Thursday, December 29, 2011
Saturday, December 17, 2011
Thursday, December 15, 2011
WORK How To Break Into A Windows PC (And Prevent It From Happening To You)
Whether you’ve forgotten your password or you have a more malicious intent, it’s actually extremely easy to break into a Windows computer without knowing the password. Here’s how to do it, and how to prevent others from doing the same to you.
There are a few methods to breaking into a computer, each with their own strengths and weaknesses. We’ll go through three of the best methods, and nail down their shortcomings so you know which one to use—and how to exploit their weaknesses to keep your own computer secure.
The Lazy Method: Use a Linux Live CD to Get at the Files
If you don’t need access to the OS itself, just a few files, you don’t need to go through much trouble at all. You can grab any Linux live CD and just drag-and drop files onto a USB hard drive, as you would in any other OS.
How it Works
Just download the live .iso file for any Linux distribution (like theever-popular Ubuntu) and burn it to CD. Stick it in the computer you want to access and boot up from that CD. Pick “Try Ubuntu” when it comes up with the first menu, and it should take you right into a desktop environment. From here, you can access most of the hard drive just by going to the Places menu in the menu bar and choosing the Windows drive. It should see any NTFS drives just fine.
Note that depending on the permissions of some files, you might need root access. If you’re having trouble viewing or copying some files, open up a terminal window (by going to Applications > Accessories > Terminal) and type in gksudo nautilus, leaving the password blank when prompted. You should now have access to everything.
How to Beat it
The main problem with this method (apart from only giving you access to the file system) is that you won’t be able to access any encrypted files, even when using gksudo. So, if the owner of the computer has encrypted any of their files (orencrypted the entire OS), you won’t get very far.
The main problem with this method (apart from only giving you access to the file system) is that you won’t be able to access any encrypted files, even when using gksudo. So, if the owner of the computer has encrypted any of their files (orencrypted the entire OS), you won’t get very far.
Sneaky Command-Line Fu: Reset the Password with the System Rescue CD
If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You’ll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine.
How it Works
Just download the .iso file for the System Rescue Live CD and burn it to disc. Boot from the disc and hit the default option when the blue screen comes up. After everything loads and you’re presented with a command-line interface, type fdisk -l to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g. /dev/sda3.
Then, run the following command:
ntfs-3g /dev/sda3 /mnt/windows –o force
Make sure to replace /dev/sda3 with the partition you noted earlier. Next, cd to your Windows/System32/config directory with this command:
cd /mnt/windows/Windows/System32/config
We want to edit the SAM file in this folder, so type the following command to get a list of users:
chntpw –l SAM
Note the username you want to access, and then type the following command, replacing Whitson Gordon with the username in question.
chntpw –u “Whitson Gordon” SAM
At the next screen, choose the first option by typing the number 1 and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit y and press Enter. It should say OK, and then you can type reboot to reboot the computer. When you boot into Windows, you’ll be able to log in to that user’s account without a password.
How to Beat it
Once again, the downside to this method is that it’s vulnerable to encryption. Since clearing the password requires editing Windows system files, you won’t be able to do so if the user has encrypted their entire OS. If they’ve only encrypted a few files, though, you’ll still be able to access all the unencrypted stuff without problem.
Once again, the downside to this method is that it’s vulnerable to encryption. Since clearing the password requires editing Windows system files, you won’t be able to do so if the user has encrypted their entire OS. If they’ve only encrypted a few files, though, you’ll still be able to access all the unencrypted stuff without problem.
Brute Force: Crack the Password with Ophcrack
Where the other two methods are vulnerable to encryption, this method will give you full access to everything the user can access, including encrypted files, since this method relies on finding out the user’s password instead of bypassing it.
How it Works
We’ve actually gone through this method before, but it doesn’t hurt to have a refresher. All you need to do is download and burn the Ophcrack Live CD (use the Vista version if you’re cracking a Windows 7 PC) and boot from it on your computer. It’ll take a little bit of time to boot, but eventually it will bring you to a desktop environment and start attempting to crack passwords. This may take a while. You’ll see the passwords pop up in the top pane of the window, though, when it finds them (or, if it doesn’t find them, it’ll notify you). You can then reboot and log in to Windows using those passwords.
How to Beat it
While this method works on encrypted OSes, it can’t crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.
While this method works on encrypted OSes, it can’t crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.
There are a lot of methods to break into a Windows computer (in fact, we’ve featured some of them before), but these are a few of the best and most widely useful. Apart from encryption, very little can stop the first two methods, and on those occasions you have Ophcrack to possibly fall back on. Got your own favourite method for getting into your computer without a password?
Thursday, December 8, 2011
Hide data in files with easy steganography tools
Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink issteganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better.
You don't have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit.
Why stego?
Unlike encryption, which obscures data in such a way that it's obvious someone's keeping something from listeners-in (and therefore heightens interest in that info), stego techniques offer no hint to the outsider that there's any private data contained within the visible file. Like hiding your valuables from burglars in an empty cereal box in your kitchen cabinet, steganography keeps the existence of the secret item from everyone but those in the know.
In fact, right here in this Lifehacker logo image, there's a message hidden for you:
Here's how to go about decoding it.
Hide in Picture (Windows)
The free Hide in Picture (Windows only) embeds files into GIF or BMP images, and lets you set a password to retrieve the hidden file. The Hide in Picture interface is barebones, as you can see:
Use Hide in Picture to decode the message hidden in the image above. (Hint: the password is lhacker.)
Other free Windows tools offer more filetype support. wbStego can encode and decode files in PDF's, HTML files or bitmaps. mp3stegoembeds text inside MP3 files (command lineand GUI interface available.) Here are more Windows stego software options [viaWebby's World]. Be warned: while all of these tools work, none of them will win awards for being good-looking.
Pict Encrypt (Mac)
Similarly, the free Pict Encrypt (Mac only, thanks, Mirko!) adds text to GIF, JPEG, TIFF, PNG and MacPICT images, locks it with a password, and saves the file with hidden data as a PICT file. Its interface is a simple, barebones wizard that leads you through the encrypt and decrypt process. One difference between Pict Encrypt and Hide in Picture is that you don't embed another file; you actually enter your secret text into the Pict Encrypt wizard, as shown.
Pict Encrypt's text editor is pretty low level; some text navigation keys like Cmd-right arrow don't work, so be prepared.
Command line - cat your gif and zip
Finally, for those of you comfortable on the command line, reader Jason H. writes in with a nifty stego trick using built-in tools. The premise of this technique is to append a .zip file to the end of a .gif file, resulting in a file which is readable by both .gif programs and .zip programs.
Jason explains why this works (with the help, he says, from a long-lost thread at Something Awful):
It works because .gif files keep all of their information in the headers, while .zip files keep them in the footer. Since that's the case, .gif viewers read from the front of the file, while .zip readers read from the end.
Here's how to combine your .gif and .zip. At the Windows prompt use this command:
copy /B source.gif+source.zip target.gif
Or in Linux/Mac:
cat somefile.zip >> somefile.gif
The problem with this method is that not all zip programs can extract the resulting file. When I tried, both 7-Zip and Windows built-in extraction failed, but WinRAR handled it just fine. Still, that's something the intended recipient should know.
For double super-duper security, password the zip file that you hide inside the image. WinRAR and 7-Zip both let you add passwords to a zip archive.
Uses for stego
So now that you know how to hide files in files, why would you do it? Here are a few uses for stego:
- You suspect someone's illegally distributing your copyrighted PDF's or images, so you add hidden copyright information in them using stego tools to double-check.
- You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
- You want to embed secret files available only to a select few in a public forum.
- You want to impress your friends and co-workers with your sneaky ways.
Source : Lifehacker
How to Hide a Secret Code in an Audio File
If you've heard about the recent viral stunt put on the web site for the latest Batman film, you know it's possible to hide codes in an audio file. But did you know it's actually really easy to do? Here's how.
To encode, you're going to need Coagula(Windows-only), and to decode you'll needSonic Visualizer (Windows/Mac OS X/Linux). You can watch the video above for a visual walkthrough, but here are the steps you need to follow:
- Create an image you want to encode. White text on a black background works well, and it helps to have a small image without too much empty space. Save it out as a JPEG or BMP.
- Open the image in Coagula and click the setting for "Render Image as Audio Without Blue/Noise." Be sure to choose this option as the other rendering option will not work.
- When you're done a new audio file entitled "Coagula.wav" will be in the same folder as the Coagula application. You can either go grab that file or you can save it out to a location of your choice by choosing "Save Audio File" as from the file menu. That's it. Message encoded!
- To decode the message, open it in Sonic Visualizer. You'll see the audio spectrum but not the message. To view the message, go to the Layout menu and choose "Add Spectrogram" (any of the options in the submenu should be fine). You may need to adjust the way you're viewing it, but you should now be able to see your hidden message.
Pretty cool! For more neat ways to hide secret messages in your files, check out our steganography guide.
P.S. If you know any cross-platform tools for encoding the image as an audio file, please let us know in the comments.
Source : Lifehacker
Use Virtual Credit Card Numbers to Shop Safely Online, Keeping in Mind the Downsides
Virtual credit card numbers (or single-use credit cards) offer a layer of protection when shopping online, but many people aren't aware of these services and not all banks offer them. Here are a few tips on safely using a virtual credit card number.
We've mentioned virtual credit cards before as a way of thwarting identity thieves, but since then, a few programs like PayPal have shut down their service. Bank of America, Citibank, andDiscover remain the major US institutions that offer virtual numbers, through a company calledOrbiscom (you may find smaller or international financial institutions that offer virtual numbers from the company's clients list or from this Slashdot thread).
All of these services are designed to protect your real account number from identity thieves by generating a virtual one—usually with a dollar amount and timeframe you set yourself, for those cases when you buy things online from an unfamiliar website or want to set a spending limit. In Bank of America's ShopSafe program, for example, you can set the maximum spending amount to $1 and the virtual number to only be valid for 2 months.
This offers peace of mind and may also help prevent recurring or unwanted charges (I use a ShopSafe virtual card for my iTunes account to help prevent surprise charges from too many toddler app downloads). DailyFinance, however, warns that using a virtual card number comes with some downsides or risks:
- Virtual card numbers can't be used when you need to show a physical card as proof, such as at the car rental or to pick up tickets at a theater.
- It isn't 100% foolproof: some transactions over the maximum spending limit or the expiration date might still go through.
Definitely pay close attention to your credit card statements, whether you use a virtual credit card number or not, especially when shopping online.
Source : LifeHacker
Subscribe to:
Posts (Atom)