Invisible QR codes to combat counterfeit goods.

Invisible codes designed to tackle the issue of fake goods have been created by US researchers.

The Quick Response (QR) codes are more often used in the advertising industry to allow customers access to product information.

The invisible version can be printed onto paper, glass or other materials and is invisible to the naked eye, becoming visible under infrared light.

The code's complexity means they are hard to replicate, researchers said.

Fake goods and banknotes cost governments and industries billions of pounds each year.
Nanoparticles

QR codes can hold up to 100 times more information than traditional barcodes and are widely used in the advertising industry to give people more information about a certain product.

Usually a square of black and white pixels, the codes can be scanned by a smartphone which links users to a website.

The technique, developed by researchers at the University of South Dakota and South Dakota School of Mines and Technology, is intended as a means of authentication rather than information.

The invisible code can be seen under infrared laser light and can be scanned in the traditional manner, using a code scanner application on a smartphone.

The codes are created from tiny nanoparticles, combined with blue and green fluorescence ink. The nanoparticles absorb photons at a non-visible wavelength but emit them in a visible wavelength, a process known as upconversion.
Folding banknote

Created using computer-aided design, the code is then printed onto a surface using an aerosol jet printer.

The process takes about 90 minutes but researchers believe that once the initial code is created, mass printing will take about 15 minutes.

The creators said it also proved robust. To test whether it could withstand the stresses that banknotes regularly undergo, researchers folded paper containing the hidden code 50 times and it still remained readable.

Researchers believe the codes could be printed onto virtually any solid object and will remain "tough to counterfeit".

Jeevan Meruga, lead author of the study, said: "We can also change our parameters to make it even more difficult to counterfeit, such as controlling the intensity of the upconverting light or using inks with a higher weight percentage of nanoparticles.

"We can take the level of security from covert to forensic by simply adding a microscopic message in the QR code, in a different coloured upconverting ink, which then requires a microscope to read the upconverted QR code."

As an added level of security, microscopic or macroscopic letter or symbols can be embedded within the code using different coloured inks.

BBC

Read More

Hackers Aren’t Getting Tougher, They Just Have All The Right Tools

These days, hacking seems so common. It’s like a week won’t pass without hearing news about another site being hacked or passwords being leaked. So the situation begs the questions, “Are passwords getting weaker or are hackers getting tougher?”

To be vigilant in choosing and keeping passwords secured. There are a lot of techniques in doing this like periodically changing your passwords, not telling everyone what your password is, using capital letters interchangeably with characters, numbers, etc. But all these efforts will be for naught if the site doesn’t salt your passwords. Salting passwords means they’re encrypting them so that it can’t be easily acquired. Most sites these days encrypt their users’ passwords but there are still some sites who do without salting. So how come passwords still get hacked if they’re encrypted? The answer is simple: hacking is now made ea

sy.

It’s just that hackers these days have more hacking tools to aide them in their mission. Before, when hacking wasn’t that popular and computers aren’t that fast, hackers used a small list of passwords to guess user passwords. But as the time changed, the list grew. You’d think that hackers would have a tougher time cracking passwords since there’s now a bigger list to go through but you must not forget that computers these days are faster and can churn millions of data at the blink of an eye. Plus the fact that there are a lot of cracking software available these days, acquiring passwords may just be a walk in the park some.

There are two things you need to remember if you want to acquire passwords. First, if you do manage to get passwords of a certain site, there’s a huge possibility that it won’t be of any use to you since it’s hashed. Remember, sites encrypt passwords. So if a user uses the word “password” the hacker won’t see “password” but a code like “dzportsjd342nse9339f93qnnfgk134nsk4g” (not actual code) so he then needs to figure out what the code means before the password can be of any use to him. This is the reason why security companies often remind consumers to use an alphanumeric password, or inject some characters into them and avoid using obvious ones like your name and birthday, so hackers won’t easily access your account. Another thing to remember is to use different passwords for every site so in case one of your accounts gets compromised, your other accounts will still be secured.

The point is, users aren’t to blame if their accounts get hacked, it also doesn’t mean that the security measures of the service you are using is not commendable, hackers just have all the tools they need to do the task. So don’t beat yourself up. Still, it wouldn’t hurt if you make your passwords tougher.

by: 

http://www.facebook.com/HackFuse

Read More

Add-ons for Firefox that help with general web application security

Web Developer Toolbar http://adf.ly/Bndgb
Plain Old Webserver (POW) http://adf.ly/BndkN
XML Developer Toolbar http://adf.ly/BndoJ
Public Fox http://adf.ly/Bndqu
XForms Buddy http://adf.ly/Bnduw
MR Tech Local Install http://adf.ly/Bndza
Nightly Tester Tools http://adf.ly/Bne4H
IE Tab http://adf.ly/Bne7a
User-Agent Switcher  http://adf.ly/BneDM
ServerSwitcher http://adf.ly/BneHY
HeaderMonitor http://adf.ly/BneKj
RefControl http://adf.ly/BneOB
refspoof http://adf.ly/BneSz
No-Referrer  http://adf.ly/BneWu
LocationBar^2 http://adf.ly/BneaM
SpiderZilla http://adf.ly/BnedI
Slogger http://adf.ly/BnehF
Fire Encrypter  http://adf.ly/BnelX

Read More

Modul dan Aplikasi File Lengkap CEH V6

Agak terlambat memang, karena sekarang sudah keluar CEV yang terbaru yaitu versi 7. Tetapi tidak apa-apa, ini bisa menjadi arsip dan pembelajaran kita. Saya akan berikan link download modul dan aplikasi lengkap ceh v6 yang sudah lama saya titipkan di server teman saya. Silahkan langsung saja di download. Berikut link nya :

http://adf.ly/BnbK5

Read More

Anonymous Super Secret - Security Handbook #OpNewblood

---------------------------------------------------------------------------
If you have not gone through the IRC chat client
setup for your operating system, we recommend
you go back and get started there.

Download Here

Read More

Materi-materi belajar keamanan komputer

Berikut ini adalah daftar materi yang mungkin akan dipelajari jika kita akan berkonsentrasi di dunia keamanan komputer. Daftar berikut bukanlah ketentuan baku, tetapi mungkin akan ada materi-materi lain seiring dengan perkembangan teknologi.

Backdooring with Netcat
Rootkit & Housekeeping
Web Application Attack Fundamental
Web Application and CMS Identification
Gaining Access : Web Application Way
SQL Injection : Authentication By Pass
SQL Injection : Extract Data from Database Server
More Advanced Information Gathering
Google Hacking ?Email Harvesting
Maltego
Buffer Overflow 101
Fuzzing Tools and Technique
Fuzzing Method
Reverse and Bind Shellcode
Windows Application Exploitation : Direct RET
Windows Application Exploitation : SEH
Linux Application Exploitation : Direct RET
LibEWF : Expert Witness Format
SleuthKit
SleuthKit : Deleted File Identification and Recovery
SleuthKit : Physical String Search & Allocated Status
SleuthKit : Unallocated Extraction
SleuthKit : File Analysis, ADS
Autopsy
PTK
Memory Forensic
 Footprinting and Reconnaissance
Scanning Networks
Enumeration
System Hacking
Trojans and Backdoors
Viruses and Worms
Sniffers
Social Engineering
Denial of Service
Session Hijacking
Hacking Webservers
Hacking Web Applications
SQL Injection
Hacking Wireless Networks
Evading IDS, Firewalls, and Honeypots
Buffer Overflow
Cryptography
Penetration Testing
Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
(SNMP)
• Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses
Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus
Modifying syslog entries
• Raw binary editing to prevent forensic
investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
Impersonation
• Impersonation of other Users- Hijacking kernel
tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS
Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS
Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image files
• Attacking email vectors (Lotus Notes and
Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003 & Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic
Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an organization
• Inspect changes to whois record over last 3 years
• Windows 2003 Server & Vista DNS Cache
Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP

Selamat belajar! :D

Materi yang ada dalam blog ini hanya untuk pembelajaran saja! Saya tidak menanggung resiko yang ditimbulkan dari penyalahgunaan konten yang ada dalam website ini!

Read More

Basic: Browsing aman menggunakan proxy

Salah satu cara untuk browsing aman adalah menggunakan proxy. Sebeanrnya ini adalah tips yang basic sekali karena sudah hampir semua penggiat IT menggunakan cara ini. Tetapi karena tips ini sangat berguna jadi saya membuat tulisan ini untuk teman-teman yang belum mengerti caranya.

1. Cari ip proxy server. Banyak sekali website penyedia proxy server salah satunya adalah http://www.hidemyass.com. List proxy bisa dilihat di sini http://www.hidemyass.com/proxy-list/. Pilih salah satu ip proxy beserta portnya.

2. Buka browser. Dan setting pada konfigurasi network managernya. Di sini saya menggunakan mozilla. Caranya klik Tools pada Toolbar, kemudian Options, Pada tabs advance pilih tabs network, kemudian klik tombol Settings pada pilihan Connection. Akan muncul seperti gambar di bawah ini :

Pilih pada "Manual proxy configuration" dan isikan ip proxy dan port nya yang sudah di copy dari website tadi. Centang juga pilihan "Use the proxy server for all protocols" kemudian klik OK dan OK. Sekarang Anda telah siap browsing dengan aman.

Selamat mencoba. Semua konten yang ada pada blog ini adalah sebagai pembelajaran semata. Resiko ditanggung penumpang.

Read More

Koleksi Google Dork

filetype:htpasswd htpasswd
intitle:"Index of .htpasswd -intitle:"dist -apache -htpasswd.c
index.of.private
intitle:index.of master.passwd
inurlPfftasslist.txt
intitle:"Index of..etc passwd
intitle:admin intitle:login
Incorrect syntax near
intitle:"the page cannot be found inetmgr
intitle:index.of ws_[You must be registered and logged in to see this link.]
Supplied arguments is not a valid PostgreSQL result _vti_pvt password intitle:index.of (Frontpage)
inurl:backup intitle:index.of inurl:admin
Index of /backup
index.of.password
index.of.winnt

inurl:"auth_user_file.txt
Index of /admin
Index of /password
Index of /mail
Index of / +passwd
Index of / +.htaccess
Index of ftp +.mdb allinurl:/cgi-bin/ +mailto
allintitle: index of/admin
allintitle: index of/root
allintitle: sensitive filetypeGrinoc
allintitle: restricted filetype :mail
allintitle: restricted filetypeGrinoc site:gov
administrator.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
inurlPfftasswd filetype:txt
inurl:admin filetypeGrinb
inurl:iisadmin
inurl:"auth_user_file.txt
inurl:"wwwroot/*.
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of .sh_history
intitle:"Index of .bash_history
intitle:"Index of passwd
intitle:"Index of people.1st
intitle:"Index of pwd.db
intitle:"Index of etc/shadow
intitle:"Index of spwd
intitle:"Index of master.passwd
intitle:"Index of htpasswd
intitle:"Index of members OR accounts
intitle:"Index of user_carts OR user _cart

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetypeGrinoc
allintitle: restricted filetype :mail
allintitle: restricted filetypeGrinoc site:gov
inurlasswd filetype:txt
inurl:admin filetypeGrinb
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."

top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

filetype:inc intext:”mysql_connect”

Yang terakhir command favorit saya :D

Read More

Membangun Penetration Testing Lab

Penetration Testing atau yang sering disebut dengan pentesting adalah suatu kegiatan yang bertujuan untuk mencari kelemahan atau celah keamanan dari sebuah sistem. Pentesting sering dilakukan oleh seseorang yang menekuni dunia keamanan komputer.

Penetration testing tidak boleh dilakukan dengan cara yang asal saja, dengan kata lain seorang pentester (Sebutan dari orang yang melakukan pentesting) memiliki etika kerja sendiri. Salah satunya adalah kegiatan pentesting tersebut tidak boleh merugikan hak milik orang lain. Hal ini sering dilakukan oleh banyak orang yang mengaku bernama hacker. Banyak sekali keuntungannya jika kita memiliki pentest lab sendiri, antara lain :
1. Menghemat bandwith
2. Menghemat waktu
3. Code of ethics
4. Menjaga nama baik
5. Istri tidak bisa mengakses :D (ini jika kita sambil melihat video porno hehe)

Kali ini saya akan mencoba membuat pentest labs sendiri di ruang kerja saya, karena kebetulan ada beberapa komputer yang tidak terpakai. Kira-kira topologi yang akan saya buat adalah sepertidi bawah ini. Harap maklum jika gambarnya jelek, karena hanya menggunakan paint :D

Saya menggunakan tiga buah komputer. Komputer pertama menggunakan freebsd. Komputer pertama ini saya gunakan sebagai gateway+proxy dari speedy. Selain itu juga saya jadikan sebagai web server dan target serangan dalam pembelajaran nanti.

Komputer kedua saya menggunakan linux slackware sebagai alat melakukan pentesting. Komputer ketiga menggunakan windows yang juga sebagai alat pentesting. Memang pentest yang saya bikin kali ini jauh dari cukup karena tidak ada cisco-nya, dan peralatan-peralatan canggih yang lain. Tetapi mungkin sudah cukup untuk mencari celah-celah keamanan. 

Read More

CEH (Certified Ethical Hacker) Material v7

Included:

• Introduction to Ethical Hacking
• Footprinting and Reconnaissance
• Scanning Network
• Emuration
• System Hacking
• Trojans and Backdoors
• Viruses and Worms
• Sniffers
• Social Engineering
• Denial of Service
• Session Hijacking
• Hacking Webserver
• Hacking Web Applications
• SQL Injection
• Hacking Wireless Networks
• Evading IDS, Firewalls and Honeypots
• Buffer Overflows
• Cryptography
• Penetration Testing

Read More