Hacker 10 – Security Hacker

Author: John Durret

  • List of the best Tor email hidden services updated 2025

    List of the best Tor email hidden services updated 2025

    The following is a list of email services hosted in hidden services to send and receive anonymous email through Tor. A few of them can only be accessed using the Tor browser and have a Clearnet address only for information purposes.

    If you are serious about security you must install the official Tor browser but if you are not paranoid about anonymity, you can download the Brave browser, this privacy browser is able to access .onion sites and Tor offering less security than the official browser, it has JavaScript enabled.

    Cock.li (http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/): A free email and XMPP anonymous service funded with donations that allows registration with Tor , VPN and proxies. There are over a dozen domains to choose from when you sign up for a cock.li email address, other known domains used by this provider are Airmail.cc and firemail.cc

    Morke (http://6n5nbusxgyw46juqo3nt5v4zuivdbc7mzm74wlhg7arggetaui4yp4id.onion/): Using the domain names Morke.ru and Morke.org with a SquirrelMail interface, registration is free but it can only be done using the Tor browser.

    ProtonMail (https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion): Fully encrypted Switzerland based privacy email provider that allows registration using Tor, the free version of ProtonMail provides for a decent service and includes extra features like an encrypted calendar, and cloud storage.

    OnionMail.org (http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/): Anonymous email provider that encrypts email with your own key, they have a multi language free service where you can test it and upgrade to a paid plan with more storage space, cryptocurrency is accepted and there is support live chat in their website.

    OnionMail.info: Clearner directory listing OnionMail email providers, you have to be careful who you pick, nobody knows who is running the service and a few of them that I checked had the mail server misconfigured.

    DanWin1210 (http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/): Personal website providing free anonymous Jabber and email account that can be accessed in the clearnet or Tor.

    CS email (http://csmail3thcskmzvjicww3qdkvrhb6pb5s7zjqtb3gdst6guby2stsiqd.onion/): Disposable email address with v3 Tor hidden access, ideal to receive registration email details or brief communications, you can reply using the interface but emails are only kept for one hour. Sponsored by VPN provider CryptoStorm.

    Email providers that can be accessed with Tor

    The following email providers do not have a .onion email address but are privacy and Tor friendly, you should be able to sign up for their webmail service using the Tor browser which will provide with nearly as much a privacy as accessing them using a hidden service.

    MailFence: Based in Belgium, with support for PGP encryption and free plan. It is impossible for the email provider to read your emails if you use your own PGP encryption key.

    Tuta: German email provider specialised in privacy, it has implemented quantum resistant encryption to future proof your privacy and metadata scrubbing.

  • Crack wireless networks encryption with WifiSlax

    Crack wireless networks encryption with WifiSlax

    WifiSlax is a Slackware based Linux distribution specially designed to break into wireless networks to test their security. It can run as a live CD or installed in your laptop saving personal settings.

    Make sure to select  “English Menu”,when you first boot the CD as the default instructions will be shown in Spanish otherwise. Another available option is selecting the Linux desktop of your choice. WifiSlax comes with KDE, an eye candy graphical interface and XFCE for low resource systems and a command line only option for experts. You can also select your prefered Linux Kernel, if you run a high end computer with more than 4GB of RAM choosing the PAE (Physical Address Extension) kernel will improve performance. WifiSlax default root password is toor, for security it should be changed typing passwd.

    WifiSlax KDE comes with few packages for day to day use, mainly the Libre Office suite, The Gimp, FileZilla P2P programs and a handful of games. It is unlikely that this 650MB distribution will be your main desktop without adding additional software. Luckily this can be easily done using WifiSlax package manager and downloading prebuilt software .xzm modules for WifiSlax, there you will find TV streaming utilities like Zatoo and media players like XBMC.

    WifiSlax Linux to crack Wifi
    WifiSlax Linux to crack Wifi

    If all you want is to break into a WPA network you have everything you need already installed in WifiSlax. Tools that will help you test a wiereless network security are dictionary list generators Datelist and Crunch, usual WEP vulnerability cracking tools, even if hardly anybody uses WEP nowadays, it is a nice thing to have. To crack WPA networks you will find WPA GPU cracking taing advantage of advanced graphics card with a processing unit that can be used to brute force passwords, the always useful packet sniffer WireShark is also included along with man in the middle attack packages AirSSL and Yamas.

    There are other security tools not directly linked to wireless, like Grampus, used to extract documents, image and video metadata that could reveal who the author was and BleachBit to securely wipe Internet browsing history to stop anybody with access to your computer from learning what sites you have visited.

    This is a good wireless hacking Linux distribution except for the fact that the website is only available in Spanish but after burning the .iso the interface can be set to English.

    Visit WifiSlax homepage

  • Exploit residential router vulnerabilities with Routerpwn

    Exploit residential router vulnerabilities with Routerpwn

    Routerpwn is a web application listing dozens of ready to run local and remote exploits for, largely, home routers. It covers all major brands, all you have to do to test if your personal router is vulnerable to one of the exploits is to search for the make and model of your router and click on the exploit name to execute a javascript window testing a known vulnerability that will automatically break into the network or open up the default router IP, 192.168.1.1 and try a default admin password or privilege escalation.

    To learn more about the exploit click on the plus sign next to the listed bug and you will be taken to a security list like SecurityFocus or Seclist displaying full details of the exploit and the date it was first discovered.

    The site also contains links to lists of default router administrator username and passwords. Another tool can be used to find out an Access Point vendor entering the MAC address of the device, which hex number can be discovered with a simple network scan.

    Routerpwn javascript router exploit
    Routerpwn javascript router exploit

    It is not necessary to be connected to the Internet to use Routerpwn, the site can be stored offline, javascript exploits in local routers will work regardless of Internet access.

    Exploiting a router does not necessarily mean to be able to get into the network finding out a WPA key, some of the exploits in Routerpwn launch a denial of service attack against a router by pinging it non stop and bringing down the whole network. Other exploits show your router configuration, some vendors store keys to reset passwords in plain text inside configuration files that can be seen by mistake using a cross site scripting attack.

    There was an Android application for Routerpwn in Google Play but that link has now been removed, however the website can be accessed from any mobile device or game console that has an Internet browser. Everything has been optimized for access on the go coding it entirely in HTML and javascript.

    New exploits can be submitted to the site and if you would like to find out your own router vendor, the URL http://www.routerpwn.com/detect.html will show you the brand, if it can’t identify it a form will come up inviting you to submit the information.

    Routers are seldom upgraded or flashed by home users, even a exploit that is a few years old will still work against many devices. Routerpwn is a very powerful tool for penetration testers for a very important often overlooked security item that antivirus software does not screen.

    Visit Routerpwn homepage

  • How to stop the NSA from tracking your mobile phone calls

    How to stop the NSA from tracking your mobile phone calls

    The latest documents leaked by Edward Snowden, called “Spain last 30 days“, show that in a single month the NSA illegally spied on 60 million phone calls in Spain. Further details reported by the press mention that although calls were not recorded, location, dialled number, call duration and mobile phone serial numbers were all looked at by the NSA.

    Based on that one can figure out that if the NSA was looking at mobile phones serial numbers they must have a way to link those numbers to people.

    Mobile phone serial vs IMEI number

    There are two kind of mobile phone serial numbers, IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity).

    Mobile phone serial number and IMEI
    Mobile phone serial number and IMEI

    IMEI numbers are embedded in the device, it will be displayed if you type *#06# on your dialpad, forming 15 or 16 digits, the software version called IMEISV contains 16 digits.

    The first 8 digits of an IMEI number identify the model and phone’s origin, the remainder numbers are defined by the manufacturer and could be anything they want.

    IMSI numbers contains 15 or less digits and they are embedded in the SIM card, the number is constantly send by your mobile phone to the network provider, enabling mobile phone companies to trace the phone using a technique known as triangulation. Tracing will work even if you don’t have GPS in your phone, triangulation relies on mobile phone network towers to locate you.

    The first 3 IMSI digits contain the country code, followed by mobile network code and other numbers show subscription details.

    For example if you go abroad the IMSI number will be used by the network to connect you to the foreign company that has a roaming agreement with your home network provider.

    Both IMEI and IMSI numbers are transmitted to mobile phone companies. There are devices that can change a mobile phone IMEI number but in some countries like the United Kingdom this is illegal alleging that it hinders mobile phone theft investigations.

     Stopping NSA metadata collection

     With leaked documents showing that metadata is the main element used to flag calls by the NSA grid, using a calling card would should stop them from seeing the final numbers you are dialling, buying calling cards from a non USA company should add privacy.

    It is probably rational to assume that the NSA knows about the calling card problem and receiving and making lots of calls using them with the same phone could raise a red flag in the system and mark you for further attention. Combining calling cards with different phone lines would be then a good idea if possible.

    Another way that might fool NSA metadata collectors is by using a virtual phone number service like FlyNumber, where two people from Africa could communicate with each other using USA local phone numbers that are then forwarded to the phone of their choice or VoIP. Make sure it is not Skype, past documents showed that Skype is linked to the NSA PRISM global spying program.

    As for stopping location tracking, opening your phone and taking the SIM card and battery off is the only secure way to do that. If this is too inconvenient then stick to VoIP calls tunnelled using a VPN.

  • How mobile phone accelerometers are used for keylogging

    How mobile phone accelerometers are used for keylogging

    Massachusets and Georgia Insititute of Technology researchers have developed a method to log computer keystrokes by placing a smartphone next to a computer keyboard and major its sound and vibration using the smartphone accelerometer. The researchers employed an iPhone 4 for this and noted that sensors in older models are not good enough to pick up remote vibrations.

    Mobile devices accelerometers are used to re-orient your screen using a differential capacitor to measure changes in gravitational pull. Researchers used it to listen in to typing sounds and translate them into text by estimating volume and force produced during keystroking.

