Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible Design flaws in the Wi-Fi Protected Setup (WPS) wireless standard can make it easier for attackers to obtain access codes for secured wireless networks by brute force. The vulnerabilities identified by security researcher Stefan Viehbock affect a large number of WPS-enabled routers and wireless access points. The WPS standard was created in 2007 by the Wi-Fi Alliance in order to provide non-technical users with a simple method of setting up wireless networks. The standard supports several Wi-Fi authentication methods including one that requires pushing a physical button on the router and one that uses a predefined PIN number printed on a sticker by the device manufacturer. The PIN-based method is mandatory for WPS-certified devices, which support it by default. Devices that are WPS-capable, but aren't certified, are also likely to use the method.
New Trojan Turns Linux Devices into Botnet New Linux Trojan turns infected Linux Devices and websites into P2P botnets and threatens users with DDoS and ransom! — This Trojan is one of its kind! Linux is considered as one of the most secure operating systems but things seem to be changing as cyber criminals are equipping themselves with the latest tools.
100 Incredibly Useful and Interesting Web Sites Even as the Web has become more entertaining--and certainly better looking--over the past 15 years, it has also become much more useful and practical, as the 100 sites in this feature will demonstrate. I've organized the sites in the list by the type of task they help you with. It is not a ranking; in each category I recommend sites that specialize in a different area than the others. John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL.
Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU Security researchers have successfully broken one of the most secure encryption algorithms, 4096-bit RSA, by listening — yes, with a microphone — to a computer as it decrypts some encrypted data. The attack is fairly simple and can be carried out with rudimentary hardware. The repercussions for the average computer user are minimal, but if you’re a secret agent, power user, or some other kind of encryption-using miscreant, you may want to reach for the Rammstein when decrypting your data. This acoustic cryptanalysis, carried out by Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer, uses what’s known as a side channel attack.
PsExec Introduction Utilities like Telnet and remote control programs like Symantec's PC Anywhere let you execute programs on remote systems, but they can be a pain to set up and require that you install client software on the remote systems that you wish to access. PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.
How Hackers Protect Themselves From Getting Hacked When Adrian Lamo goes online, he leaves nothing to chance. To log in to personal accounts, he uses a digital password generator -- a plastic key chain-like device that displays a new string of digits every 60 seconds. He adds an extra layer of security to some accounts by entering a special code that he receives via text message. And he uses browser extensions to avoid downloading malware by accidentally visiting dangerous Web sites. Some techniques “may seem like a ‘Mission Impossible’ level of security to the average user," Lamo said. But the average user could learn a thing or two from hackers like Lamo, who are not only skilled at breaking into others' PCs, but have devised sophisticated -- in some cases, extreme -- methods for protecting their own.
Storing Passwords - done right! Written by: Christoph Wille Translated by: Bernhard Spuida First published: 1/5/2004 Viewed 257725 times. 1766 ratings, avg. grade 4.76 In very many - not to say almost all - Web applications user data is administered, from Web forum to Web shop. These user data encompass login information of the users which contain the password besides the user name - and this in plain text. A security leak par excellence.
Top 50 Hacking Tools That You Must Have Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Most of the tools mentioned in this post are pre-included in Kali Linux which you can install to have them at once. Hacking Facebook User 'Access Token' with Man-in-the-Middle Attack In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using 'access token'.
Difference between WEP, WPA and WPA2 (Which is Secure) BESbswyBESbswy AddThis What's Next Recommended for you www.guidingtech.com AddThis Hide