A new post appeared on the WordPress discussion list today revealing more details about the process. Everyone is apparently able to reset a WordPress password if the email address of the WordPress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. WordPress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the WordPress blog.

A temporary fix for the remote admin password reset vulnerability was posted. WordPress administrators need to change one line of code in the wp-login.php file of the WordPress installation to protect their blog from the attack. There is no official release fixing this problem, apply this changeset to your wp-login.php.

change line 190 in wp-login.php to

if ( empty( $key ) )

With

    if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to WordPress installations.

APPLE KEYBOARDS ARE vulnerable to a hack that puts keyloggers and malware directly into the keyboard. This could be a serious problem, and now that the presentation and code is out there, the bad guys will surely be exploiting it.

The vulnerability was discovered by K. Chen, and he gave a talk on it at Blackhat this year. The concept is simple, a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working ram. For the intelligent, this is more than enough space to have a field day.

(more…)

Windows 7 Auto Login/Logon was disabled by default. To log on Windows 7 automatically, you can easily configure it even though you are not a computer expert. Continue for the steps:
(more…)

Newer Version Has Been Released! CLICK HERE!

Based off of the idea of Bryce Whitty’s “Computer Repair Utility Kit” from Technibble.com. The downfalls of Bryce’s idea was that he had the complete package with all the tools offered for download on his site, which of course sucked up bandwidth, and some authors of the applications, while freeware, wanted the only download of their software to be at their own sites.

To bypass these problems Tech Tools uses Ketarin, which is an application downloader that checks to see if an application has been updated and downloads it if so.

So I’ve compiled a list of apps that that were part of the original tool, and either
subtracted or added them due to their portability. i.e. if the program had an installer i didnt include it, I used mostly standlone executables for this first package.

You use Ketarin to first download all your tools and it will automatically extract them to their categorized folders.Once Downloaded you can then open Pstart.exe ,its menu is already configured to show the downloaded tools. You would then use Ketarin weekly to auto-update all these tech tools so you would always have a fresh copy of the program on your USB.

[smartcounter:2]

Version 2.0 update: added more tools and fixed some categories

If you have any questions,bugs, or ideas to include in the next version please visit the topic in our forums
*** THE NIRSOFT TOOLS THAT GET DOWNLOADED FOR PASSWORD RECOVERY GET MISTAKENLY IDENTIFIED AS VIRUS/HACKTOOLS THEY ARE NOT VIRUSES!!!***
I’m trying to keep it up to date every few months to make sure the weblinks to some apps are fixed.

Google Chrome browser is the latest entry into the ongoing web browser’s war which is mainly ruled by IE and Firefox. The word Google behind the Chrome has given it lot of hype and popularity than any other browser got in such a short duration. However some of the features such as searching from the same address bar, thumbnails of top sites, private browsing etc makes it stand apart from other browsers in the market.

Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. Whenever user logins to any website, he/she will be prompted to save the credentials for later use and if user chooses so, then the username & passwords will be stored in internal login database. So next time onwards whenever user visits that website, he/she will be automatically logged in using these stored credentials which saves hassle of entering the credentails every time.

ChromePasswordDecryptor is standalone application which does not require any installation and can be directly executed after copying to local system.

* Launch the ChromePasswordDecryptor on the system.
* By default it will automatically display the default chrome profile path for current user. However you can change the path using the ‘browse’ button besides it.
* Then you can click on ‘Show’ button to decrypt and display all the stored login secrets from Chrome.
* Next you can click on ‘Export’ button to save all the secrets to standard HTML file.
Download chromepassworddecryptor

Many people wonder how their password is obtained from the SAM in Windows. Push The Red Button has an excellent in-depth article on how your password is encrypted and decrypted into a LanMan hash and a NT hash and stored in the SAM.

HalfMask is an experimental approach to masking on password fields. Currently the standard shows bullets or asterisks to hide a user’s password completely as they type. Halfmask avoids this by obscuring the password with semi-visible random characters in the background. The intent is to only allow the user who typed the password to easily read it. Read more about this and test out the demo at :lab.arc90.com

Lifehacker.com had an article the other day that pretty much held your hand on steps to crack a WEP password using BackTrack3. Check it out ::HERE::

Google just added an SMS option to its accounty recovery system, letting anyone who forgets their passwords, or finds it suspiciously locked, set up a mobile phone number to have a recovery password sent to. U.S.-only for now, but Google says it’s working to expand the option. Want to add your phone number to an existing account? Sign into account management, then head to Change Password Recovery Options.

via Google Operating System