    Mobile phone accelerometer
    Mobile phone accelerometer

    The phone was enginereed to interpret what dictionary words sounded like and translate them into text. Accuracy was next to 80% and it only went down after an extensive number of dictionary words were added. Since an attacker might now what kind of information they are after, a customised dictionary with likely terms can be built to increase accuracy.

    In order for this attack to work the smarphone has to be placed on the same table where the keyboard is and there must be no ambient vibrations, like a printer or scanner working in the background.

    The only mitigation strategy proposed by the researchers against this type of attack is to prevent anybody from placing a mobile phone next to your keyboard, not even your own since it could have been infected with this kind of malware to spy on you.

    There has also been previous research showing how a smartphone microphone could be used to pick up typing patterns. With this is mind it is important to never forget that smartphones have the necessary equipment to spy on you, the reason why many government departments do not allow them into the office.

    The research is a proof of concept, do not be surprised if you see NSA spooks showing interest in this and taking it to a step further in the future as smartphones sensors improve even more.

    Smarpthone Keylogging Research Paper

  • Lelantos, a secure, anonymous email provider through Tor

    Lelantos, a secure, anonymous email provider through Tor

    Lelantos is a privacy email provider only accessible through Tor but able to communicate and receive messages from any Internet wide email services like Gmail or Yahoo. The owners, a small unidentied group of people, claim that all data in the server is encrypted, with data back ups located in different countries.

    When you open a Lelantos email account you will initially get a @lelantos.org address, currently that domain name is registered to someone called Ryan Harris living in Canada and the DNS servers are set to Domains4Bitcoins, the little information one can gather from that is that Lelantos is paying the domain registration with Bitcoins, registration details in Canada might be fake or might not.

    To stop other people from knowing that you are using a Tor email service Lelantos gives you a choice of multiple private clean domain names that are not listed anywhere and not linked to the Tor network. Lelantos obviously doesn’t have access to your computer IP since the only way for you to read and send messages is using Tor.

    Anonymous Tor email provider Lelantos
    Anonymous Tor email provider Lelantos

    Lelantos webmail has two interfaces, a SquirrelMail layout that does not need Javascript enabled to login and a RoundCube interface that needs Javascript. I have used both interfaces and there isn’t too much difference in between them, RoundCube, looks more modern and has drag and drop but the main functions work the same. If you are serious about privacy go for the SquirrelMail interface with no Javascript.

    Another way to protect yourself against browser exploits is by using Lelando’s IMAP and SMTP .onion servers with TLS, for this you have to set up your email program with a socks proxy and run Tor in your computer. Unfortunately few email programs support socks proxies, I suggest the free open source Thunderbird email client from the Mozilla Foundation.

    Lelando’s terms and conditions forbid using their email service to transmit child pornography, spam or sending violent threats, if you breach their Acceptable Use Policy your account could be terminated.

    This is not a free email provider, you have to pay some Bitcoins to fund service maintenance, I think that it is not unreasonable since they also provide support, with a public PGP encryption key available to communicate with Lelantos staff. For extra security is best to anonymize your bitcoins with a laundering service like Bitlaundry, but, as long as bitcoin payments can not be linked to an specific email account it should be fine.

    Lelantos Tor address: http://lelantoss7bcnwbv.onion

  • List of non USA cloud storage services with client side encryption

    List of non USA cloud storage services with client side encryption

    To truly secure your data in the cloud it is necessary to encrypt it before it leaves your computer and not to trust others to do this for you. You can encrypt files yourself with something like Truecrypt, DiskCryptor or 7Zip but it requires time and extra work.

    This list contains cloud storage services that apply encryption before uploading it to their servers and give you full control of the decryption keys, making it impossible for the company to decrypt anything.

    TeamDrive: Company based in Germany, data is encrypted in the computer with AES256-bit using your own encryption key that the company has no access to. You can decide whether to store your files in Amazon EC2 USA, Ireland or Hong Kong servers, account data is only held in German servers.

    Mega: Based in New Zealand, all data is encrypted with AES128-bit before uploading it to the cloud, a RSA2048-bit key is used to share already encrypted files in between users, their FAQ is very complete explaining the security measures they use and what possible vulnerabilities exist against their business model.

    Mega cloud encryption file sharing
    Mega cloud encryption file sharing

    Powerfolder: German company, it can be used to store and share files in the cloud, they have no servers in the USA and everything is encrypted client side with the AES algorithm. You can password protect folders before sharing them with others.

    TresorIt: Hungarian company, they use AES256-bit to encrypt data before uploading it to the cloud. The company offered $US10.000 to whoever can break their security software. Data can accessed in your smarphone or desktop computer. There are free and paid for plans.

    TresorIt encrypted cloud storage
    TresorIt encrypted cloud storage

    Unseen.is: A full communications suite with encrypted cloud storage on top of email and instant messenger. With headquarters and servers in Iceland, encryption is end to end, the company does not have the key and can not read any messages. Unseen.is is transparent about their technological encryption set up and privacy policy. Have into account that online storage is limited, the service has been designed to only back up your most important files, not a whole computer.

    Notice: Even if the company is not based in the USA, they might be using American servers for storage unless specified.