Hacker 10 – Security Hacker

Author: John Durret

  • Android phone backup app Titanium backup

    Android phone backup app Titanium backup

    Titanium Android backup app, unlike the Google Backup feature that comes with all Android phones, can copy and restore your apps including user data within each app, general data and Market links to an external SD card, including protected and system apps, after setting it up Titanium backup will automatically copy your data as scheduled with zero clicks. Apps can be backed up individually or in group, to restore the data you can choose to only recover settings, app, data or everything at once.

    This is a very powerful app, before you click on anything, make sure to read what it says, Titanium backup has access to your system files and it is easy to wreck something if you are not careful, if you are not sure refer to Titanium online Wiki. The whole backup process can take up to 15min depending on the amount of data and your Android phone processing power, once the backup has finished you can browse where everything is kept, inside the SD card in a folder named /TitaniumBackup/, you might want to copy that data online or to your desktop computer using a USB cable or Bluetooth.

    Titanium Android backup app
    Titanium Android backup app

    This app is suitable for advanced/power users as it has lots of configuration options, for complex operations, like restoring data to your Android phone after it has been updated with a custom ROM, check out the online Titanium backup Wiki. The paid Pro version of this app can encrypt your backups (using RSA&AES), copy apps without closing them, freeze an app without uninstalling it, convert system apps into user apps (or vice-versa), batch verify backup integrity, sync backups online with Dropbox, and much more.

    Note: This app requires root which will invalidate the phone warranty, rooting is necessary to access system files.

    Visit Titanium Backup Android GooglePlay

  • Encrypted data backup with Powerfolder

    Encrypted data backup with Powerfolder

    Powerfolder is a free program for Windows, Mac and Linux to securely share, sync and backup your computer files, locally or in the cloud, if you choose to backup your data online you will be offered a free account with 1GB of free space, this is not necessary as the program can be used to do offline backups, if you decide to use the cloud option all data transfers will be encrypted using SSL (transfer) and AES (storage), to open an online account only requires entering an email address, which does not need to be verified, and the password of your choice.

    Powerfolder interface is easy to use, skinnable and with lots of configuration options, the software can be used to synchronize data in between computers on a LAN (Local Area Network) with real time data sync status showed on the screen, you can choose what to backup with a simple tick on a checkbox next to each folder.

    PowerFolder encrypted data backup
    PowerFolder encrypted data backup

    To share files online you just need to go to the Folders tab and follow the wizard where you will be offered what files to share and where to send an invitation key, in order for someone to access your data they will need to enter that secret key first. PowerFolder cloud storage can be accessed through the iPhone or Android through a specially made mobile portal (m.powerfolder.com), browser file downloads are made using an encrypted SSL connection, you can view and play audio files online too. Powerfolder software scans local folders for changes and uploads/erases the data as necessary, bandwidth taken by PowerFolder can be limited, a proxy and specific ports chosen, the plugins tab lets you configure advanced settings, like adopting UDT connections instead of TCP, encryption security level and setting up a dynamic DNS.

    I would have preferred it if the help manual wasn’t only available online, and the free 1GB online space is not enough to hold all of my important data, I could not find any other flaw to this very fine secure data backup software.

    Visit Powerfolder homepage

  • Google Chrome Ghost Incognito extension for privacy mode

    Google Chrome Ghost Incognito extension for privacy mode

    Ghost Incognito is a Chrome browser extension to make sure that certain websites are only opened in Incognito mode, Incognito mode (aka private browsing) in Google Chrome is activated using the CTRL+Shift+N and it stops your Internet browser from locally storing information about the websites you visit, like cookies, cache or history, all of your activities run in RAM memory and once you close the browser everything is gone for good. Firefox, Internet Explorer and Opera all have a privacy browser mode.

    Ghost Incognito Google Chrome
    Ghost Incognito Google Chrome

    The main benefit of Ghost Incognito is that you can browse the Internet normally at work or school and have the browser configured to visit sites like Facebook only using privacy mode avoiding leaving any recoverable passwords, usernames and Internet history in a public computer. By default, all porn .xxx domain names will open using Incognito mode. When you type a URL that has been set up to run in private mode a new window automatically opens, but I noticed that the first typed URL triggering Incognito mode is remembered by the browser, this is a flaw that I hope the developers can fix in next releases, another possible problem is that the URLs you have added to Ghost Incognito extension configuration will be visible by anyone with access to your Internet browser, I can see this extension being useful for a portable Google Chrome browser but not much more.

    Visit Ghost Incognito Chrome addon

  • Top 5 Windows Mobile Phone security apps

    Windows Phone apps

    SecureID: Password manager and data vault for your Windows phone, it encrypts all data using AES256, it can encrypt any kind of data, including audio recordings. The passwords can be classified into categories and searched, a password generator indicating password strength is included.

     7pass: Non official version of open source Keepass password manager for Windows mobile phones, it is compatible with Keepass desktop edition in your PC, it can securely store usernames and passwords as well as credit card details and notes, you will need a master password to access the encrypted database. It includes a password generator just like the original Keepass for PC.

    Message Encryption: It can encrypt text messages using the encryption key of your choice, after encryption it will send the message to the person you choose, using the same window you can decrypt received messages, lean on configuration settings and features, but easy to use.

    Password Vault: Windows Phone 7 app to securely store passwords, financial information and images, the application encrypts and groups data as Financial, Internet, Personal and Others. Instant search helps you to find out what you want when you need it, stored notes have a preview and can be edited, all you need to access your data is the master password.

     Secure Keys: Secure configurable password generator, it creates a hard to crack password with numbers, letters and special characters all based on the passphrase you entered, making it easy for you to remember your password yet hard for others to guess. The created password isn’t saved on the phone or sent over the Internet making it impossible for someone to know it other than looking at the screen on the phone.

  • Modify files and folders timestamps with NewFileTime

    Modify files and folders timestamps with NewFileTime

    NewFileTime is a small Windows utility to easily change files and folders timestamps, the application doesn’t need any installation, it can be run from a USB thumbdrive in portable mode and lets you change the Modified, Created and Accessed timestamps (day,month,year and time). To change a file or folder Created and Accessed date it is as easy as dragging and dropping the file inside NewFileTime main window or manually selecting the files using the import button. Its best feature is that you can add multiple files and folders and change all dates at once.

    NewFileTime change file folder timestamp
    NewFileTime change file folder timestamp

    The menu lets you to quickly add and subtract hours or days to the file timestamps using one of the preset values, timestamps can also be exported or imported using the txt button. Overall this program does what it says on the tin with and you won’t need any administrator rights to run it. There are other free utilities to change a Windows file timestamp like Mooo TimeStamp or Timestamp modifier but I have found NewFileTime to be the easiest to use.

    Visit NewFileTime homepage

  • Uncensored decentralized search engine YaCy

    Uncensored decentralized search engine YaCy

    YaCy is an open source community based search engine written in Java with no central server indexing the results, search queries are produced using a worldwide peer to peer computer network, in the same way that torrent downloads work, the quantity and quality of the results will depend on the number of peers connected at the time, on top of the search results YaCy lets you know how many peers are providing them, it can be used to search text or images. Unlike Google or Bing, where the company managing the search results is open to subpoenas and censoring links (e.g. DMCA complaint, offensive images, etc), YaCy results can not be censoredas no single central authority is responsible for them and there are thousands of servers (personal computers) in multiple countries providing results, with some seed list servers including accurate p2p node information to be found in the source code.

    You will need to download YaCy software to your computer to use it, during installation Windows default firewall will be configured to allow YaCy queries pass through, if you are using a different firewall you will have to set it up manually to allow YaCy to connect to the Internet. The search engine will be accessed in your browser clicking on YaCy’s logo or visiting http://localhost:8090 (default port can be changed), YaCy can be set up to crawl an specific website or FTP server creating your own search index, the crawling can be scheduled to as often as you like or limited to a single time to save computer resources.

    yaCy anonymous search engine
    yaCy anonymous search engine

    To protect your privacy after performing a search the words used are sent to a peer in the form of distributed hash tables, peers store crawled search results as cryptographic hashes and these are all mixed in between peers, making it impossible to pinpoint search queries to a certain host. Search is not limited to the public Internet, YaCy can be used in Intranets, the configuration settings had so many options that it can take a long time to understand what everything is for, the best is to leave the defaults.

    In my experience YaCy Internet results were not very good, with a tendency to link to deep pages instead of the main portal, my main predicament is that it did not have too many pages indexed and it took a couple of seconds to finish each search query, this can be improved once YaCy manages to reach a sizable number of users/peers. Until then, this search engine will be better suited for Intranets or custom crawling of forums and wikis, admittedly, their plan is not to beat Google results, but to provide a truly private search engine experience. There is no need to erase logs, because there are no logs and companies do not have to rely on a third party server to run their private search queries. In the future the developers plan on indexing tor node pages and Freenet sites.

    Visit YaCy search engine homepage

  • Brute force advanced password recovery with HashCat

    Brute force advanced password recovery with HashCat

    Hashcat is a free brute force attack tool (aka password cracker) to perform security audits on database password hashes or recover forgotten passwords, it is available for Linux and Windows, unlike the better known command line only dictionary attack tool John The Ripper, HashCat comes with an interface (aka GUI, Graphical User Interface). After downloading Hashcat you will need a password list (aka wordlist), you can download one from OpenWall. A common approach to recover a forgotten password is to try and guess it using dictionary words, the time to crack the password is linked to its length in bits, the most difficult to crack passwords will have been made up using a lump of special characters, punctuation signs and capital/small letters.

    Brute force tool HashCat
    Brute force tool HashCat

    HashCat is not only a dictionary attack tool, it can use precomputed hashes, using a pre-computed dictionary made up of hashes saves time when cracking passwords because the the words have already been converted into hashing algorithms which is how passwords are stored. This kind of brute force attack can be slowed down when cryptography uses a technique to force all password entries to be recomputed at each try, in cryptography this is called salt.

    The more you know about the the password constitution the quicker it will be to crack it, HashCat lets you specify password length, you will also want to determine the hash mode, encryption software use different hashing algorithms for password storage, the algorithm used is normally found within the software technical specifications. Computer graphic cards with a processor (Graphics Processing Unit, GPU) can notably speed up password cracking efforts, HashCat takes advantage of them being able to use up to 16 GPUs. Finding out a hard to guess password out of a hashing algorithm is not easy with just a single desktop computer, when the opponent has access to supercomputers or botnets, if the passwords is weak, a couple of days might be all one needs.

    Visit Hashcat homepage