Thursday, December 29, 2011
Saturday, December 17, 2011
Thursday, December 15, 2011
WORK How To Break Into A Windows PC (And Prevent It From Happening To You)
Whether you’ve forgotten your password or you have a more malicious intent, it’s actually extremely easy to break into a Windows computer without knowing the password. Here’s how to do it, and how to prevent others from doing the same to you.
There are a few methods to breaking into a computer, each with their own strengths and weaknesses. We’ll go through three of the best methods, and nail down their shortcomings so you know which one to use—and how to exploit their weaknesses to keep your own computer secure.
The Lazy Method: Use a Linux Live CD to Get at the Files
If you don’t need access to the OS itself, just a few files, you don’t need to go through much trouble at all. You can grab any Linux live CD and just drag-and drop files onto a USB hard drive, as you would in any other OS.
How it Works
Just download the live .iso file for any Linux distribution (like theever-popular Ubuntu) and burn it to CD. Stick it in the computer you want to access and boot up from that CD. Pick “Try Ubuntu” when it comes up with the first menu, and it should take you right into a desktop environment. From here, you can access most of the hard drive just by going to the Places menu in the menu bar and choosing the Windows drive. It should see any NTFS drives just fine.
Note that depending on the permissions of some files, you might need root access. If you’re having trouble viewing or copying some files, open up a terminal window (by going to Applications > Accessories > Terminal) and type in gksudo nautilus, leaving the password blank when prompted. You should now have access to everything.
How to Beat it
The main problem with this method (apart from only giving you access to the file system) is that you won’t be able to access any encrypted files, even when using gksudo. So, if the owner of the computer has encrypted any of their files (orencrypted the entire OS), you won’t get very far.
The main problem with this method (apart from only giving you access to the file system) is that you won’t be able to access any encrypted files, even when using gksudo. So, if the owner of the computer has encrypted any of their files (orencrypted the entire OS), you won’t get very far.
Sneaky Command-Line Fu: Reset the Password with the System Rescue CD
If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You’ll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine.
How it Works
Just download the .iso file for the System Rescue Live CD and burn it to disc. Boot from the disc and hit the default option when the blue screen comes up. After everything loads and you’re presented with a command-line interface, type fdisk -l to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g. /dev/sda3.
Then, run the following command:
ntfs-3g /dev/sda3 /mnt/windows –o force
Make sure to replace /dev/sda3 with the partition you noted earlier. Next, cd to your Windows/System32/config directory with this command:
cd /mnt/windows/Windows/System32/config
We want to edit the SAM file in this folder, so type the following command to get a list of users:
chntpw –l SAM
Note the username you want to access, and then type the following command, replacing Whitson Gordon with the username in question.
chntpw –u “Whitson Gordon” SAM
At the next screen, choose the first option by typing the number 1 and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit y and press Enter. It should say OK, and then you can type reboot to reboot the computer. When you boot into Windows, you’ll be able to log in to that user’s account without a password.
How to Beat it
Once again, the downside to this method is that it’s vulnerable to encryption. Since clearing the password requires editing Windows system files, you won’t be able to do so if the user has encrypted their entire OS. If they’ve only encrypted a few files, though, you’ll still be able to access all the unencrypted stuff without problem.
Once again, the downside to this method is that it’s vulnerable to encryption. Since clearing the password requires editing Windows system files, you won’t be able to do so if the user has encrypted their entire OS. If they’ve only encrypted a few files, though, you’ll still be able to access all the unencrypted stuff without problem.
Brute Force: Crack the Password with Ophcrack
Where the other two methods are vulnerable to encryption, this method will give you full access to everything the user can access, including encrypted files, since this method relies on finding out the user’s password instead of bypassing it.
How it Works
We’ve actually gone through this method before, but it doesn’t hurt to have a refresher. All you need to do is download and burn the Ophcrack Live CD (use the Vista version if you’re cracking a Windows 7 PC) and boot from it on your computer. It’ll take a little bit of time to boot, but eventually it will bring you to a desktop environment and start attempting to crack passwords. This may take a while. You’ll see the passwords pop up in the top pane of the window, though, when it finds them (or, if it doesn’t find them, it’ll notify you). You can then reboot and log in to Windows using those passwords.
How to Beat it
While this method works on encrypted OSes, it can’t crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.
While this method works on encrypted OSes, it can’t crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.
There are a lot of methods to break into a Windows computer (in fact, we’ve featured some of them before), but these are a few of the best and most widely useful. Apart from encryption, very little can stop the first two methods, and on those occasions you have Ophcrack to possibly fall back on. Got your own favourite method for getting into your computer without a password?
Thursday, December 8, 2011
Hide data in files with easy steganography tools
Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink issteganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better.
