Skip to main content

Posts

Showing posts with the label Hacker

Stop Leaving Your Smartphone's Bluetooth On

Smartphone s If you always leave Bluetooth on your phone on, you might want to rethink things. A vulnerability known as BlueBorne was  discovered this week by security research firm Armis . With it, researchers were able to infiltrate Samsung Galaxy Phones and the Google Pixel as well as an LG Sports Watch and a car audio system, all by exploiting the Bluetooth connection. Other devices  are also vulnerable . Specifically, iPhones and iPads that haven’t been upgraded to iOS 10, as well as a number of other Android, Microsoft, and Linux products. A BlueBorne attack reportedly only takes 10 seconds to do and can give a hacker control of your Bluetooth-enabled device, even if it isn’t connected to anything when the attack begins. Google and Microsoft put out security patches to get rid of the vulnerability this week. If you haven’t updated your phone in the past few days, you should go ahead and do that right now. No really, do it now. The issue brings up a much bigger problem: you

What to Do If You Were Affected by the Equifax Hack 

Updated : Equifax’s  “security incident” earlier this week  affected 143 million Americans. That’s a huge number of people, which means that the chances that either you or someone you know being affected are pretty high. Equifax’s site was even providing positive results for fake social security numbers at one point. If you were one of the millions affected by the attack, then you have to figure out what to do next. CNET put together  a pretty good step by step  for people. Here are a few of its suggestions: Enroll in TrustedID Equifax is offering  a free year of TrustedID to everyone. The credit monitoring service “includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers.” Equifax faced a bit of backlash via social media when it made the offer, one because you have to wait to sign up o

7 Ways to Bypass Android's Secured Lock Screen

HOW TO: If you somehow forgot the pattern, PIN, or password that locks your Android device, you might think you're out of luck and are destined to be locked out forever. These security methods are hard to crack by design, but in many cases, it's not entirely impossible to break into a locked device. There are several different ways to hack a locked Android smartphone or tablet, but unfortunately, there's not a one-size-fits-all method. So below, I'll go over 7 of the most effective methods, and hopefully one will help you get back into your device. Method 1Use Android Device Manager For newer Android phones and tablets, a service called  Android Device Manager  is probably your best bet. As long as you're logged into your Google account, you can use any device or computer to access the service, which is available at  this link . As counterintuitive as it may sound, start by clicking the "Lock" button once Android Device Manager gets a fix on your devi

HOW TO HACK WI-FI Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher

 hackers! Do you need to get a Wi-Fi password but don't have the time to  crack it ? In previous tutorials, I have shown how to crack  WEP ,  WPA2 , and  WPS , but some people have complained that cracking WPA2 takes too long and that not all access points have WPS enabled (even though quite a few do). To help out in these situations, I present to you an almost surefire way to get a Wi-Fi password without cracking— Wifiphisher . Steps in the Wifiphisher Strategy The idea here is to create an  evil twin AP , then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing. Brilliant! To sum up, Wifiphisher takes the following steps: De-authenticate the user from their legitimat

How to Boost Your Credit—or Build it Up From Nothing

Now that you know  how credit works , you probably want to know how to make it work  better . While nothing is better for your credit than paying your bills in full and on time, there are ways to give it a boost. Like it or not,  credit matters . It’s also complicated. In our “Everything You Need to Know About Credit” series, we’re breaking down the basics. When a lender or landlord looks at your credit, they’re not just looking for a three digit number, they want to know how you actually handle credit. That’s why your credit report is more important than your score. That said, your score matters, too, and the good news is, there are shortcuts for boosting it in a relatively short amount of time. And if you don’t have credit at all — let’s say you’re a teenager about to start college — your biggest focus should be on building up a credit history. That way you can apply for student loans, apartments, and make sure you  aren’t gouged on bills . Here are some options for building or re

INJECTING CODE INTO MOUSE FIRMWARE SHOULD BE YOUR NEXT HACK

Here’s a DEF CON talk that uses tools you likely have and it should be your next hacking adventure. In their  Saturday morning talk  [Mark Williams] and [Rob Stanely] walked through the process of adding their own custom code to a gaming mouse. The process is a crash course in altering a stock firmware binary while still retaining the original functionality. The jumping off point for their work is the esports industry. The scope of esporting events has blown up in recent years.  The International 2016 tournament  drew 17,000 attendees with 5 million watching online. The prize pool of $20 million ($19 million of that crowdfunded through in-game purchases) is a big incentive to gain a competitive edge to win. Contestants are allowed to bring their own peripherals which begs the questions: can you alter a stock gaming mouse to do interesting things? The  steelseries Sensei  mouse was selected for the hack because it has an overpowered mircocontroller: the STM32F103CB. With 128 KB of fl

Protect your identity and online activity with this secure VPN

Covering your download tracks isn’t the only reason to invest in a VPN service—high-profile hacks and data dumps in recent years have shone a brighter light on online security issues than ever before. It's not just public figures who are at risk, and VPNs have increased in popularity even for casual browsing due to reported extreme government surveillance. Whether it's securing your connection at the cafe down the street, or protecting your local network from prying eyes,  Private Internet Access  is one all-encompassing solution to your online safety. Like most leading VPN services, it masks your location and IP address, encrypts browsing activity, and lets you bypass regional content locks - a tool that is especially valuable while traveling. But where Private Internet Access excels is in actively blocking ads, tracking cookies, and malware—some of the primary sources for compromised privacy. Most importantly, however, Private Internet Access can’t leak any personal informa

Receive Hackspace WiFi Code

When you are running a hackspace, network security presents a particular problem. All your users will expect a wireless network, but given the people your space will attract, some of them are inevitably going to be curious enough to push at its edges. Simply plugging in a home WiFi router isn’t going to cut it. At Santa Barbara Hackerspace they use Unifi access points on their wireless network, and their guest network has a system of single-use codes to grant a user 24-hour access. The system has the ability to print a full sheet of codes that can be cut individually, but it’s inconvenient and messy. So the enterprising hackspace members have used a Raspberry Pi and a receipt printer to  deliver a single code on-demand at the press of a button . The hardware is simple enough, just a pull-up and a button to a GPIO on the Pi. Meanwhile the software side of the equation has a component on both client and server. At the server end is a Python script that accesses the Unifi MongoDB datab

Hacker reportedly steals iPhone cracking tools used in shooting case

Apple and the FBI went to war last year over an iPhone owned by San Bernardino, California, shooter Syed Farook, and whether or not the FBI should be granted access to that phone. Apple argued that doing so set a dangerous precedent for data privacy in general, while the FBI insisted it was a matter of national security. In the end, the battle abruptly ended when the FBI reportedly decided to work with Israeli firm Cellebrite, which said it would be able to hack the phone with or without Apple’s help. Now, however, it seems as though Cellebrite has been hacked — and that hacker has publicly released some of that data to try and send a warning to the FBI. The data includes some code that is reportedly related to the Universal Forensic Extraction Device that can crack iPhones like the iPhone 5c, as well as some Android phones. More:  Lawsuit: Apple broke FaceTime in iOS 6 on purpose, blamed it on a “bug” In a  Motherboard report , the hacker said the creation of such tools makes thei