background preloader

Firesheep - codebutler

Firesheep - codebutler
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests. It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is. After installing the extension you'll see a new sidebar. As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed: Double-click on someone, and you're instantly logged in as them.

How to hide files in JPEG pictures If you’re looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else. I’ve actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here I’m going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file! You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Not only that, you can actually store many files inside of single JPG file, not just one! Hide File in Picture Create a folder on your hard drive, i.e. Now here’s the fun part! And that’s it! That’s it!

Top 20+ MySQL Best Practices Database operations often tend to be the main bottleneck for most web applications today. It's not only the DBA's (database administrators) that have to worry about these performance issues. We as programmers need to do our part by structuring tables properly, writing optimized queries and better code. In this article, I'll list some MySQL optimization techniques for programmers. Before we start, be aware that you can find a ton of useful MySQL scripts and utilities on Envato Market. Most MySQL servers have query caching enabled. The main problem is, it is so easy and hidden from the programmer, most of us tend to ignore it. The reason query cache does not work in the first line is the usage of the CURDATE() function. Using the EXPLAIN keyword can give you insight on what MySQL is doing to execute your query. The results of an EXPLAIN query will show you which indexes are being utilized, how the table is being scanned and sorted etc... After adding the index to the group_id field:

In Unix, how do I change the permissions for a file You can change file permissions with the chmod command. In Unix, file permissions, which establish who may have different types of access to a file, are specified by both access classes and access types. Access classes are groups of users, and each may be assigned specific access types. The access classes are "user", "group", "other", and "all". There are two basic ways of using chmod to change file permissions: Symbolic method The first and probably easiest way is the relative (or symbolic) method, which lets you specify access classes and types with single letter abbreviations. For example, to add permission for everyone to read a file in the current directory named myfile, at the Unix prompt, you would enter: chmod a+r myfile The a stands for "all", the + for "add", and the r for "read". Note: This assumes that everyone already has access to the directory where myfile is located and its parent directories; that is, you must set the directory permissions separately. chmod +r myfile

How to bypass strict firewalls on public wifi hotspots and restricted networks, by tunneling blocked ports and protocols - Public wifi hotspots and restricted internet access More and more, you can find public wireless hotspots, in cities, train stations, airports... and even some public hotspots that are available with a subscription, accessible through a web login form. The thing is, most of the time, these hospots will have a reduced connectivity. This also applies to protected networks, such as libraries, schools and office environments, where your access to Internet is limited, and some ports and protocols are blocked. I will explain here two different solutions to break free of these restrictions: SSH tunneling and SOCKS servers. What do we need? You do need the following: HTTPS access through the firewall. You may want to use a free shell provider such as SilenceIsDefeat as your server, but make sure you can access SSH through port 443. How does it work? The first solution using simple SSL tunneling. I find that using both solutions allows me to do almost everything. Before we start Listen 443 SSH tunneling

Tutorial: Cracking WEP Using Backtrack 3 | What's the w0rd? Standard Disclaimer: This article is provided for informational purposes only. and its affiliates accept no liability for providing this information. Please only use to test configurations on your own equipment. Accessing WIFI networks that do not belong to you is ILLEGAL. This article will explan how to crack 64bit and 128bit WEP on many WIFI access points and routers using Backtrack, a live linux distribution. Your mileage may very. Requirements: I will assume that you have downloaded and booted into Backtrack 3. Preparing The WIFI Card First we must enable “Monitor Mode” on the wifi card. modprobe -r iwl3945 modprobe ipwraw The above commands will enable monitor mode on the wireless chipset in your computer. iwconfig Take note of your wireless adapter’s interface name. airmon-ng stop [device] Then: ifconfig down [interface] Now we must change the MAC address of the adapter: macchanger --mac 00:11:22:33:44:66 [device] Its now time to start the card in monitor mode by doing:

Narada's Fluxbox Guide (Page 1) / Applications & Desktop Environments Narada's Fluxbox Guide What is the point of this guide? To provide you with a quick walkthrough and introduction to a functional Fluxbox setup. What is Fluxbox, you ask? My Setup (Example Fluxbox desktop) The above screenshot is of my current Fluxbox desktop. The MenuBecause Fluxbox lacks a 'Start' menu commonplace in many window managers, having a functional menu is critical. The above is my ~/.fluxbox/menu. [exec] is used to execute a program. Simple, right? As you may have noticed in the screenshot, it is possible to have submenus. The {} is blank in this case because we have no use for it - We just want to expand another menu. [submenu] (Submenu 1) {} [exec] (foo) {bar} [end] The menu also has some special cases when it comes to options. To create a wallpaper selecting menu entry: [submenu] (Wallpapers) {} [wallpapers] (~/.fluxbox/backgrounds) {} [end] To create a styles/themes menu entry: [submenu] (User Styles) {} [stylesdir] (~/.fluxbox/styles) {} [end] To create a "Run" dialog: #! Closing

Black Hat ® Technical Security Conference: USA 2010 // Archives Caesars Palace Las Vegas, NV • July 28-29 Event AUDIO & VIDEO: The Source of Knowledge will be onsite to sell audio and video recordings of the Briefings sessions. Their booth will be located outside of the Fourth Floor (Promenade Level), Emperor's Ballroom, or click here to visit the SOK site: order media » Quynh Nguyen Anh, Kuniyasu Suzaki Virt-ICE: next generation debugger for malware analysis Dynamic malware analysis is an important method to analyze malware. This research presents a new debugger named Virt-ICE, which is designed to address the problems of current malware debuggers. We conclude the talk with some live demos to show how Virt-ICE can debug some real malware. James Arlen SCADA and ICS for Security Experts: How to avoid Cyberdouchery The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. olle B Don Bailey, Nick DePetrillo remore exploit help session.screen0.window.{focus|unfocus}.alpha: integer These resources are available to the user to set different levels of transparency for different components of fluxbox. Each one accepts a value between 0-255, 255 being opaque and 0 being completely transparent. session.screen0. The autoHide resources allow the user to set the behavior of the toolbar and slit. session.screen0. With these two resources, you can set the layer you want the toolbar and the slit to appear on. session.screen0. These allow users to place the slit and toolbar where they like. Possible options are: BottomLeft BottomCenter BottomRight LeftBottom LeftCenter LeftTop RightBottom RightCenter RightTop TopLeft TopCenter TopRight Slit default: RightBottom Toolbar default: BottomCenter session.screen0. Setting these to True will allow application windows to maximize over the complete screen. session.screen0.toolbar.height: integer Set the height of the toolbar. session.screen0.toolbar.visible: boolean Possible tools: Default:

Back¦Track-fr sécurité réseau & intrusion