Tag Archives: hacking

Latest Mac Flashback Trojan Threatens Mac Users With Java Enabled

3
Posted by on in Apple, Browsers, Internet, Security, Software
Mac?!

Mac?! (Photo credit: Kramchang)

It’s being reported that the newest version of Mac Flashback Trojan can now exploit Java engine in Mac OS X, all versions of Mac OS X I guess.  It bypasses the administrator privilege protection, and so it can install itself onto any Mac machine with Java enabled without the need to use an administrator password.  As now, Apple has yet to release a security fix to counteract Mac Flashback Trojan’s Java exploit, therefore I think it’s best for you to disable Java plugin for your browsers!

Should you disable Java on Mac altogether?  Yes, but unfortunately Java is so interconnected with Mac OS X (all versions), therefore I do not yet know how to disable Java on Mac.  If you know, please write a comment or two and share your knowledge with my blog’s readers.  Anyhow, the easy quick fix for now is not to use Java in any browser that you use on Mac.

Without further ado, now I’m going into how to disable Java on the most popular browsers that you can use on Mac.  These browsers will have to be Safari, Firefox, Chrome, and Opera!  So check the instructions below…

  • Safari – disable Java, you need to go to Safari > Preferences > Security > and uncheck the box that says Enable Java.
  • Firefox – disable Java, you need to go to Tools > Add-ons > Plugins > and disable the Java Applet Plug-in plugin.
  • Chrome – disable Java, you need to type in about:plugins in the browser address bar and disable the Java plugin.
  • Opera – disable Java, you need to go to Tools > Advanced > Plug-Ins > and disable the Java Applet Plug-in.

Please don’t confuse Java with Javascript!  These two are different from each other!  Nonetheless, let me digress a little.  Javascript can also be dangerous sometimes, therefore you can disable Javascript by using popular extensions that are made available for certain popular browsers!  In Firefox, you can use Noscript extension.  In Chrome, you can try out the ScriptNo extension.  I don’t know any extension that can disable Javascript for Safari and Opera.

Sources:

Related articles

Ghost in the Wires Describes Riveting Details Of A Legendary Hacker Kevin Mitnick

1
Posted by on in Anything Goes, Security
Kevin Mitnick

Image by Vítor Baptista via Flickr

Kevin Mitnick was a man who had witnessed his reputation preceded him in ways that he could not have ever imagined.  His past reputation was so prolific in unbelievable manner which had myths built higher in stack, and the myths were about how he had stolen software worth more than $300 million, secrets from covert agencies, and much more.  In fact, he was more of a hacker who had taken the challenges to hack into various phone companies and big tech companies, and the successful penetrations of their servers and networks would most likely be his greatest trophies.  Instead of selling his trophies of source codes of various software he had siphoned away from various well known corporations, he kept them as proofs for how he had hacked into what thought to be digital fortresses.

Even after Kevin Mitnick was able to walk out of the prison, he was forbidden by law not to use any communication technology.  According to Wikipedia and I quote, “Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.”  – source:  http://en.wikipedia.org/wiki/Kevin_Mitnick.  Now Kevin Mitnick is living a lifestyle which in a way is way better than how he had lived before, but he can go on hacking without getting into troubles with the law and getting jailed for.  How?  He is making more money by consulting various companies on computer security and ethically hacking into the companies that hire him for his knowledge.  He is currently running Mitnick Security Consulting LLC as a computer security consultancy company.

Kevin Mitnick has a book out which he tells all about his past experiences of avoiding the law and on the run while he was deeply into hacking phone companies and various other tech giants.  Ghost in the Wires was written by two men team.  Kevin Mitnick had teamed up with bestselling author William L. Simon for the writing of Ghost in the Wires.  In the acknowledgements section, Kevin Mitnick called William L. Simon as Bill Simon if I’m not mistaken.  Within this book, Kevin Mitnick described how he was able to social engineer just about anybody on the other end of the phone so he could gain valuable information to further his hacking activities.  With quick thinking and was able to be uncanny in remembering long phone numbers, Kevin Mitnick had no trouble in combining his social engineering and computing skills together to successfully hack into well known phone companies and tech giants.  In fact, Kevin Mitnick was so successful at social engineering and computer hacking, he was able to manufacture his own fake identities.  The book goes on describing how Kevin Mitnick had to hack social security administration, department of motor vehicles, and others so he could manufacture his own fake identities.  Even fake birth certificates were within Kevin Mitnick’s reach.

