Tuesday, 28 November 2017

How to hack hotmail account

This article aims to better understand how a hacker can hack our Hotmail / Outlook / Live account , to guard against it properly. We will also talk about a flaw that is now corrected that shows that an implementation error can have disastrous consequences and allow us to draw conclusions about the security of our accounts.
I remind you that this site is not intended to help to hack but to understand the attacks to defend itself .

How could a hacker so easily hack a Hotmail account?

Example with the use of a flaw in Hotmail:

This flaw is now fixed . We will dissect it to better understand what may have happened if you have been hacked. This can also be the cause of hacking your account in the past, in the consequences may fall back in the future!
Here are the steps that were used:
  • Know the e-mail address of the person.
  • Access the password reset page on the mobile version of the site (which at that time was security conscious).
hack hotmail

  • Enter the address of the target as well as the security captcha.
  • A page was displayed asking to enter the secret question or to send the restore instructions to the backup address. This backup address is displayed according to the following model: ou******@hotmail.com.
  • It was therefore necessary to start by finding this address partly hidden. And the flaw was at this level , indeed it was enough to display the source code of the page (CTRL + U under most browsers). And in the source code a value of type hidden was found there or the address appeared in clear, without the stars.
hack hotmail


  • This step required a lot of luck, it was necessary to check if this address of relief was used or not. The hacker went to the registration page HERE and registered with this address of relief.
  • This address is often noted at the pif by people because it is mandatory at registration. Thus, an address put at random is very likely to be unused and it was enough for the pirate to appropriate the secondary account.
Once the hacker had managed to create this secondary account, he clicked on "Send email" and he received all instructions to reset the password of the account he wanted to hack. As simple as that, no programming knowledge required, no need to be a computer engineer, no need to use specialized tools!
Another way to hack a Hotmail account was to wait for the address to be several years old without being used. Hotmail accounts were automatically deleted when they were several years old ! It was therefore possible to hack any account , it was enough that the original owner logs in not for a while.
You'll understand: to hack your Hotmail account the hacker had to wait ...

Conclusion on this flaw and prevention methods

It only took a bit of cunning to test the mobile version and take a look at the source code of the page to find this trick more than formidable.
You now know that you have to pay attention to the backup address of an account, it is as importantas the main address. Also be aware that not logging in for a long time makes your account reusable by anyone else .

How not to be hacked in the future

Never give YOUR own credentials (e-mail addresses and password) to certain websites or programs. If you were actively looking for hacking a hotmail account before coming here you probably came across "specialized sites" and others "give me your IDs, I'll do it in 2 seconds". That's not true, be suspicious !
Now, we will see other hacking opportunities that are not technical this time and against which you must be protected .

Pay attention to keyloggers , who recover purely and directly your passwords

You tell yourself that outlook.com is http s , you use a proxy or VPN and nobody could thus steal your password.
FALSE.
Keyloggers get what you type on your keyboard, no matter the active window, no matter what the encryption of the connection is.

Pay attention to Phishing , which makes you believe that you are addressing an official website

With keyloggers, phishing is one of the most popular attacks to hack into any account. It's simple, you are made to believe that your information is not up to date (or any other technique in this genre) to send you to a fake site that retrieves your password . Phishing software also exists, typically with programs that require you to log in to perform an action while they recover your password.

Be careful to have a valid backup address , not unused or non-existent

Outlook / Hotmail requires to choose at least two identifiers, but for many users, this information is useless, so they fill an address of emergency, the pif!
It's just like sending your password to someone at random. It is also possible for anyone to create this address, which did not necessarily exist before.

Be careful to choose a complicated answer to the security question

In the same vein, users think they never need to use a secret answer, so they give it to the ghost(and do not remember when their account is hacked) or normally answer the question, which seems to be a good thing. But it is not at all , ask directly an individual "What was your first animal? Is enough to get the answer you are looking for is to hack an account!)

Be careful not to show the contents of your inbox and your account information

Seeing e-mails at work or at school seems harmless. But if a bad-minded person takes note of what she sees, she can hack a hotmail account (or whatever). Because by using the recovery form, anyone can pretend to know you a lot of information about your account, and thus reset your account.

