The following tutorial explains how to access an iPhone, iPad or iPod which is password protected.

If you are a Windows user, just download the free s/w iPhone Browser : http://www.brothersoft.com/iphonebrowser-download-190579.html

Connect the device {iPhone,iPod,iPad} and go to the following location.

var/keychains and delete the file, keychain-2.db

Once done, restart the device by pressing down and holding the home button+sleep button for 10 sec. and release when you see the black screen then after 3 sec, press the sleep/power button once

Your idevice will boot up but this time it will not ask for the password as we have deleted the database record for password.

Ron over at SkullSecurity had a great 2 part series on using poorly coded password reset snippits used on popular code sites. He goes into depth about how the password reset works , different methods of resets, and how to use the reverse code to crack itself.
Check it out , it’s a great read:
Hacking Crappy Password Resets – Part 1
Hacking Crappy Password Resets – Part 2

The whole idea of naked password is a jQuery Plugin to encourage your users to enter stronger passwords. Pixelated model Sally tastefully removes items of clothing as the password grows stronger.

http://www.nakedpassword.com

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.

Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here

Lost your IPhone passwords? Just jailbreak it and recover all of them, they’re all in plain-text

Time it takes a hacker’s computer to randomly guess your password:

of course unless they’re using a nice setup and using gpu power

MAPDAV is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user’s password. An administrator could run the output through a cracker and see if their user’s passwords are anything easy to guess.

For example, if we had a passwd file entery such as:
chrisa:x:107:102:Chris Anderson:/home/chrisa:/usr/bin/bash

We could have MAPDAV derrive some possible passwords, such as chrisa, chrisanderson, andersonchris, canderson, ChrisAnderson, Anderson Chris, CHRIS, plus any other combinations you entered. It has quite a few other features you can use to modify the output to have arbitrary characters, be in reverse, and other useful things.

Out of a sample of 30192 users, MAPDAV 1.0p8 cracked 4.7% of the passwords on the default settings, 1.2% of which were NOT the same user/pass. This combind with a good conventional wordlist could give good crack results.

More info: http://mapdav.sourceforge.net

The hackers uncovered the hack in order to run Linux or PS3 consoles, irrespective on the version of firmware the games console was running. They found it was possible to calculate the public private keys, giving users the ability to sign their own software and load it into the PS3. By knowing the private key used by Sony the hackers are able to sign code so that a console can boot directly into Linux. Previous approaches to running the open source OS on a games console were firmware specific and involved messing around with USB sticks.

Read more: http://www.theinquirer.net/inquirer/news/1934470/hackers-mock-sony-ps3#ixzz19cCnto6t
The Inquirer – Computer hardware news and downloads. Visit the download store today.

http://fail0verflow.com/

Darth Null had a nice writeup on how to make crypt(3) rainbow tables. After being told that the salt made it impossible to generate Rainbow Tables, unless you went through the trouble to create 4096 different tables (one for each salt) the reason cited was the presence of the two-character salt at the beginning of the hash. He went out and devised a solution couple of nights later, it was able to actually read, write, and process crypt(3) hashes in their native form (as opposed to a flat hexadecimal dump of the hash). He wanted to submit it for schmoocon but didnt get accepted , so rather than sit on the information, he decided to release it on his blog.

1. Instead of generating 4096 tables of 1-8 character passwords, just create 1 table of 3-10 character passwords, and use the 1st two characters of the plaintext passwords as the salt. (That part will make more sense if you read the paper.)
2. It’s still kind of slow: 9x slower than LM hashes, for example. But CPUs are much faster than they were in 2003, when people first started building tables for LM hashes.
3. It also takes a lot of storage. But storage, likewise, is much cheaper than it was seven years ago.

The whitepaper can be found here: http://bit.ly/ij8hQU

Readers of Gizmodo, Lifehacker and other Gawker Media sites may be among the savviest on the Web, but the most common password for logging into those sites is embarrassingly easy to guess: “123456.” So is the runner-up: “password.”

On Sunday night, hackers posted online a trove of data from Gawker Media’s servers, including the usernames, email addresses and passwords of more than one million registered users. The passwords were originally encrypted, but 188,279 of them were decoded and made public as part of the hack. Using that dataset, we found the 50 most-popular Gawker Media passwords.

At least two popular passwords are science-fiction references: “trustno1″ was Special Agent Mulder’s password on “The X-Files,” and “thx1138″ is a George Lucas film that envisioned a dystopian future. Other popular passwords are just plain-old geeky: “dragon,” “superman,” “princess,” “starwars” and “nintendo.”