Hack to Learn Everything -- One stop Learning Point: crack

Showing posts with label crack. Show all posts

Friday, 27 December 2013

Researchers report security flaw in Samsung's Galaxy S4

09:00 crack, Cyber news, patch, Settig up VPN, Vulnerabilities No comments

Researchers report security flaw in Samsung's Galaxy S4

Here's some Grinchy news for those of you who put Samsung's Galaxy S4 on your holiday wish list: Israeli researchers have identified a vulnerability in the smartphone that allegedly allows a hacker to easily intercept secure data.

We did not immediately hear back from Samsung with a response to the reported flaw, but the company has told The Wall Street Journal and other news outlets that it's looking into the issues and thus far doesn't believe the problem is as serious as the researchers present in their findings.

The report comes not only as many Galaxy S4 phones sit wrapped up under Christmas trees, but also as Samsung pitches its new Knox security platform, used in the device, to federal agencies like the Department of Defense.

The Knox software offers high-level encryption, a VPN feature, and a way to separate personal data from work data. It also enables IT administrators to manage a mobile device through specific policies, and Samsung hopes it will appeal to security-sensitive clients as a replacement for BlackBerry devices. Knox-enabled devices have already been approved by the Pentagon for government use.

The alleged vulnerability was discovered earlier this month by researchers at Ben-Gurion University's Cyber Security Labs. Specifically, they say while the Knox is the most advanced security-driven infrastructure for mobile phones, the alleged flaw enables malicious software to track e-mails and record data communications. The flaw was uncovered by Ph.D. student Mordechai Guri during an unrelated research task.

"Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands," he said. "We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately."

via Online Sources

Team- Hack4friends

Target data stolen in hack showing up on black market --

01:15 crack, cyber attack, Cyber news, FBI, Wireless Pentesting No comments

Target data stolen in hack showing up on black market

As if the Target hack ordeal couldn't get any worse -- data from the retail chain's massive security breach stolen between November 27 and December 15 is popping up in huge quantities on the black market, The New York Times reported Friday.

After Target conceded Thursday that its in-store point-of-sale systems were indeed hacked, compromising as many as 40 million debit and credit card accounts, fraud industry experts are seeing the information flood online card-selling markets to the tune of a "ten- to twentyfold increase" in high-value cards.

The hack, which affected only shoppers who made purchases physically at Target stores and not online customers, was a sophisticated operation. It allowed the hackers to glean customer names, credit and debit card numbers, expiration dates, and three-digit security codes from customers, data that can then be burned onto counterfeit cards and sold on the black market typically for $20 to $45 apiece.

However, Brian Krebs, the security blogger who broke the story of the breach, reported Friday that batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card.

Target CEO Gregg Steinhafel released a statement assuring customers that no one will be held responsible for fraudulent charges and that only a few instances of fraud had since been reported. That echoes a sentiment by Visa yesterday in a statement to CNET in which a company spokesperson said, "Because of advanced fraud-monitoring capabilities, the incidence of fraud involving compromised accounts is actually rare, and Visa fraud rates remain near historic lows."

Steinhafel also said that no PINs had been compromised, a grave concern for those potentially affected as compromised PINs would allow one in possession of a counterfeit card to withdraw cash from an ATM. He added that Target had no reason to believe that customers' Social Security numbers or dates of birth were scooped up in the hack.

Target expects to have notified all 40 million of those affected via e-mail by the end of the weekend. In an attempt to save itself for what will inevitably be a disastrous hit to its holiday sales, Steinhafel also announced a promotion:

Team-Hack4friends

Google upgraded its web security certificate to 2048-bit encryption

17:25 crack, Cyber news, Google hacking, security news No comments

Google upgraded its web security certificate to 2048-bit encryption

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.

The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.

That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren't in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.

Click to enlarge this image

Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.

Google said it beat its internal end-of-year deadline for the 2,048-bit move. It's also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making.

In other words, the Net's technology giants are working actively to make surveillance, authorized or not, significantly harder.

"Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can't guarantee security," tweeted Strobe Talbott, president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.

There's a lot of work to be done yet, though.Google also supports a standard called "forward secrecy," which uses different keys for different sessions so that decrypting a single message doesn't mean previous messages can likewise be decrypted using the same key. But many other Net giants don't support forward secrecy -- though that's changing, too.

Source -Online media

Team Hack4friends

If you little like our posts/article then share them with your friends and other people to spread our voice throughout the world.

How to hack (Brute Force) gmail account with backtrack 5

02:02 crack, crack password, Gmail hacking, Password No comments

How to hack (Brute Force) gmail account with backtrack 5

Sorry for late posting on blog also on our facebook page infact i was very busy in my some projects but NOW I M BACK.

Today i am here posting a very good and old method to hack any email id {e.g: gmail,ymail,etc} as you know "OLD IS GOLD".

This method is known as Brute-Force Attack. I had added self explanatory images to use special tool of backtrack5 (any version) but i'm using BT5-R3 .

You need two thing here...

1. Backtrack 5 (preferable R3 version) with internet connectivity

2. Little piece of Mind

Now read carefully throughout this article at last you will find you as EMAIL PASS CRACKER.

I'm considering that you are little familiar with backtrack . so just make your own password list to attack on victim email and now save it as "pass.txt" or whatever you want to give name.