Hacking Techniques

Attacks on a company or organization's computer systems take many different forms, such as spoofing, smurfing, and other types of Denial of Service (DoS) attacks. These attacks are designed to harm or interrupt the use of your operational systems. This article deals with a single wide-spread form of attack known as password cracking.

Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock a resource that has been secured with a password. In this article I will take a look at what password cracking is, why attackers do it, how they achieve their goals, and what you can do to do to protect yourself. I will briefly take a look at the attackers themselves: their psychological makeup and their motives. Through an examination of several scenarios, I will describe some of the techniques they deploy and the tools that aid them in their assaults, and how password crackers work both internally and externally to violate a company's infrastructure. Finally, the article provides a checklist to help protect you from password cracking.

Piggybacking unauthorized internet acces

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 20:08

Piggybacking refers to access of a wireless Internet connection by bringing one's own laptop computer within the range of another's wireless connection, and using that service without the subscriber's explicit permission or knowledge.

It is a legally and ethically controversial practice, with laws that vary by jurisdiction around the world. While completely outlawed or regulated in some places, it is permitted in others.

Forums: 

Video Camera Clickjacking

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 12:02

Web pages know what websites you’ve been to (without JS), where you’re logged-in, what you watch on YouTube, and now they can literally “see” and “hear” you (via Clickjacking + Adobe Flash). Separate from the several technical details on how to accomplish this feat, that’s the big secret Robert “RSnake” Hansen and myself weren’t able to reveal at the OWASP conference at Adobe’s request. So if you’ve noticed a curious post-it note over a few of the WhiteHat employee machines, that’s why. The rest of clickjacking details, which includes iframing buttons from different websites, we’ve already spoken about with people taking note.

Forums: 

Safari Carpet Bomb

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 11:54

I recently communicated 3 security issues in the Safari browser to Apple.

Apple let me know that they will fix 1 of the issues I reported. I will not discuss the vulnerability Apple has promised to fix until they release the fix because it is a high risk issue affecting Safari on OSX and Windows.

I let Apple know that I'd like to discuss the 2 issues they won't be fixing with the security community and they let me know they are fine with it. A quote from my last email to Apple:

...since you do not consider issue 1 and 2 to be security related, I will feel free to discuss my thoughts within the information security community. Just let me know if you would like me to wait for some amount of time before I do this.

Response from Apple: We understand if you want to discuss these in the security community.

Before I get to the details, I want to make it extremely clear that the Apple security team has been a pleasure to communicate with. I sent them a couple of emails asking for clarifications, and they responded quickly and courteously every time. I want to publicly acknowledge that I appreciate this very much.

Here are the issues I reported:

Forums: 

Hacking Google Gears' Cross-Origin Communication Model

Submitted by Cyberwarz1 on Mon, 05/17/2010 - 11:48

Google Gears is a well-known RIA infrastructure, used extensively by Google in various services such as Google Docs and Google Reader as well as in non-Google services such as MySpace, Zoho Writer and WordPress.

Gears is a browser extension that allows developers to create richer and more responsive web-applications. One of its key features is the ability to create web-applications that can run both online and offline transparently.
Some of the capabilities Gears introduces are:

  • A local server, to cache and serve application resources (HTML, JavaScript, images, etc.) without needing to contact a server
  • A database, to store and access data from within the browser
  • A worker thread pool, to make web applications more responsive by performing expensive operations in the background
  • The HttpRequest API, which implements a subset of the W3C XmlHttpRequest specification
  • A Geolocation API that enables a web application to obtain a user's geographical position

(The descriptions above are taken from the Google Gears documentation)

In my opinion, one of the nicest things in Gears is the way it is utilized. This is done by inserting JavaScript calls to Gears' API within the HTML code of the web-application. Therefore, unlike some of its alternatives, Gears can be integrated into existing web-applications easily and fluently.

Forums: 

Pages

Anonymous

#opTurkey: Pepper spray in turkish water cannons
Post date: 06/16/2013 - 16:29
DDoS Attacks On African National Congress Website
Post date: 06/14/2013 - 18:36
Anonymous Hacked Greek Court of Appeal
Post date: 06/13/2013 - 20:48
HACKTIVISTS OUT PHISHERMEN IN,RSA Report
Post date: 06/12/2013 - 13:51
Anonymous access email accounts in Turkish PM Erdogan's office
Post date: 06/05/2013 - 11:59

Hacking

Iranian Gmail accounts targeted by state-sponsored attack
Post date: 06/16/2013 - 23:07
Hackers take half million Dollar from Hospital, Probably gone to Russia
Post date: 06/05/2013 - 12:11
How safe is your webcam?
Post date: 06/03/2013 - 13:30
Greetings Government of Turkey, Anonymous - #opTurkey
Post date: 06/03/2013 - 13:06
The Netherlands: Banks must pay victims of Cybercrime
Post date: 05/30/2013 - 12:14

Infosec

Wire Transfer Company’s Tech Support Scam
Post date: 06/19/2013 - 18:42
WordPress E-Commerce Plugins Vulnerabilities
Post date: 06/19/2013 - 17:39
Google Docs hijacked by Trojan.APT.Seinup malware
Post date: 06/19/2013 - 16:59
Microsoft EMET Detect Eavesdrop Attack
Post date: 06/19/2013 - 11:47
Iran develops first national computer operating system
Post date: 06/19/2013 - 11:24

Cyberwarfare

TOP 3 Government Spyware tools: PRISM, FinSpy and BlueCoat
Post date: 06/11/2013 - 23:57
You will not win a war with Cyber alone
Post date: 06/11/2013 - 23:37
U.S. Could Use Cyberattack on Syrian Air Defenses
Post date: 05/19/2013 - 20:39
Microsoft Security Intelligence Report 14 released
Post date: 05/13/2013 - 14:11
Israel sets up 'secret' diplomatic mission in Persian Gulf
Post date: 05/13/2013 - 13:45