Ghost in the Wires has some funny moments that describe how naughty Kevin could be with his hacking skill.  I don’t want to spoil such funny moments for you, and so it’s best that you read his whole book on your own and laugh at how naughty Kevin Mitnick was with his social engineering and hacking skills.  Besides the few hilarious moments, I have to admit Ghost in the Wires shows us that determined hackers can accomplish digital magics which we like to think such tricks cannot be done.  Fortunately for those entities which Kevin Mitnick had hacked into while he was living the life of a fugitive, Kevin Mitnick wasn’t out to sell their secrets and made big profits for himself.  Nonetheless, can we say the same for some hackers of today?  Of course, there might be few hackers who have the same spirit as the old and the new Kevin Mitnick, but I think there might be more crackers than hackers.

In summary, Ghost in the Wires was a great read for me.  The writing style was down to earth.  I’d moments of laughter as how Kevin Mitnick had coyly tricked the adversaries through his social engineering and computer hacking skills.  The book was written with everyday people in mind, and so even the readers who could not understand the technical details might not have to miss much.  In fact, reading Ghost in the Wires, I thought I was reading a thriller novel or watching a thriller film.  Honestly, it was great to finally read what Kevin Mitnick had to say for himself in his very own book.  I found his details were riveting.  Especially how he had described his encounters with law enforcement.  Hard to forget moments were how law enforcement officials convinced the judge that Kevin Mitnick could start a nuclear war by whistling into a pay phone and how Kevin Mitnick himself would think the judge at one point thought he could connect to the Internet in prison through a laptop which had not a connection to the Internet (she did not allow Kevin Mitnick the use of a laptop to review the evidences that pertained to his case with a lawyer).

Related articles

Can Hacking Be A Financial Instrument?

3
Posted by on in Security
Globe icon.

Image via Wikipedia

As financial instruments that keep nations stay healthy find to be less effective, nations are facing direr prospects of having to see their economies slowly inch closer to unsustainable conditions.  Imagine China continues to see United States prints more dollars out of thin air to devalue the dollar so United States’ exports can be competitive against the rest of the world, and China will face higher import costs to produce lesser profitable export goods since Chinese yuan is pegging against dollar.  As China isn’t so willingly to revalue yuan and allowing yuan to appreciate against dollar, China forces United States to print more money than ever to devalue the dollar so United States can stay competitive in exporting its goods.  United States knowing that exporting more will create jobs at home, consequently taming the wild beasts of deflation and unemployment that will lead to a healthier economy in near term or however long the United States can print money and China won’t scream foul.

Let assume China and United States are going to be locked in a currency war for a long time to come, and the financial instruments of both sides aren’t that effective since both sides might be able to dish out comparable damages, a tic for tac kind of things.  Seeing from this perspective, one can see why United States is so concerning about cyber security.  Once the usual financial instruments aren’t that effective, an oppose entity (e.g., nation, country, faction, coalition, and so on) can try to use a stealthier and more malicious mean to gain some advantages in regarding to world trade and a nation’s financial matters, and we’re talking of hacking.  Of course, there are many other means that might be as vicious as hacking or even more vicious than hacking such as intentionally manipulating an opposing nation’s derivative market to a point that such market would crash and create havocs within a nation’s economy.  Nonetheless, hacking is probably one of the easiest maneuvers which one nation can carry out against another nation.

Hacking can be inexpensive for the hackers and yet sometimes hackers can get more than what they want.  Hackers can also stay anonymous if they’re good, therefore hacking can be stealthy if stealth is important to the hackers.  Knowing hacking can be carried out with precision and with almost no consequence at state sponsor level, I don’t see why hacking is not one of the desirable methods in acquiring financial information and gaining sensitive data to manipulate another nation’s economy.  This is why it’s not unimaginable for the United States to consider hacking as an act of war and might lead to military actions.  As more facets of an economy come online or digitize, hacking can become an evermore dangerous and powerful instrument among other financial instruments to be used by nations.  Of course, hacking isn’t always motivating by financial means, sometimes it’s more about gaining military advance weaponries.  This is why hacking can become even more important than just a covert financial instrument for any nation.