You don't have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit.
Why stego?
Unlike encryption, which obscures data in such a way that it's obvious someone's keeping something from listeners-in (and therefore heightens interest in that info), stego techniques offer no hint to the outsider that there's any private data contained within the visible file. Like hiding your valuables from burglars in an empty cereal box in your kitchen cabinet, steganography keeps the existence of the secret item from everyone but those in the know.
In fact, right here in this Lifehacker logo image, there's a message hidden for you:
Here's how to go about decoding it.
Hide in Picture (Windows)
The free Hide in Picture (Windows only) embeds files into GIF or BMP images, and lets you set a password to retrieve the hidden file. The Hide in Picture interface is barebones, as you can see:
Use Hide in Picture to decode the message hidden in the image above. (Hint: the password is lhacker.)
Other free Windows tools offer more filetype support. wbStego can encode and decode files in PDF's, HTML files or bitmaps. mp3stegoembeds text inside MP3 files (command lineand GUI interface available.) Here are more Windows stego software options [viaWebby's World]. Be warned: while all of these tools work, none of them will win awards for being good-looking.
Pict Encrypt (Mac)
Similarly, the free Pict Encrypt (Mac only, thanks, Mirko!) adds text to GIF, JPEG, TIFF, PNG and MacPICT images, locks it with a password, and saves the file with hidden data as a PICT file. Its interface is a simple, barebones wizard that leads you through the encrypt and decrypt process. One difference between Pict Encrypt and Hide in Picture is that you don't embed another file; you actually enter your secret text into the Pict Encrypt wizard, as shown.
Pict Encrypt's text editor is pretty low level; some text navigation keys like Cmd-right arrow don't work, so be prepared.
Command line - cat your gif and zip
Finally, for those of you comfortable on the command line, reader Jason H. writes in with a nifty stego trick using built-in tools. The premise of this technique is to append a .zip file to the end of a .gif file, resulting in a file which is readable by both .gif programs and .zip programs.
Jason explains why this works (with the help, he says, from a long-lost thread at Something Awful):
It works because .gif files keep all of their information in the headers, while .zip files keep them in the footer. Since that's the case, .gif viewers read from the front of the file, while .zip readers read from the end.
Here's how to combine your .gif and .zip. At the Windows prompt use this command:
copy /B source.gif+source.zip target.gif
Or in Linux/Mac:
cat somefile.zip >> somefile.gif
The problem with this method is that not all zip programs can extract the resulting file. When I tried, both 7-Zip and Windows built-in extraction failed, but WinRAR handled it just fine. Still, that's something the intended recipient should know.
For double super-duper security, password the zip file that you hide inside the image. WinRAR and 7-Zip both let you add passwords to a zip archive.
Uses for stego
So now that you know how to hide files in files, why would you do it? Here are a few uses for stego:
- You suspect someone's illegally distributing your copyrighted PDF's or images, so you add hidden copyright information in them using stego tools to double-check.
- You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
- You want to embed secret files available only to a select few in a public forum.
- You want to impress your friends and co-workers with your sneaky ways.
Source : Lifehacker
How to Hide a Secret Code in an Audio File
If you've heard about the recent viral stunt put on the web site for the latest Batman film, you know it's possible to hide codes in an audio file. But did you know it's actually really easy to do? Here's how.
To encode, you're going to need Coagula(Windows-only), and to decode you'll needSonic Visualizer (Windows/Mac OS X/Linux). You can watch the video above for a visual walkthrough, but here are the steps you need to follow:
- Create an image you want to encode. White text on a black background works well, and it helps to have a small image without too much empty space. Save it out as a JPEG or BMP.
- Open the image in Coagula and click the setting for "Render Image as Audio Without Blue/Noise." Be sure to choose this option as the other rendering option will not work.
- When you're done a new audio file entitled "Coagula.wav" will be in the same folder as the Coagula application. You can either go grab that file or you can save it out to a location of your choice by choosing "Save Audio File" as from the file menu. That's it. Message encoded!
- To decode the message, open it in Sonic Visualizer. You'll see the audio spectrum but not the message. To view the message, go to the Layout menu and choose "Add Spectrogram" (any of the options in the submenu should be fine). You may need to adjust the way you're viewing it, but you should now be able to see your hidden message.
Pretty cool! For more neat ways to hide secret messages in your files, check out our steganography guide.
P.S. If you know any cross-platform tools for encoding the image as an audio file, please let us know in the comments.
Source : Lifehacker
Use Virtual Credit Card Numbers to Shop Safely Online, Keeping in Mind the Downsides
Virtual credit card numbers (or single-use credit cards) offer a layer of protection when shopping online, but many people aren't aware of these services and not all banks offer them. Here are a few tips on safely using a virtual credit card number.