Securely secure your accounts upstream

Once you are hacked it is often too late. Think about two-step authentication, the password or emergency phone number, and most importantly: Be suspicious and aware.

Thursday, 23 November 2017

Uber bought the silence of hackers

Security: The VTC service has just revealed to have been the victim of a hacking that has led to the theft of personal data of 57 million users including nearly 7 million drivers. Uber paid the pirates $ 100,000 to keep them quiet.

This is yet another turpitude that Uber would probably have done well. Dara Khosrowshahi, the new boss of the VTC service who is working to restore the company's somewhat damaged image, has just made another sensational revelation . In 2016, cyber criminals hacked a GitHub server and accessed the personal data of 57 million users. They were able to download certain items such as names, email addresses and phone numbers.

uber hacked

About 7 million Uber drivers are among the victims and 600,000 of them based in the United States have had their driver's license number downloaded. Uber ensures that no other sensitive data (credit card, date of birth, social security number, etc.) has been compromised and that measures have been taken immediately to secure this breach.

Security officers transferred; Prevented victims

The perpetrators were quickly identified but Uber chose to smother the case by paying a ransom of $ 100,000 to obtain the silence of the perpetrators. It should be noted that at the time of the incident, Uber was in discussion with the Federal Trade Commission about its management of user data.

Dara Khosrowshahi, who says she learned about piracy recently, took immediate action. Joe Sullivan, the director of security and one of his assistants Craig Clark were fired. The victims have been notified and the drivers concerned benefit from a program of protection against identity theft. This transparency operation falls when Uber is in talks with SoftBank for the sale of part of its capital.

Wednesday, 22 November 2017

The Machine by HP 2018

Technology: No RAM, no storage memory, no copper: the new architectural project presented by HP wants to shake up habits. But for now, The Machine is still just a research project.


the machine by hp



During the HP Discover conference, the R & D department presented the project that has been running the majority of its resources and time for two years now. Soberly named "The Machine", this new architecture is based on highly innovative technologies to meet the new challenges posed by big data and the evolution of uses.
For now, the project is not yet out of labs HP Labs, and nothing concrete is still available at the moment. At the conference, Martin Fink, HP's technical director, presented the different components that will make up The Machine.
Promises only, but beautiful promises: as reported by Bloomberg, The Machine aims to "replace the computer park of a datacenter with a computer the size of a fridge. "
To achieve this feat, HP is focusing its research on two very promising technologies: photonic buses and memristors.
Welcome to the future
Behind these barbaric names lie the two cornerstones of The Machine's architecture. Memristors are passive electronic components, whose existence was theorized in 1971. Since then, their existence was purely theoretical, we thought the thing possible without really knowing how. But in 2008, the HP Labs team managed to make its first physical models of memristors.

These electronic components have the ability to act both as a fast access memory and as a storage memory. HP began developing its first memory modules based on this technology, known as Reram .Other companies including Samsung are currently working on variants of this technology, whose performance is dreaming.
In addition to using these memristors to create a unified memory for the computer, HP also relies on light for information transfer between the various components of The Machine. A technology that has been known for some time, since it is the one implemented in the deployment of optical fiber for internet connections.
HP intends to miniaturize this type of optical connection to incorporate it into the heart of its architecture, increasing the speed of information exchange, and replacing the traditional physical connections in copper.
This radically different new architecture will obviously require a radically different operating system. HP started working on the issue, developing its new OS from a Linux kernel.
Nothing concrete, but figures
According to HP, this new architecture promises performance that has something to think about. The company had fun comparing the specifications of its new architecture to Fujitsu K, the Fujitsu supercomputer. And the comparison is without appeal: for a consumption of 160 kW, about 100 times less than the Fujitsu K, The Machine would benefit from a computing power 6 times higher.
HP could therefore hit a big blow if the reality of The Machine was well up to what the manufacturer advance. But it will take a few more years to judge: according to the firm, the first computers based on this architecture should be delivered by 2020.

Monday, 20 November 2017

The hacker's ethics

The ethics of the hacker was born at the Massachusetts Institute of Technology (MIT ), they are moral and philosophical values ​​that hackers must have to adhere to a standard.
This is what differentiates hackers who seek to defend themselves from pirates who seek to harm others . The nuance is important .
Journalist Steven Levy is the first to use the term ethical hacker in his book called Hackers . He also defined the following rules:

The ethics of hacking (ethical hacking)

  • Access to anything that could teach you something about how the world works should be unlimited and total.
  • The information should be free.
  • Do not trust authority, prefer decentralization.
  • Hackers should be judged on their exploits and not on criteria such as age, origin, sex, diploma etc ...
  • You can create art and beauty with a computer.
  • Computers can improve your life.
He also asks the company to open up its worldview on hackers and expand it to the planet and not just to the little computer genius. He is followed later by hacker  Loyd Blankenship who defines the hacker's manifesto .
More generally, the term "ethical hacker" is used to refer to a real hacker who secures computer systems, not a hacker .

ethical hacker

Why put yourself in the shoes of an attacker?

Hacking helps solve problems in many areas. In programming for example, we do not reinvent the wheel, we access the details of a system to build something useful and effective.
Hacking IT security makes it possible to secure one's own systems and online identity by first understanding how attacks work.
From there, the ethical hacker also known as the hacker in the white hat is thus put in the skin of a pirate to understand how he acts, and protect himself.
We try to "learn the attack to better defend ourselves", and we also use the term "offensive security".
The approach, inspired by fire safety training, is standard in the hacking industry:
We present a technique inspired by a real case, we explain it and put it into practice in order to understand the operating principles, and finally we protect ourselves against it.
Present , understand , protect .
The approach is the same for the police: we learn the techniques of thieves to catch them more easily.
Note: Putting the attacks into practice to understand them in a public way presents a potential danger related to the malicious people who would use the information to their advantage. As a result, The Hacker Blog will not provide public details that could lead to illegal actions.
Besides, I have a revelation for you right now:
It is often thought that a hacker is a person very computer savvy, gifted and nomadic.
In fact, once you know their little secrets, you realize that all this does not require extremely in-depth knowledge, and that you can defend yourself by applying simple and methodical concepts.
This hacker's ethics and these secrets are seen in detail in the guide  How to Become an Ethical Hacker that I invite you to follow right now to become a true hacker and fight computer attacks.

Wednesday, 15 November 2017

The fear of hackers

Hackers are often seen as somewhat reclusive and untrustworthy people. All that is needed is for the average user to be hacked one day to develop an irrational fear of hackers.
This is the case of a person I know recently, he is now retired teacher and never buy anything on the internet, installs antivirus, anti-spyware, anti pop-up and stress inevitably after all clicks on links that he judges suspicious . He even worries when a music does not start on his mobile phone. For him, it's the fault of a "hacker".
Although legitimate, this fear of hackers has no place to be when we know what we do and we know the risks. I am writing this article to reassure you if you have been hacked.

fear of hackers

Know from a statistical point of view that:

  • 80 to 90% of malicious programs run on the Windows operating system.
  • 90% of security issues are user-related and not system-related.
  • 90% of the attacks that may affect you do not target YOU specifically, but the Internet users are naive enough.
Let's take them step by step and comment:
90% of malicious programs run on the Windows operating system because it is the most popular , simply. This is the system that the average user uses. Average users are both easy and numeroustargets Not only is Windows the most popular system but it is very easy to develop malicious programs and find programs that are already done.
So you understand, if you are under another system such as Unix you have statistically less risk of being infected. But be careful, I repeat it so much that I made it a slogan: What is 99% secure is not secure.
Second point, 90% of the problems are related to the user himself . The system does what they are told, if they are asked to post the passwords and they give it to us, we see them. The user, contrary to what one thinks, also does what he is told , but indirectly because he does not do it on purpose or simply does not know it. It is himself who kindly lends his passwords for the hacker to use them freely. So you have to be suspicious first of all. And I will do many articles to help you be.
fear of hackers