So, I guess we can expect China and United States to continue playing a game of blaming each other on how they got hacked by the opposing nation.  I suspect that the United States and China won’t go as far as declaring war on each other if indeed they find out that the opposing party is hacking them, but I can see United States and China won’t be hesitating in punishing weaker opposing enemies in all means, even things has to boil down to carrying out some military actions.  Don’t be surprised to see more headlines of how one nation is hacking another in the news, because hacking can be quite a useful financial instrument and more.  It’s that serious!

Source —  Currency Wars:  The Making of the Next Global Crisis by James Rikards (book).

Related articles

Just Some Random Tips Of The Day For Users To Protect Themselves In The Digital World

0
Posted by on in Security

Hackers are more brazened everyday, and as of late we have heard so many stories of their hacks against big and sophisticated institutions such as FBI and partners of FBI and Sony and so on.  Although Sony is the older story, but it is still fresh in some people’s minds.  Of late, some hackers even go after DNS servers so they could redirect legitimate web traffics to their malicious websites of choice.  This is one way to phish for users’ credentials, consequently hackers can unlock users’ web accounts.  The legitimate form of phish is phishing, and it means that hackers set up digital traps/hacks to steal credential information from users, but the users may not know they’ve been scammed since the traps/hacks made to look like the real things.

Perhaps the only way to protect oneself from getting phish by being paranoid about what webpages you’re landing on.  Let say you’re trying to visit a well known website, but the website address looks a little funky, then you should not enter any credential of yours onto such website/page until you have verified and sure that you’re on a legitimate website/page.  Sometimes, you have to make sure the IP address of such a website is from the institution that it claims to be.

Finding a website’s IP address is pretty easy.  Just open up a Window shell (i.e., cmd) or a unix-like terminal and ping the website’s domain name such as using this command [ping Yahoo.com], then comparing the legitimate website’s IP address with the URL’s IP address (i.e., using ping command also) to see if both IP addresses of the two slightly different URLs are the same.  If both IP addresses of the two slightly different URLs are the same IP address, then you might be on the legitimate website.  Sometimes a well constructed misleading URL can mislead users to ping the wrong part of the URL, consequently will not help users avoid the phishing scheme.  This is why make sure you understand which part of the URL inside your web browser’s address bar is the actual top level domain name and not otherwise.

I’m not sure if I’m entirely right, and you can correct me in the comments below this blog post if you think I’m wrong that verifying IP address of a legitimate website can be DNS hack proof.  After all, don’t hackers have to take over a DNS control panel of a domain account or registrar and entered their malicious IP addresses that point to their malicious domain names so legitimate web traffics can be redirected to the malicious web destinations?  If that is the absolute case/way, then verifying the IP address of a legitimate website is one absolutely best way to confirm if you are on a benevolent web destination.

OK, I’ve to admit that even though you have confirmed the IP addresses of slightly different URLs are the same IP address, it does not mean that you’re on the legitimate website/destination.  Why?  Perhaps, that very IP address is the only IP address that the hacker(s) is using and not of a legitimate website.  Sometimes, it helps to make sure the IP address of a legitimate website you’re trying to reach is made available through search engines or some reputable web services so you can comparing the IP addresses from such sources with the ones that you’d pinged.  Doing reverse IP lookup or domain lookup helps too!

Another thing, you can avoid a lot of troubles by protecting your email accounts at all cost.  Hackers love to have access to your email accounts so they can reset your web accounts’ passwords.  Many websites allow users to reset web accounts’ credentials by simply click on confirmation links within emails.  This could be why it’s a goldmine for hackers to be able to penetrate their targets’ email accounts.  So, using unconventional passwords, different password for every email/web account, is best to protect one’s  email/web account, especially true for the email accounts.

Hacking In The Air With Open Source Aircraft, Cut Through That Traffic On The Ground Dude

0
Posted by on in Security

Just with open source software and off the shelf products, hackers can put together a flying aircraft that allows them to hack phone calls and bluetooth and wireless and so on.  Check out the Hak5 video right after the break to see the interview on the real hackers who showed off their open source aircraft for hacking at DEFCON this year.

Obviously, don’t try this at home if you don’t really know how to fly an aircraft with a remote control or computer.  I think it’s rather dangerous, because someone can be seriously hurt if the aircraft turns evil.  Oh, it’s already evil in digital mean, but it can also be physically evil too, I guess.