert., Qualified/ Penetration Tester License, Qualified/ Forensic Expert Certification, Qualified/ Network Defender Certification.

Other than the above listed places, even TrueSec and Vigilar's Intense School are worth a mention.

Never Give Up