Third point, 90% of the attacks do not target you specifically . The attacks are launched massively until the users I'm talking about in the previous point get caught. They are eventually launched against organizations, companies or specific types of users. In addition, note that the remaining 10% are the most dangerous attacks that just target you and are therefore often due to people who know you . How many times have I allowed victims to trace their pirate who was their "friend".
I will add that some phenomena, although difficult to explain, are not due to hackers because they are physically impossible to achieve . Music that does not start on a mobile phone just after clicking on a link without even connecting the phone to the computer is the typical example. Other phenomena are much more likely to be caused by a given and known problem , than by a "hacker" (eg a bug, a connection problem ... etc).
If you use Windows, take note of the article about Windows security . If you are a user of another system you are not immune either. Stay vigilant again because you are often the fault .
Pay attention to your old friends with whom you cut bridges, ex-spouses etc. If they manage to hack you, they will have more valuable information compared to a Thai who does not know you and does not even understand your language. it is also possible that overnight your best friend acts strangely and asks you to click on links. He may have been hacked , and the hacker may try to hack you later .
If you follow these tips, and if you remain aware, you do not really have reasons to become paranoid, I hope at least you have a reassured.

Monday, 13 November 2017

Password security

The human being likes the ease and the little mnemonic tricks, it is normal .
password security


It's normal but not very secure !
90% of the people I interviewed use the same password at least oncefor different services. Like that, if someone retrieves this password, he has as a bonus gift immediate access to other services too.
Change your passwords for each service, god!
I do not think it's necessary to make a general reminder about password security, you can imagine that love or 123456 ( one of the most used !) Are very obvious and easy to find passwords.
I also know that typing a password like This-is_a.m0td3PASSE * is certainly very secure but impractical to write and remember.

So we need a compromise.

Try to capitalize , in the middle or at the end of your password and possibly a number or special character . For example myMotdepass3 is quite easy to remember and quick to write in addition to being well secured .
You also see that I replaced the E to pass through 3 (for those who know leet ), this will make the password more difficult to find if someone already has the beginning.
Imagine I see you writing jaimeFaceb , I guess the end. I would have a hard time finding jaimeFacebouk2 . So do not hesitate to place some traps in your passwords to make them unique.
I will end this article on general recommendations regarding passwords:
Once again, I repeat myself and repeat what is already said, never give your passwords to anyone .
I know the "  yes but I'm your darling so I give you everything, I have nothing to hide 😉  "
Okay, it's a beautiful proof of love, but in the meantime the password remains unchanged months after, and I know what I'm talking about.
So at worst, change your password (create a temporary one), give it to a person of extreme trust , and change it again in the day. You will not risk to post your personal information very sensitive to anyone's eyes for a proof of love? Yes ? I do not hope so.

Sunday, 12 November 2017

Internet security

Internet has the advantage of being able to reach all users of all systems. Indeed, all you need is a well-known browser and any plugins for anyone to access the net, even from a mobile device.
The threats on the Internet are still a little different from those that can be found physically on his computer.
They mainly concern everything related to the privacy of Internet users.
Few risks therefore to see all our files disappear after visiting a site.
On the other hand the numbers of blue cards transit, the passwords and in general all the data which one transmits since our keyboard.

Recommendations concerning websites:

internet security
Google now offers an encrypted https version to avoid interception of searches by a third party © mynetx
I might need more than a blog to detail all web-related threats, so I'll summarize the basics. Before any purchase, and even before writing anything that concerns us, we must check these points:
Is the site really the one I think? I'll talk about it in an article about phishing, there may be a fake website that looks exactly like a real site.
The site address (or URL) can not be the same, so check that when you connect to Facebook you are of course http (s): //www.facebook.com and not on http: / www. facebok.com who nevertheless would have the same look but would not be facebook. More and more sites are now leaving a small note before purchasing something to verify the URL before submitting the form.
In the same way, you can check the presence of the "s" before http in the URL when you want to make a so-called secure transaction. the https protocol will encrypt the data transmitted between your pc and the server, in order to make any interception of this data unnecessary.
Regarding PCs cybercafés, libraries and especially friends, friends and girlfriends, be sure that the pc on which you are not infected!
Very often, not to say always, the victims do not understand what happened: "I just connected once to my girlfriend but I never gave her the password or even to anyone. other! "
Well, if it was given to the person who had installed a malicious program or used a fake site, among others. Refer to the Windows Security article for more information.
In the same way, you can and must disconnect from all the sites to which you have previously connected. Never check the box Remember my password on a pc that is not yours.
Install ad blockers if you are used to being harassed with pop-up ads.
Install extensions like WOT to help you detect illegitimate sites.
Last point regarding the vulnerabilities of browsers or sites and other vicious exploitations:
Security vulnerabilities can be found in your browser or more often in the websites you visit. You can not do anything, you can just keep a critical mind on all the abnormal things that can happen. That is, all suspicious behavior against your personal data, such as sudden requests for card number confirmations.
Regarding the flaws of add-ons like Java DriveBy, here again keep your anti-virus up to date and check the veracity of the site by means of add-ons like Web Of Trust .

