Skip to content

USB Killer versus Macbook Pro, Google Pixel – Instant Death of hardware using USB Killer

USB Killer Instantly KILLS New MacBook Pro, Google Pixel, Galaxy Note 7 & Tested on iPad Pro, iPhone 2G, GoPro 5 & More Tech.

Beats headphones are not affected.

Video gets really interesting about 10 mins in if you’re short for time.

 

Crypto 101 – get free prelease pdf

Get the new free training course on the basis of Crypto – called Crypto 101.

Start to finish.

Comes with everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms.

Learn by doing.

Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favorite programming language.

Forge administrator cookies, recover passwords, and even backdoor your own random number generator.

Works everywhere.

DRM-free and available in all common formats:

  • Get the free pre release pdf copy.

Anti Surveillance, Anti CCTV Infrared Glasses – hide your face

There is a kickstarter funding page, which is attempting to make anti CCTV privacy glasses. These are both reflective and anti Infra Red – so CCTV cameras cannot record your face.  I have to admit that I’m impressed with the idea.

KickStarter Project

https://www.kickstarter.com/projects/reflectacles/reflectacles-reflective-eyewear-and-sunglasses

Ghost

The only style that I would support so far is “Ghost”, that blocks CCTV camera’s.

ghost2

https://www.kickstarter.com/projects/reflectacles/reflectacles-reflective-eyewear-and-sunglasses

ghost1

The other styles need sides to the glasses, as your side profile is revealed as you turn.  A suggestion would be that they copy the design of welding or overglasses, as used in factories or laboratories.

However, the ghost anti CCTV glasses are looking good.

Revealed: The 48 organisations that can see your entire online browsing history, even if you delete it

The police, NHS and the tax man will now be able to hack into your phones and check your browsing history after the Snoopers’ Charter was passed by Parliament last week.

The bill, officially called the Investigatory Powers Bill, forces electronic data to be stored by internet providers for 12 months, which can be subsequently collected by law enforcement.

Now a blogger has created a list of all the people who will be able to request to view your internet history if the bill passes Royal Assent to become law.

The access also works regardless of whether or not you clear your history, because it will be held by your internet service provider.

Internet provider must keep logs for a year and hand them over to the government on request, whether users want them to or not.

WHO CAN VIEW YOUR INTERNET HISTORY?

Metropolitan police force

City of London police force

Police forces maintained under section 2 of the Police Act 1996

Police Service of Scotland

Police Service of Northern Ireland

British Transport Police

Ministry of Defence Police

Royal Navy Police

Royal Military Police

Royal Air Force Police

Security Service

Secret Intelligence Service

GCHQ

Ministry of Defence

Department of Health

Home Office

Ministry of Justice

National Crime Agency

HM Revenue & Customs

Department for Transport

Department for Work and Pensions

NHS trusts and foundation trusts in England that provide ambulance services

Common Services Agency for the Scottish Health Service

Competition and Markets Authority

Criminal Cases Review Commission

Department for Communities in Northern Ireland

Department for the Economy in Northern Ireland

Department of Justice in Northern Ireland

Financial Conduct Authority

Fire and rescue authorities under the Fire and Rescue Services Act 2004

Food Standards Agency

Food Standards Scotland

Gambling Commission

Gangmasters and Labour Abuse Authority

Health and Safety Executive

Independent Police Complaints Commissioner

Information Commissioner

NHS Business Services Authority

Northern Ireland Ambulance Service Health and Social Care Trust

Northern Ireland Fire and Rescue Service Board

Northern Ireland Health and Social Care Regional Business Services Organisation

Office of Communications

Office of the Police Ombudsman for Northern Ireland

Police Investigations and Review Commissioner

Scottish Ambulance Service Board

Scottish Criminal Cases Review Commission

Serious Fraud Office

Welsh Ambulance Services National Health Service Trust

 

Reference:

http://www.dailymail.co.uk/sciencetech/article-3971214/The-48-organisations-entire-online-browsing-history-delete-it.html

As I’ve said, terrorism was just an excuse — The Krypt

A list of public authorities, in addition to The Old Bill and intelligence services, that can legally access your Web browsing history under the new Investigatory Powers Act: Department of Health (Drug regulation and fraud investigation) HMRC / Inland Revenue Department for Transport Department for Work and Pensions (Fraud and error investigation, and child maintenance) […]

via As I’ve said, terrorism was just an excuse — The Krypt

Microsoft joins Linux Foundation—now loves Linux to death — sqwabb

Microsoft has joined the Linux Foundation. That’s right, the maker of the closed-source Windows operating system—the very antithesis of free open source software—is suddenly one of the driving forces behind free open source software (cue hair-rending and groans of mock incredulity). The normally phlegmatic website Extreme Tech reacted to the news this week by suggested […]

via Microsoft joins Linux Foundation—now loves Linux to death — sqwabb

KALI – Start Kali with a new hostname on every boot

If you’re downloading a lot, you may find that the name of your device will be blocked.  There is a way to change your host name every time you reboot.  This is naughty but nice.  My cautions have been added to the end of the article.

Step 1 – Create a new file called changehost.sh

Use Gedit to create a new file.

Type this code into the file changehost.sh.

#!/bin/bash

cp -n /etc/hosts{,.old}

newhn=$(cat /dev/urandom | tr -dc 'A-Za-z' | head -c8)
hostnamectl set-hostname $newhn

echo "127.0.0.1    localhost" > /etc/hosts
echo "127.0.0.1    $newhn" >> /etc/hosts

exit

Step 2 – Gedit a second file

The code is:

/etc/systemd/system/changehost.service
[Unit]
Description=Hostname Randomizer

[Service]
ExecStart=/usr/bin/changehost.sh


[Install]
WantedBy=multi-user.target

Enable the service
systemctl enable changehost.service

*****

Or run it at any time manually

service changehost start

****

I have seen companies and universities block the hostname rather than block an IP – so this should keep your laptop from being detected.

CAUTION

  1. If you are using OpenVAS, don’t do this.  OpenVAS uses an SSL certificate.  Any software that partially autheticates using the hostname will fail.
  2. Only use if you want to download a lot, and you’re being blocked.

Reference:

https://forums.kali.org/showthread.php?33179-UPDATED-HOWTO-Start-Kali-with-a-new-hostname-on-every-boot

How to use Password Dumping software – Password Decoder – The Visual Guide

Please don’t use Chrome as this browser will block most password dumping software.

Use Chrome Unblocker to stop Chrome blocking the software if you like Chrome.

chrome unblocked.png

Step 1 – Download password dumping software

There are quite a number of specific password dumping software tools – but there is an all in one password decoder.  Use this as the lazy option.

http://securityxploded.com/download-software.php?id=5325

password-decoder-1

password-decorder-link

Run as Admin

password-decoder-run-as-admin

Installer runs

password-decoder-install-1

Next > accept all default settings

password-decoder-install-2

How to use

http://securityxploded.com/all-in-one-password-decoder.php

Step 2 – Select Drop down list – type of password to crack

password-decorder-drop-down-list

Decode Button

password-decoder-button

 

Downloads Menu

Use the downloads menu to find more tools

password decoder downloads.png

Quantum Safe Cryptography and Security

http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf

The current state-of-the-art cryptographic principles use well-studied methods that have been relied upon for more than 20 years. Amongst cryptographic experts, well-studied, proven and mature techniques are the most preferred for security reasons. However, such techniques were not designed to resist quantum attacks, because at the time of their invention, research into quantum computation was obscure and unknown to most cryptographic practitioners. New cryptographic techniques have emerged in recent decades that do provide protection against quantum threats. These techniques are termed “quantum safe” and consist of both techniques based on quantum properties of light that prevent interception of messages, as well as classic computational techniques, all of which were designed to resist quantum attacks emerging from the rapidly accelerating research field of quantum computation

 

Security controls that are known to be highly vulnerable to quantum attack, and can be easily broken by a quantum computer, include:

1. Any cryptosystem that is built on top of the mathematical complexities of Integer Factoring and Discrete Logarithms. This includes RSA, DSA, DH, ECDH, ECDSA and other variants of these ciphers. It is important to point out that almost all public key cryptography in fielded security products and protocols today use these types of ciphers.