We've mentioned virtual credit cards before as a way of thwarting identity thieves, but since then, a few programs like PayPal have shut down their service. Bank of America, Citibank, andDiscover remain the major US institutions that offer virtual numbers, through a company calledOrbiscom (you may find smaller or international financial institutions that offer virtual numbers from the company's clients list or from this Slashdot thread).
All of these services are designed to protect your real account number from identity thieves by generating a virtual one—usually with a dollar amount and timeframe you set yourself, for those cases when you buy things online from an unfamiliar website or want to set a spending limit. In Bank of America's ShopSafe program, for example, you can set the maximum spending amount to $1 and the virtual number to only be valid for 2 months.
This offers peace of mind and may also help prevent recurring or unwanted charges (I use a ShopSafe virtual card for my iTunes account to help prevent surprise charges from too many toddler app downloads). DailyFinance, however, warns that using a virtual card number comes with some downsides or risks:
- Virtual card numbers can't be used when you need to show a physical card as proof, such as at the car rental or to pick up tickets at a theater.
- It isn't 100% foolproof: some transactions over the maximum spending limit or the expiration date might still go through.
Definitely pay close attention to your credit card statements, whether you use a virtual credit card number or not, especially when shopping online.
Source : LifeHacker
Monday, October 24, 2011
iPad II security vulnerability – bypass lock code of iPad using smart cover.. With solution
Ok so we got the cool looking iPad smart cover and it has an feature that allows the iPad to get locked when the cover is on.
If you have set a numerical password for your iPad using settings > general > pass codes on
And
iPad cover lock is also set to on
Your iPad with latest IOS 5 is vulnerable with a lock code bypass vulnerability
Here is how to reproduce this vulnerability
1. Lock your iPad either using power button, keeping it idle, closing the smart cover etc.
2. Keep the power button pressed till slide to power off screen appears
3. At this screen close your smart cover
4. Open your smart cover and click cancel
you are in … Without having to enter the code..
2. Keep the power button pressed till slide to power off screen appears
3. At this screen close your smart cover
4. Open your smart cover and click cancel
you are in … Without having to enter the code.... Wait for a formal patch from Apple..
Well guys… Just got an update from Saumil .. You can not do any changes to apps but you can still view unlocked screen…
Once you press home button you would be returned to the locked screen again..
Still discloses where you locked your iPad..
Tuesday, August 16, 2011
Show Desktop icon missing from Quick Launch bar - how to restore it (Windows 98 to Vista, not 7)
In Windows 7, the Show Desktop icon is no longer a susceptible shortcut on a Quick Launch bar. It has been superseded by a button permanently located on the extreme RHS of the taskbar. That will mean it can never go missing again. It took Microsoft 11 years to come up with that simple much-needed fix.
Be that as it may, since you are reading this page, it is probable you are using a version of Windows earlier than 7. In which case, if it is your complete Quick Launch bar which is missing, you should go to our separate article about the QLB. Or, if your QLB is present and correct, and just your Show Desktop icon is missing from it, please read on.
The single most important icon on a Quick Launch toolbar is, without doubt, the Show Desktop icon. One click on this shortcut icon instantly minimises all open windows down to buttons on the taskbar. This is very useful anytime you want to get to a standard shortcut on the desktop which is obscured behind opened windows. Another click on the Show Desktop icon will unminimise the minimised windows. Hence, if the Quick Launch bar is in place, but the Show Desktop icon is missing from it, this is a serious inconvenience.
If the Show Desktop icon cannot be seen, that does not necessarily mean it has completely gone from the computer. The icon may still be lurking on there somewhere. The checks in items 1, 2 & 3 next will establish if that be the case and, if so, will explain how to return the icon to where it belongs on the QLB. However, if going though items 1, 2 & 3 establishes the icon really has gone for good, or you already know that for a fact, then subsequent item 4 contains instructions for creating a brand new replacement icon. Whatever your problem turns out to be, you will find it is, fortunately, in every case, quite easy to fix.
(1) The absent icon might merely be hiding somewhere. If you can see a double chevron at the right-hand edge of the Quick Launch bar, that means there are hidden icons on it. Click the chevron and check if the Show Desktop icon is one of the hidden ones. Icons can, unfortunately, be shunted from their normal, visible position on the QLB if a newly-installed program has inserted its own icon on the toolbar, or if a user has moved the icons about. If clicking the double-chevron revealed the Show Desktop icon to be there, use the left-hand mouse button to drag the icon to its historical position next to the Start button. If the icon is definitely not there, move on to item 2 next.
(2) If the Show Desktop icon was not revealed by clicking the double-chevron, or there was no chevron anyway, the next possibility is that somebody might have accidentally dragged the icon off the Quick Launch bar onto the desktop. Look carefully through all the icons on the desktop. If you see the icon there, use the right-hand mouse button to drag it back on to the Quick Launch bar > when you see a vertical insertion bar appear, drop the icon > from the context menu, choose Move Here. If you have trouble moving the icon see tip 1 in the tips' box in the RH column.
(3) If the icon was not hiding, nor residing somewhere on the desktop, the next possibility is that somebody might have accidentally or maliciously deleted the icon and, with luck, it may still be in the Recycle Bin. Double-click on the Recycle Bin icon to open the bin and look through the contents to see if there is a file in there called Show Desktop. If there isn't, jump down to the next item (4). If there is, right-click on it and click Restore. This will move the icon back to whichever folder it was in at the time somebody deleted it. Look to see if it has been restored directly to the Quick Launch bar. If you can't see it there, click the chevrons as it may be hidden behind them. If you see the icon there, use the left mouse button to drag it to its rightful place next to the Start button. If the restored icon is nowhere to be seen on the Quick Launch bar, look on the desktop for it. If it's not there either, do a normal file search of your computer's C: drive for 'Files and folder' named Show Desktop and, provided such a file is found, and is in a folder other than the Windows directory, use the right-hand mouse button to drag it onto the Quick Launch bar.
N.B. You should choose to unhide system files for the above file search to be effective. If a file named Show Desktop was found, but it was inside the Windows directory, ignore it and jump down to Method B below to continue.
(4) If, after carrying out the above checks, you are still minus the Show Desktop icon, that means the corresponding file has somehow been erased from your hard disk. The icon is not an ordinary (.lnk) shortcut file but something called a 'Windows Explorer Command' (a .scf file). The command file requires a special process in order to restore it. It is no use looking in Windows' local Help for assistance either, as there is no mention in there of how to restore the icon. An inexcusable omission.
We actually know of five different ways to restore a permanently erased Show Desktop icon and we cover the four most intrinsic ones in this article. The four methods are quite varied in their means of approach, so we suggest you simply use the first one you come to that suits the way you personally like to go about things on Windows. If you like using Notepad, Method A is good. If you like downloading zip files, Method B is good. Methods A and B will work for all versions of Windows from Windows 98 thru XP and Vista. Methods C & D are only available to users of Windows 98 or Me. The difference being, in the case of NT-based systems e.g. XP, you will have lost the icon's original file, so a new one will be needed. But, in the case of DOS-based systems e.g. Win 98, the icon's original file will not have been erased, only a replica of it, so a replacement replica is all that is required.
Method A involves recreating the missing file from scratch. But it only needs Windows Notepad to do so, and is really easy to do. With Method B, we have already created the icon file (using Notepad) in a zip file - so it merely needs downloading from here. Ideal if you like the really easy life! Method C (98 or Me only) works by substituting a normal shortcut for the missing Windows command, but the end result will look and work just the same as if you had used Method A or B. Also, Method C uses routine Windows' procedures that anyone except a complete beginner should find familiar. Method D© is unique to this website (but 98 or Me only). It is a super-fast variation on Method C which can have a substitute shortcut in place in 25 seconds flat.
Continued from LH col. 
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Method A - Use Notepad to recreate a 'Show Desktop.scf' file - Windows 98 thru XP & Vista
1. Open Notepad and either type in or paste in the five command lines you can see in Fig 2. The text needs to be exactly as shown - except that the capital letters are optional. If you are using Vista, and prefer to have Vista's new icon design, change the middle line of text, after pasting it into Notepad, to read...
IconFile=shell32.dll,34
2. Save the Notepad file to your desktop as Show Desktop.scf. To do so, click File > Save As... > at 'Save in', choose Desktop > at 'File name', type in Show Desktop.scf * > at 'Save as type', choose 'All Files (*.*)' > Save > close Notepad.
* The file has to be named exactly as shown, including the white space and the capital letters. This is because the name part (extension excluded) also serves as the hover label (tool tip) for the new icon.
3. After step 2, you will have acquired an icon on your desktop, the same as or similar to the example in Fig 1 right. Using the right-hand mouse button, drag the icon over the Quick Launch bar, release the mouse button only when you see the insertion bar and, at the context menu which appears, left-click on Move Here. If you have trouble moving the icon see tip 1 in the RH column. Finally, use the left mouse button to drag the icon so it is next to the Start button, and that's it, finished.
N.B. If you use Windows XP or Vista, you may find that adding a new shortcut to the Quick Launch bar causes the taskbar to double in height. If this happens, right-click on the taskbar, untick 'Lock the Taskbar', and then you should be able to drag down its height.
Subscribe to:
Posts (Atom)