Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • Conceal secret messages inside text with SNOW steganography

    Conceal secret messages inside text with SNOW steganography

    SNOW is a free program to hide messages inside ASCII text, for those who don’t know ASCII stands for American Standard Code for Information Interchange, a binary scheme to represent English characters in computer language that can be read by nearly all text editors although UTF-8 is replacing ASCII as the world wide web language, ASCII is the default format to save text in Unix and DOS operating systems.

    The program is a tiny command line based utility of just 60Kb, downloadable as Windows executable or Java applet to work with other operating systems like Linux. SNOW comes with a manual listing the available commands and real examples. Do not be scared of the command line, it is not hard to use. The source code is also available for download so that others can review it.

    SNOW ASCII text steganography tool
    SNOW ASCII text steganography tool

    SNOW steganography takes advantage of white spaces found in text messages and hides invisible text inside them, this keeps the visual embodiment and does not raise any suspicious to watchful eyes. Security is heightened with compression to fit more text inside the white spaces and text encrypted with ICE, an open source symmetric 64-bit block cipher designed by the same author to withstand cryptanalysis and guard from detection.

    This is a superb unexpected way to send secret messages to other people with the only downside being that, unlike messages hidden in photos that can be distributed uploading them to public online photo albums, you can not copy and paste steganographic SNOW text messages on a website because the data is hidden inside the white spaces. You will have to necessarily send the full ASCII file text to your contact, revealing metadata, like who is talking with who. But you could upload an innocuous compressed file, e.g. video, with ASCII text instructions included and hide the message inside the text white spaces, this would waive the need of emailing anybody and it would not ascent mistrust.

    SNOW has been around since the nineties and has recently been released under the Apache license, it is a very well documented tool with technical cryptanalysis information about its design as well as benchmarks.

    Visit SNOW stego homepage

  • Encrypted video calls, group chat, notes and files with VIPole

    Encrypted video calls, group chat, notes and files with VIPole

    VIPole is a Windows, Linux, Mac and Android security suite providing encrypted file sharing, VoIP, video chat, notes, passwords and organizer. Installation is straight forward and it only requires you to provide a valid email address where you will receive a verification link, select the local folder where data should be stored and move your mouse around to generate entropy to create your private encryption key. You will have to cook up two passphrases, one to encrypt your data and another to encrypt your profile, the software makes sure that you do not reuse them but there is no strength meter. A virtual keyboard can be used to stop keyloggers.

    To be able to encrypt files in your hard drive you will have to temporarily disable your antivirus and install some drivers, I also had to disable the antivirus to update VIPole software client, I am using AVG, most modern antivirus programs will allow you to disable it for only a few minutes, this should not be a big problem as long as you trust VIPole not to do anything unacceptable to your computer.

    Encrypted messenger and video calls VIPole
    Encrypted messenger and video calls VIPole

    Encryption keys are managed exclusevly by the user, VIPole has no way to decrypt your data, calls and chats are end to end encryption with AES256/RSA 4096 bit keys and no central server that could be wire tapped, the company pledges that there is no backdoor. You can see an “History” tab in the program, chats logs can be accessed there but the data is only held in your computer and nowhere else, even then, that data is encrypted (premium version) when you close VIPole, losing the laptop will not reveal private logs without the proper password.

    Another nice feature is being able to set up a fake passphrase in case you are forced to disclosure it. Helpful in countries like the United Kingdom where you must reveal your password to the police when requested or risk criminal prosecution, but giving to the police a password to a fake encrypted container would also break the law if they find out, so not really recommended. I just could not see any other applicability other than bypassing airport staff opening up your laptop.

    I was really impressed with VIPole easy of use interface, the well organized tabs make it painless switching in between functions and information is clearly displayed in a nice clean layout with avatars that help you identify the caller and shift from the chat to notes or file manager window in no time.

    VIPole encrypted calling options
    VIPole encrypted calling options

    The only thing that made me feel unease about VIPole, besides not being open source, is that although calls do not go through their servers, passwords, notes, reminders and files are kept in VIPole servers,the reason for this is to be able to sync the data with your mobile device. It would have been valuable to have the choice not to sync data and keep everything local for those paranoid about cloud security. The good news are that it is impossible for server administrators or anybody breaking into VIPole facilities, to have access to the data in plain text, everything is encrypted with your private encryption key before leaving your device, this means that VIPole can not be compelled to produce a copy of your data even if they wanted to.