2. Any security protocols that derive security from the above public key ciphers.

3. Any products or security systems that derive security from the above protocols. Controls that are known to be somewhat vulnerable to quantum attack, but can be easily repaired include symmetric key algorithms like AES that can be broken faster by a quantum computer running Grover’s algorithm than by a classical computer. However, a quantum computer can be made to work just as hard as a conventional computer by doubling the cipher’s key length. This is to say that AES-128 is as difficult for a classical computer to break as AES-256 would be for a quantum computer.

 

AES is considered quantum-safe because the cipher can adapt to a quantum attack by increasing its key size to rectify a vulnerability introduced by quantum computing.

 

Ciphers like RSA and ECC are not quantum safe because they are not able to adapt by increasing their key sizes to outpace the rate of development of quantum computing. In order to attack a 3072-bit RSA key, for instance, a quantum computer must have a few thousand logical qubits. In general, the number of logical qubits needed scales in a linear fashion with the bit length of the RSA key. When such a quantum computer becomes available, moving to a larger RSA key size would thwart a quantum attack until a larger quantum computer is invented. However, doubling the size of an RSA or ECC key increases Quantum Safe Cryptography and Security 14 the running time of the cipher on a conventional computer by a factor of 8. That means that if the size of keys that a quantum computer can attack doubles every two years, then the running time of keys on a conventional computer increases by a factor of 8 every two years, outstripping Moore’s Law and rapidly becoming impractical both in terms of speed and in terms of channel size, i.e. the required bandwidth to transmit the key information.

http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf

NOTE:

Read the cautions on AES written by Schneier.  Schneier did increase the number of rounds to make AES safe, but that made it far too slow to use.  AES should never have qualified.

AES using CBC (Cipher Blocks) can be broken.  Any version of AES using CBC has been broken – using the Beast or Lucky 13 attacks.

The only form of AES not broken is GCM (Galois Counter Method), which requires specific dedicated hardware, and is not deployed in software versions of AES – they’re all the broken CBC type.

 

 

How to steal passwords from web browsers – Windows 10 & Windows 7

Sometimes, you’ll forget your password to a site.  In that situation WebBrowserPassView will find those forgotten passwords.  Alas, its dangerous in that it will detect your Paypal login ID and password too.  Use this tool with care.  Don’t put in on a USB and install it on a girlfriends laptop – as that’s called stalking.  Stalking is being weird, so don’t go there.

Step 1 – Download WebBrowserPassView

http://www.nirsoft.net/utils/web_browser_password.html

The tool works fine on Windows 10.  You may find that it’s detected as a Virus or dangerous tool and you’ll have to make an exception for it.

Step 2 – Install it and away she goes

The app will launch revealing all your forgotten login ID and passwords.

webbrowser-screenshot

Step 3 – Reused passwords.

At a guess, you’ll find that you’ve been reusing the same 3 passwords on various accounts.

That’s a no no.

Step 4 – Download and Install Browsing History View

http://www.nirsoft.net/utils/browsing_history_view.html

browsing-history-download

Select the number of days to filter by… here I’ve selected only 3 days.

.browsing-history-install

And the results… are all the sites that my browser has seen over the last 3 days.  Here you can see the screenshots taken for blog articles published this week.

URL’s

browsing-urls

Screenshots created for articles.

browsing-history-sites

Use these tools wisely, and only on your own laptop.

Finding out someones paypal login ID and password is hacking.   Even if you’re using this data for a divorce, remember that you’ll need to admit to what you’re doing, and there will be no happy endings.

%d bloggers like this: