TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Mac Security: Set a Firmware Password

June 2nd, 2009 by admin in Apple

The biggest risk to your Mac is if it is lost, stolen or physically compromised. If you setup a secure password as discussed previously and the thief can’t login, they can still gain access to all your data using one of the special start-up modes built into all Macs.

These start-up modes include booting from an install DVD and resetting the password, using Target Disk Mode to use your Mac as an external hard disk, or booting into Unix-style Single User Mode.

There is a way to protect your computer by setting a firmware password. The password is written into the computer’s firmware chips on the motherboard and if anyone tries to use a special start-up mode, they will be prompted for that password.

Apple provides a utility for setting a firmware password called Firmware Password Utility.

For Mac OS X 10.5.x, start from the Leopard Install DVD and choose Firmware Password Utility from the Utilities menu.

1. Click to select the checkbox for “Require password to change Open Firmware settings”, as shown below.

Tips & Tricks: Mac Security Fixes: Set a Firmware Password

2. Type your password in the Password and Verify fields.

3. Click OK

4. Click lock icon to prevent further changes

5. Choose Quit from the application menu

Now, if anyone attempts to use any of the special start-up modes, they will be prompted for the firmware password you set.

via: mac101.net

KeyCarbon USB Keylogger

October 8th, 2008 by admin in Apple, Linux, News, windows

I had a chance to review the Keycarbon USB Home Mini this week. I’ve been wanting to try one of these to see how they would compare to a PS/2 keyboard logger, PS/2 is still pretty popular as far as cheaper keyboards but the shift in technology is going more towards USB keyboards. I was pretty impressed by the quality of the keylogger and its simple installation.




Who would need a device like this?

  • Business owners needing to monitor employees
  • Parents needing to monitor children
  • People who might need backups of things they type (writers etc)
  • Private investigators, law enforcement, hackers, James Bond 🙂

Why would someone want a hardware keylogger as opposed to a software based one? Well this question has it’s pros and cons:

The pros are:

  • It’s dead simple to install , just unplug the keyboard,plug this device in , and plug the keyboard into the device ,that’s it!
  • No need for root/admin level permissions to install
  • It can be installed on any system that has a USB port (Windows,Mac,Linux etc)
  • Since it’s hardware-based it wont be detected by antivirus/malware programs ever
  • It picks up EVERYTHING typed, even bios password passwords and log-ons

The cons are:

  • Since it doesn’t interact with the operating system it can’t get the name of windows where the text was typed so it makes it a chore to scan the logs for the juicy information
  • Easy to prevent logging by just removing the logger form the computer (which most people won’t be aware of anyhow, who actually crawls behind their computer everyday?)
  • Recovery of logs might be more difficult because they are stored physically on the device and not sent to a remote location. But if you were able to install it in the first place , then recovering it shouldn’t that much harder.
  • If the person has a PS/2 keyboard you can’t use an adapter because the device needs power from the USB port to work

Recovering the logs from the device can be done on any computer even though they offer the software to recover the logs faster, it’s not needed which makes this device a good tool to have in your arsenal. To recover the logs alls you you need to do is open any text editor (notepad etc…) and type in the password (default password is phxlog) and the device goes into menu mode, where you have a few options to choose
you have open so it’s best to open notepad or wordpad or any *nix/MAC equivalent before typing this. This menu will give you various options for the device ,which are:

  1. Partial/Full Log download
  2. Erase logs (quick or thorough)
  3. Setting the default password (alphanumeric only,under 17 chars)
  4. Firmware upgrade
  5. Diagnostics
  6. Speed (that the logs are typed)

Once you choose read the logs it starts auto typing the logs onto whatever window is open has the main focus (which is why you need to open a text editor).  If you don’t like to wait for it to auto-type (you might have days of saved logs) you can get the software to download it in one swoop. The only problem with the software that as of now it’s only compatible with windows.

Detection of the Device:

Because the device doesnt install into the operating system its pretty much insvisible to the normal user. Only a trained computer expert would notice the device it because the only sign it’s there is that it is seen as a USB hub by the OS. It shows up as a “generic 4 port hub Vid_0451&Pid_2046” Vendor id of 0451 and a product id of 2046, which comes up as a generic Texas instruments device which wont raise many eyebrows. Because it’s a USB 1.1 hub it is possible that it may be discovered if someone plugs a USB 2.0 keyboard inline with it. (They might get a warning message telling them that their device can perform at a higher speed if they use a different port.) But the chances are slim of someone needing to replace their keyboard.

All in all this device is a stable tool to use, it logged with no problems at all with every keyboard/OS i used with it.  Although the price is a little high for most people, it’s well priceless for businesses who need to keep an eye on employees, or a parent who needs to monitor their children’s internet activity. I want to thank Keycarbon for giving me the opportunity to review and test this device. Check out their site for other devices they offer that I didn’t get to review , but are another great alternative to stealth hardware logging.

Reset a lost OS X password

September 6th, 2008 by admin in Apple, News, Password Info

If you’ve forgotten your Mac’s admin account password, don’t worry. Assuming you haven’t locked out OpenFirmware, it’s a pretty simple task to change your password back to something you know.

Here’s how:
(more…)

LastPass – The last browser pass

August 26th, 2008 by Dev Team in News, Password Info, windows

That you’ll ever need?

Windows/Mac/Linux: Firefox extension and Internet Explorer add-on LastPass is a secure password manager for all your web passwords. Like other web-focused password managers, LastPass puts all of your individual passwords behind one master password. When you type in that master password, LastPass can then automatically log you in to any web site you visit with saved login credentials. Even better, LastPass syncs passwords over the internet, so all your saved passwords on your work computer, for example, will always be synced up on your home computer.

  • Create strong passwords, knowing you only have to remember one.
  • Log into your favorite sites with a single click
  • Access and manage your data from multiple computers seamlessly
  • Share logins with friends and let others share logins with you
  • https://lastpass.com

    How To Crack WEP and WPA

    June 29th, 2008 by Dev Team in Password Info, Wireless
    What else are you gonna do next Friday night? Play Counter Strike?
    What else are you gonna do next Friday night? Play Counter Strike?

    (more…)