    This company security model really cares about users privacy and they should be praised for being very open about how data is stored and how they are protecting it, the company has plenty of information about their security model and businesses can get their own server to make sure that they are always in control of everything.

    I found the free VIPole plan good enough for home users, the paid version buys you more features like auto logout when idle, extra file storage space, encrypted virtual drive on desktop client and other elements that are nice to have but not a must have.

    Visit VIPole homepage

  • Linux Parrot OS for hacking, security and anonymity

    Linux Parrot OS for hacking, security and anonymity

    Parrot OS is a live and installable operating system based on Debian Linux and targeted at penetration testers and people interested in online anonymity. The nearly 2GB DVD download integrates professional and beginner computer security tools inside the MATE Desktop environment, a GNOME2 fork

    Booting can be done in forensic mode, listed as Stealth, to avoid modifying any file in the host computer, live, live fail safe or with a graphical GUI to install the operating system in your computer, visually impaired people can use a speech synthesis installer.

    Parrot OS default username is root with password toor easily changed after logging in. The distribution homepage has a Wiki but at the moment it only contains basic information for newbies about how to boot from BIOS or burn the distribution to a USB thumbdrive. However, if you are familiar with Linux you should not have to read too many tutorials, the tools included in Parrot OS are the same ones found in similar pen testing distributions like Kali or BackTrack Linux.

    Linux penetration testing Parrot OS
    Linux penetration testing Parrot OS

    Some useful tools for privacy activists found in Parrot OS are Truecrypt to encrypt data, Bleachbit to erase Internet tracks, although if you run the live DVD this will not be needed, and the Iceweasel browser running with Tor, with Vidalia providing a graphical interface to manage the Tor network, showing consumed bandwidth, nodes you are connected to and message logs.

    Tools for penetration testers include packet sniffer Wireshark, man in the middle attacks with the Ettercap suite and an md5crack to brute for passwords out of captured md5 hashes. A screenshot and desktop recording utility is able to document all you do.

    Practically all of the hacking tools are found under the Parrot menu, dozens of programs nicely classified under descriptive activities such as “Information Gathering” ; “Sniffing/Spoofing“; “Wireless Attacks“; “Reverse Engineering” and many others with a submenu are all easily accessible.

    Although this distribution is being advertised as anonymity and penetration testing in one, I believe that it is mostly suitable for pen testers, those who want anonymity are still better off with Tails. Parrot OS is similar to Attack Vector Linux, packing powerful penetration testing tools with Tor to hide who is using them. On the other hand, any sys admin worth his salt will be blocking all Tor proxies from accessing the network.

    Computer forensics can also benefit from Parrot OS, as it has a dedicated “Forensics” menu with carving, hashing and imaging tools together with reporting tools to manage evidence and a forensic boot that will not modify data. You can find this distribution to be a sound alternative to BackTrack.

    Visit Parrot OS homepage

  • Linux penetration testing distribution NetSecL OS

    Linux penetration testing distribution NetSecL OS

    NetSecL OS is a penetration testing OpenSuse based Linux distribution with the lightweight Xfce window manager. The distribution’s kernel has been hardened with grsecurity patches, a set of rules that allows for more extensive system auditing and protects you from stack overflows by making them non executable.

    The latest NetSecL OS 5.0 removes Firefox and incorporates the Chromium browser, not to be confused with Chrome. Even thought they both use the same source code, Chromium does not release binaries, it has to be built from source, and it does not send data to Google, the Chromium browser has improved privacy over Chrome.

    Other privacy enhancing features in NetSecL OS include Macchanger, a Unix utility to view, fabricate or forge a  MAC network card address and a Firewall GUI builder to set your own system access rules.

    Linux security distribution NetSecL OS
    Linux security distribution NetSecL OS

    You can run NetSecL OS as a live DVD or install it in a USB or hard drive. A .ova virtual  machine is available for download from Suse Studio website for testing. The default users are root and tux and the password for both of them is linux

    You can find specific penetration testing tools like the Metasploit framework , packet sniffer Wireshark, network monitor EtherApe, Open Vulnerability Assessment System OpenVas, port scanning Nmap, security reconnaissance Skipfish along password manager KeePassX, text editor Abiword, FTP client FileZilla and the open source Windows API implementation Wine, to run Windows programs in Unix.

    NetSecL OS has all the tools a security professional needs to break into a network, I can see this operating system complementing BackTrack. The main difference in between both being that NetSecL OS is fixated with offensive security and not digital forensics, for example,NetSecL OS does not have image acquisition tools, in lieu BackTrack covers both fields.

    If you don’t like Backtrack Ubuntu base or just want to try something new, NetSecL OS is a valuable OpenSuse pen testing distribution.

    Visit NetSecL OS homepage

  • Exploit residential router vulnerabilities with Routerpwn

    Exploit residential router vulnerabilities with Routerpwn

    Routerpwn is a web application listing dozens of ready to run local and remote exploits for, largely, home routers. It covers all major brands, all you have to do to test if your personal router is vulnerable to one of the exploits is to search for the make and model of your router and click on the exploit name to execute a javascript window testing a known vulnerability that will automatically break into the network or open up the default router IP, 192.168.1.1 and try a default admin password or privilege escalation.

    To learn more about the exploit click on the plus sign next to the listed bug and you will be taken to a security list like SecurityFocus or Seclist displaying full details of the exploit and the date it was first discovered.

    The site also contains links to lists of default router administrator username and passwords. Another tool can be used to find out an Access Point vendor entering the MAC address of the device, which hex number can be discovered with a simple network scan.

    Routerpwn javascript router exploit
    Routerpwn javascript router exploit

    It is not necessary to be connected to the Internet to use Routerpwn, the site can be stored offline, javascript exploits in local routers will work regardless of Internet access.

    Exploiting a router does not necessarily mean to be able to get into the network finding out a WPA key, some of the exploits in Routerpwn launch a denial of service attack against a router by pinging it non stop and bringing down the whole network. Other exploits show your router configuration, some vendors store keys to reset passwords in plain text inside configuration files that can be seen by mistake using a cross site scripting attack.

    There was an Android application for Routerpwn in Google Play but that link has now been removed, however the website can be accessed from any mobile device or game console that has an Internet browser. Everything has been optimized for access on the go coding it entirely in HTML and javascript.

    New exploits can be submitted to the site and if you would like to find out your own router vendor, the URL http://www.routerpwn.com/detect.html will show you the brand, if it can’t identify it a form will come up inviting you to submit the information.

    Routers are seldom upgraded or flashed by home users, even a exploit that is a few years old will still work against many devices. Routerpwn is a very powerful tool for penetration testers for a very important often overlooked security item that antivirus software does not screen.

    Visit Routerpwn homepage

  • How mobile phone accelerometers are used for keylogging

    How mobile phone accelerometers are used for keylogging

    Massachusets and Georgia Insititute of Technology researchers have developed a method to log computer keystrokes by placing a smartphone next to a computer keyboard and major its sound and vibration using the smartphone accelerometer. The researchers employed an iPhone 4 for this and noted that sensors in older models are not good enough to pick up remote vibrations.

    Mobile devices accelerometers are used to re-orient your screen using a differential capacitor to measure changes in gravitational pull. Researchers used it to listen in to typing sounds and translate them into text by estimating volume and force produced during keystroking.

    Mobile phone accelerometer
    Mobile phone accelerometer

    The phone was enginereed to interpret what dictionary words sounded like and translate them into text. Accuracy was next to 80% and it only went down after an extensive number of dictionary words were added. Since an attacker might now what kind of information they are after, a customised dictionary with likely terms can be built to increase accuracy.

    In order for this attack to work the smarphone has to be placed on the same table where the keyboard is and there must be no ambient vibrations, like a printer or scanner working in the background.

    The only mitigation strategy proposed by the researchers against this type of attack is to prevent anybody from placing a mobile phone next to your keyboard, not even your own since it could have been infected with this kind of malware to spy on you.

    There has also been previous research showing how a smartphone microphone could be used to pick up typing patterns. With this is mind it is important to never forget that smartphones have the necessary equipment to spy on you, the reason why many government departments do not allow them into the office.

    The research is a proof of concept, do not be surprised if you see NSA spooks showing interest in this and taking it to a step further in the future as smartphones sensors improve even more.

    Smarpthone Keylogging Research Paper

  • How Egyptian police quickly cracked journalist’s computer password

    How Egyptian police quickly cracked journalist’s computer password

    According to Mike Giglio, a NewsWeek correspondent, Egyptian police got hold of his laptop during his coverage of the latest Egyptian protest in Tahrir Square against the ousting of Mohammed Morsi,  cracking his password protected computer on the street to check what was inside, with just a few seconds of time and very little cost in terms of software and training.

    See below screenshot of Mike Giglio Twitter account explaining Egyptian police password cracking quick method:

    Mike Giglio password cracking Egypt
    Mike Giglio password cracking Egypt