In Barnes and Noble attempt to censor a magazine article about hacking, that have propelled it into the spotlight. We’ve got the details on this great write up!
PLUS: Moving big files around the world, faster torrents, and Microsoft’s hotmail flaw.
All that and more, in this week’s TechSNAP!
Use our codes TechSNAP10
to save 10% at checkout, or TechSNAP20
to save 20% on hosting!
Limited time offer:
New customers 25% off your entire order, code: 25MAY7
Expires: May 31, 2012
Support the Show:
- Issue #154 of Linux Format magazine has been pulled off shelves at Barnes and Noble stores in the US after complaints about the cover article, ‘Learn To Hack’
- The content of the article has been posted online
- The article walks the user through using the BackTrack Linux, the Penetration Testing distribution in order to exploit a virtual machine, specifically the ‘Metaspoitable’ image, which was setup specifically to contain vulnerabilities for the user to test against and exploit
- The tutorial then walks the user through exploiting a PHP vulnerability to get a shell, and then further exploiting the Debian SSH Key weakness to gain root access to the virtual machine
- The tutorial then moves on from attacking servers to attacking desktop machine
- If you have physical access to a machine, is it trivial to boot from a live cd/usb and access the files on the disks, however if the user has encrypted their home directory (a simple option in newer versions of Ubuntu), then you need to be a bit more devious
- The tutorial walks through using the LiveCD to creating a reverse-tcp shell to allow you to access the system at a later time, once the user has mounted their encrypted /home partition, giving you access to the files
- The tutorial goes on to explain using WireShark to capture unencrypted HTTP credentials and quite a bit more
- Metasploit Testing Lab Setup Instructions
- Metasploitable VM Image
- Researchers discovered a problem with the way hotmail handles password resets
- When you reset a hotmail password, they provide you with a token that allows you to set a new password on the account, the issue is that their code did not properly check the token, and pretty much any non-null value allowed any user to reset any other users’ password
- Microsoft was notified of the flaw on April 20th and responded with a fix within hours, but not before the flaw was widely exploited
- It can be particularly difficult to recover your account from an attack like this if the attacker changed the secret answer questions, removing your further ability to reset the password
- Flaw was discovered by Vulnerability-Lab.com
In this week’s feedback segment, we discuss how ScaleEngine handled the unique challenges of delivering large video files to a global audience in both the short and long term.