background preloader

Storing Passwords - done right!

Storing Passwords - done right!
Written by: Christoph Wille Translated by: Bernhard Spuida First published: 1/5/2004 Viewed 257725 times. 1766 ratings, avg. grade 4.76 In very many - not to say almost all - Web applications user data is administered, from Web forum to Web shop. These user data encompass login information of the users which contain the password besides the user name - and this in plain text. A security leak par excellence. Why is storing the user name and password in plain text a security leak? Well, imagine a cracker gaining system access through eventual OS or server software errors, and being able to read the user database. How can this security risk be eliminated? What is a Salted Hash? A hash is a numerical value of fixed length which unequivocally identifies files of arbitrary legth. The reason for this is that usually so called 'Dictionary Attacks' are run against hashed passwords - a good example being the MD5 hashed passwords of NT4. Storing the Salted Hash Generating Passwords - done right!

http://www.aspheute.com/english/20040105.asp

Related:  Hacking tutorials sites & toolsEmpty Dropzone

PsExec Introduction Utilities like Telnet and remote control programs like Symantec's PC Anywhere let you execute programs on remote systems, but they can be a pain to set up and require that you install client software on the remote systems that you wish to access. PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.

Difference between WEP, WPA and WPA2 (Which is Secure) BESbswyBESbswy AddThis What's Next Recommended for you www.guidingtech.com AddThis Hide HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters) Even if you know you need to secure your Wi-Fi network (and have already done so), you probably find all the encryption acronyms a little bit puzzling. Read on as we highlight the differences between encryption standards like WEP, WPA, and WPA2–and why it matters which acronym you slap on your home Wi-Fi network. What Does It Matter? You did what you were told to do, you logged into your router after you purchased it and plugged it in for the first time, and set a password.

Scanning the Internet with Nmap (Defcon 16) Tutorial Scanning The Internet With Nmap (Defcon 16) Description: How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet". Interestingly, as Fyodor notes in his talk that scanning such a large set of IP addresses did help him in uncovering many bugs in Nmap and also forced him to make enhancements and add new features to make the scanner really fast.

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL.

Computer acting funny? It may be infected with a virus! One great thing about computers is that they often warn us when something is wrong. Sometimes they suddenly slow down to a crawl, other times they start to freeze up or even crash for what seems to be no reason at all. Most of the time though, there is a reason why our computers start to act funny. Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible Design flaws in the Wi-Fi Protected Setup (WPS) wireless standard can make it easier for attackers to obtain access codes for secured wireless networks by brute force. The vulnerabilities identified by security researcher Stefan Viehbock affect a large number of WPS-enabled routers and wireless access points. The WPS standard was created in 2007 by the Wi-Fi Alliance in order to provide non-technical users with a simple method of setting up wireless networks. The standard supports several Wi-Fi authentication methods including one that requires pushing a physical button on the router and one that uses a predefined PIN number printed on a sticker by the device manufacturer. The PIN-based method is mandatory for WPS-certified devices, which support it by default. Devices that are WPS-capable, but aren't certified, are also likely to use the method.

Top 50 Hacking Tools That You Must Have Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Most of the tools mentioned in this post are pre-included in Kali Linux which you can install to have them at once. These Guys Will Hack Your Phone to Reveal Who It's Secretly Sending Information To Geoff White (left) and Glenn Wilkinson (right). Photo by James Snell. This article originally appeared on VICE UK.

Hacktivismo: News cDc releases Goolag Scanner (posted by MiB on Februari 20th, 2008) SECURITY ADVISORY: The following program may screw a large Internet search engine and make the Web a safer place. LUBBOCK, TX, February 20th -- Today CULT OF THE DEAD COW (cDc), the world's most attractive hacker group, announced the release of Goolag Scanner, a web auditing tool. How can I mask my IP address and become untraceable online? Hide IP NG Concerned about Internet privacy? Want to hide your IP address? Hide IP NG (short for Hide IP Next Generation) is the software you are looking for! Keeping your privacy is simple and easy: just start Hide IP NG!

Painfully Computer Pranks ~ Computer Hacking Computer pranks to freak out your friends and make them crying for mummy I've been posting many articles about computer pranks on this blog (Deadly Virus Prank, The Ultimate Virus, How to Create a Fake and Harmless Virus and Facebook Virus Prank). Today , I will show you 5 great computer pranks that will frustrate your victims very much. These pranks could be very painfully, so please use them at your own risk ;) 1. Crash a Computer System With Nothing But a URL! The glider: an Appropriate Hacker Emblem The Linux folks have their penguin and the BSDers their daemon. Perl's got a camel, FSF fans have their gnu and OSI's got an open-source logo. What we haven't had, historically, is an emblem that represents the entire hacker community of which all these groups are parts. This is a proposal that we adopt one — the glider pattern from the Game of Life.

Learn Ethical Hacking Online - HackingLoops There’s a seemingly endless number of free open-source tools for penetration testing, and most of them seem to gravitate around the Kali Linux distribution. But with so many free tools, it’s easy to miss out on some of the best ones. So today we’re going to take a closer look at Armitage, define what it is, and define how it works. However, there’s a few things that you need to know before we start digging into the dirty details of how to use this tool. Naturally, I do have to give a brief warning before we get started, too.

Related: