PaulSpoerry.com

Image via Wikipedia

To view the passwords associated with any site, go to the log-in page and right-click anywhere on the page. Select View Page Info, and then the Security tab. Click View Saved Passwords. Another window will pop up showing the usernames associated with that site. Click Show Passwords to see the passwords for each username.

If you want to view all of your saved usernames and passwords, open Options under the Tools menu and select the Security tab. Click Saved Passwords to open a list of every site you’ve ever saved a password for. Again, click View Passwords and the list will display all of your passwords. You can’t print this list, but you can just as easily take screenshots if you want to print out your passwords for safekeeping. Isn’t this a huge security hole?, you may ask. Why yes, it is. Knowing how easy it is for anyone with access to your PC to view all your passwords, maybe you’d like to password-protect your passwords. In the Options | Security tab, click Use a master password and enter a password. Now this password will have to be entered any time you or anyone else tries to view saved passwords. You’ll be asked to enter your master password every time you open Firefox; without it, Firefox won’t automatically enter saved passwords for you. Make sure you don’t forget this one!

Image via Wikipedia

I never realized the it was even easier to replace a lost (or to hack a machine given you have physical access) a Linux machine. Jason Striegel posted this example over at Hackszine.com on how to reset a lost Ubuntu password. It’s surprisingly simple to reset, simply follow the steps outlined below. Here’s how to do it on a typical Ubuntu machine with the GRUB bootloader:

Boot Linux into single-user mode

1. Reboot the machine.
2. Press the ESC key while GRUB is loading to enter the menu.
3. If there is a ‘recovery mode’ option, select it and press ‘b’ to boot into single user mode.
4. Otherwise, the default boot configuration should be selected. Press ‘e’ to edit it.
5. Highlight the line that begins with ‘kernel’. Press ‘e’ again to edit this line.
6. At the end of the line, add an additional parameter: ’single’. Hit return to make the change and press ‘b’ to boot.

Change the admin password
The system should load into single user mode and you’ll be left at the command line automatically logged in as root. Type ‘passwd’ to change the root password or ‘passwd someuser’ to change the password for your “someuser” admin account.

Reboot

That’s it, just reboot into your normal configuration with the new root password.

If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead, the browser shows the “customs officer” graphic and an error saying the website may be dangerous. Apparently this is seen as an issue by some people (I dig it.. and you can always override it).

Of course, excuse or no, according to Netcraft, as many as 18% of the Fortune 1000 websites have expired SSL certificates. That means the odds are pretty good that Firefox 3 is going to block you from accessing some legitimate sites.

I’m gunna say thumbs-up to FireFox for doing us all a favor. People like my mom have no idea what an SSL Cert even is… if it stops here from hitting some bogus self-signed site in error then kudos to the FireFox team.

Read more at WebMonkey

Ever have to go work on a family members computer and need to get into their router. Routers comes with a default password, and most people don’t change them (bad bad bad). Here is a list of default logins and passwords for most devices. This listing is only provided as a resource to network administrators and security professionals. It is also meant to remind people that a serious problem exists when people configure a network or a computer system and do not change these passwords. The manufacturers of the listed devices, software or systems are not to blame for this problem, and we are not trying to discredit them or their products. A default login is a means for an end user of a product to complete the initial setup of the device or system. Most manufacturers strongly recommend their end users change these logins and passwords for security reasons.

Read the rest of this entry �

Darknet has released it’s list for the Top 15 Security/Hacking Tools and Utilities. Many of these I’ve seen before and should be familiar to a lot of people, but there may be a few nuggets you haven’t seen before.

Topic include network scanning, wireless security, password cracking, etc. It’s really a great list so check’em out.

Read the rest of this entry �

Alisa Miller has an excellent writeup on 50 tools to use if you want to protect yourself from Internet snoopers, want to spy on those out to get you, or want to be able to track trends that you know will lead to something big. All the tools listed are free or have a free trial.

Read the rest of this entry �

Why hack Windows passwords when you can simply create yourself a new Administrator account?

In a previous post I showed how you can use an Ophcrack Live CD to crack Windows passwords in minutes. It works, I’ve done it before and it really works. The free, open source Ophcrack Live CD is a Windows account password cracking tool designed to help you recover lost Windows passwords. Quite a few people have sent me emails or chatted me via my website saying “I forgot my password”, or “my kid locked himself out of his pc”. I’m unsure if that’s really the case or if they were just looking for a way to crack Windows passwords. However, if that is really the case there is potentially a much faster way to resolve your issue… just create a new Administrator account!

To create a new Administrator account you’ll want to grab a copy of the Offensive Security’s BackTrack Live CD which can be found here.

What is BackTrack?

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions - Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customized kernels, etc.

BackTrack Terminal Window

Here’s a quick and dirty way to make a new user account.

Boot into Backtrack and open a shell prompt:

• cd /mnt (change directory to mounted drives)

• ls (get the list of mounted drives)

• cd sda1 (sda1 is the main hard drive)

• cd Windows/ (change to the windows directory)

• cd System32/ (change to the system directory)

• mv Utilman.exe Utilman.old (backup original file)

• cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)

• reboot

Once rebooted, at vista logon screen do the following:

• Press Windows key + U

• To invoke Utility Manager ( A.K.A. CMD.exe)

• Cmd.exe will spawn with ‘System’ privileges.

• c:\>net user S00perAdmin mypassword /add

• c:\>net localgroup administrators S00perAdmin /add

• Reboot and log in with your newly added Admin account

There ya go… now instead of needing to “crack” you “lost” password you can simply create a new Administrator account, login with that and then change the lost accounts password to what you want it to be.

TrueCrypt is a software application used for on-the-fly encryption (OTFE). It can create a file-hosted container or write a partition which consists of an encrypted volume with its own file system, contained within a regular file, which can then be mounted as if it were a real disk. TrueCrypt also supports device-hosted volumes, which can be created on either an individual partition or an entire disk. With version 5.0 it can encrypt the windows boot partition.TrueCrypt is available for Microsoft Windows, Mac OS X, and Linux. It is distributed under a collection of licences, including the TrueCrypt License, which is judged by Debian to be a free software license.

Read the rest of this entry �

“In July 2007, Richard Doherty of the Envisioneering Group (BD+ Standards Board) declared: ‘BD+, unlike AACS which suffered a partial hack last year, won’t likely be breached for 10 years.” Bold statements huh? When will these people learn, copy protection never has and never will work against the people you’re trying to protect your content from. Yes, general users will not be able to copy your products, but they will also not be able to make fair use backups either. Often copy protection causes other headaches in terms of usability as well.

So… only eight months since that bold statement, and Slysoft has done it again. According to the press release, the latest version of their flagship product AnyDVD HD can automatically remove BD+ protection and allows you to back-up any Blu-ray title on the market.”

To celebrate Easter, SlySoft is offering a 20% discount on all products (except upgrades and t-shirts)

To redeem the coupon just enter the coupon code: easter

The DemocraKey was created in May of 2006. Within two days, over 60,000 people had read about the DemocraKey and built their own. It was featured on MSN, Digg, Lifehacker, and hundreds of other pages. Now, it’s entering version 2.0, where it becomes a complete, portable privacy suite. DemocraKey helps scan and surf securely from computer to computer. You can install it on a portable thumbdrive and now even on an iPod. Visit a friends house, surf from a kiosk, or just need some privacy? Pop it in and off you go. DemocraKey has built in TOR support in the browser, which can hide your internet activity. Sounds sweet, portable too!

Features

• Protect your computer from viruses with a security enhanced version of Firefox
• Visit sites that are blocked by your school/employer/government
• Hide your internet actions with Tor
• Encrypt personal emails with GPG
• Scan your computer with portable built in Antivirus software
• Runs from any portable media - iPod, USB key, Digital Camera…
• It’s FREE and Open Source!

Get DemocraKey!