Conclusion

It is difficult and especially naive to want to present all possible hacking techniques related to security on the Internet. I therefore recommend in a general way:
  • Keep your browser and plugins up-to-date
  • Change your passwords regularly
  • Stay alert whatever happens

Friday, 10 November 2017

Windows security

Windows is the most popular operating system. The majority of Internet users and especially Mr. and Mrs. all-the-world uses Windows. Malware is therefore targeting this system as a priority, especially since it is very easy to develop and find programs for this system. This article complements the one on anti-virus. Read it and come back here to better understand the usefulness of what will follow😉
Windows displays a message indicating that a program is connecting to an external server without a valid security certificate.
We will therefore discuss security on Windows using techniques to be applied regularly if you use this system.
windows security

1. Programs that run in real time

Windows security is played mainly at the level of the programs run, called processes. At any time you can hold the CTRL + SHIFT + ESC keys on your keyboard to display the Windows Task Manager . Select the Process tab and you will see all the processes currently running on your system.
Check the way in the top menu called View then Refresh Rate . The small circle must be set to Highor Normal to make sure the list is updated.
Back to our processes, you should see the names of the processes displayed in the first column. They end with .exe followed by * 32 for 32-bit processes that run on a 64-bit system. Now we have to know all these processes if possible. You will probably recognize your antivirus, your internet browser and system processes like winlogon.exe, dwm.exe, csrss.exe etc ... It is absolutely not obvious to know them all the more that a malicious program can take n ' any name.
You can right click on the process and then Open the file location to see if it comes from a system location like
C: Windows
or
C: Program Files
Even if it is not 100% reliable, malicious programs rarely ask for administrator rights to remain unobtrusive and therefore do not have the rights to install on these files. If instead it is located in a folder like AppData or Temp it is likely that it is suspect.
To stop it:
Right click -> Stop the process .
And delete the file that appears when you view its location.
I also invite you to read my article on Google , you can search the names of processes and therefore determine if they are legitimate or not. But I admit this method is not obvious to everyone and it can quickly be long and boring.

2. Programs that start up at startup

If you've spotted a suspicious program, it's not enough to stop the process. It must also be verified that it is physically removed from your computer. And check that it does not restart automatically on startup from another folder for example. We will check the locations that Windows uses to launch programs automatically from the start, and know that many malicious programs do.
We will open the Run dialog on Windows XP and type regedit.exe or type it directly in the search bar of the start menu for higher versions.
The Registry Editor opens. Open the keys: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun and HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
For Windows 7 64bits users, you can also check: 
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun and 
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce
You will see in the right part the programs that start automatically when the PC starts. Anything suspicious should be removed (right click -> Delete ). Be careful not to remove everything blindly, legitimate programs such as anti-virus can be found there.
Some folders may also contain programs started at startup, these are:
 C: Users (yourname) AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
and
C: ProgramDataMicrosoftWindowsStartMenuProgramsStartup.
If you find that difficult in advance, you can download free programs like Ccleaner that will automate the search for these folders and registry keys, although I have not personally verified the reliability of these searches.

3. Windows security: general recommendations

Threats also exist through the web. And it works no matter the system, even on mobile devices. We will discuss it in another article because it goes beyond the subject of this article.
Also update all your programs , it will avoid any flaws in the system.
Windows Update allows you to update your system in general, do not neglect the updates of the latter. Also note that the latest version of Avast automatically checks for updates to programs installed on your system.
Windows security is essential you'll understand, but remains quite complex, so note these tips and you will avoid a lot of trouble!