At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.

The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.

Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.

If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.

The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.

There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible.  Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.

While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.

Photo by Glen Carrie on Unsplash

The post How to guide: Check if your Facebook Account has been hacked? appeared first on Hack Ware News.

It’s important for anyone running a Linux server, or any type of server for that matter, secure. Especially if it communicates with the outside world. Servers are like your houses in the digital realm. They have to be kept secure from intruders. So you have a Linux server, here’s how to secure it.

• Keep Your Server Clean and Lean

In other words, keep it simple, but secure. Install the apps and run only the services that you need. Additional apps, introduce vulnerabilities as well as unpatched services that can be exploited by external malicious actors. Keeping the server clean and lean also speeds up its performance. Also, depending on the Linux distro, a number of extra services will be run by default. Keep an eye out for those services. Check if they’re really important and if they are, make sure they’re updated.

A simple netstat –npl command in the terminal will show you all the running services and the ports they use. That’s another thing. These services might be using some ports you want to keep closed. Disable unwanted services with the following command.

Systemctl disable service_name

• Do not Log in as Root

It’s no secret that logging in as Root user gives you unrestricted access to everything in your Linux setup. And for many Linux users, it’s the easiest way to use Linux which is why most newbies log in as Root. Malicious attackers know this too. When users log in as Root, any running apps and services with vulnerabilities also give attackers unlimited access to everything else. The best practice for Linux users, is to create a user with enough sudo access to perform most tasks and only switch to Root when needed.

In Ubuntu for example, you can add a new user with sudo powers by typing in the following at the terminal:

adduser usercansudo

qpasswd –a usercansudo sudo

Afterwards, log out of the system and login as the new user then disable the Root user by editing the sshd_conf file.

Nano /etc/ssh/sshd_conf

Look for this commented item: #PermitRootLogin no

Remove the comment, save the file and restart the ssh service using the following command:

systemctl restart sshd

• Keep the Server to Yourself and others you Trust

Restrict access to your server to just you and others you implicitly trust. In the previous item, create as many users as you can with level access and disable root. The fewer the better though.

• Port Change

When logging in remotely, the default port for ssh is 22 which is what most people, including attackers would do to get into a Linux server. This port can be changed and by changing this port, eavesdroppers, attackers and bots will be left guessing how to log in to your system. It’s simple but effective. To change the ssh port, we go back to the sshd_conf file. You can issue the following commands:

sudo nano /etc/ssh/sshd_conf

Find the commented port line:

#Port 22

Uncomment it and change the port number to something else. Feel free to change 22 to something between 1024 and 32,767 but make sure that no other service uses your chosen number. Then save the file. Restart the ssh service.

systemctl restart sshd

You can check  if it works by logging in through ssh with this command:

ssh -p{port_number}@server_IP

Example:

ssh –p1027 192.168.10.11

• Always Keep Your Server Patched and Updated

You’ve probably read plenty of articles regarding vulnerabilities that no basic user could probably think of but continuously explored by determined hackers out for a quick buck. No server is secure, not even Linux and the best defense for this, apart from a good firewall and anti-malware programs, is to keep your operating system and its packages updated. Always be on the lookout for core or kernel updates.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post How to Secure Your Linux Server appeared first on Hack Ware News.

Our article will cover  few points for people with no experience in cybersecurity or have limited experience.

We receive many emails asking on how to become ethical hacker. Some of more frequent questions “where should I start?”. We will try to answer these questions and give you a more technical details on how to start a career in cybersecurity as a beginner and how to gain more expertise in the domain.

Remember if your goal is to learn hacking for the reason of hacking into your friend’s Facebook account or email, it will not work for you. But if you decided to learn hacking because of your passion for technology and willingness to be an expert in computer systems, things should workout for you!

Career in cybersecurity is more like saying career in Banking. There will be so many niches within the industry from auditing, pentesting, social engineering, digital foresnics, malware / software detecting, etc. You many choose any of the above, however in this article we will cover generic skills that you need before starting your career.

If your background doesn’t bring any experience to the table, don’t worry, we all been there. Nobody has all the necessary skill from beginning. So our advice in your case is to learn absolute fundamentals.

• What is hacking?

Hacking is determining weakness and vulnerabilities of systems and attain access to it.

Ethical hacker have an official and legitimate permission to do a security assessment of a system, but hacker is doing this unauthorized.

Here are some type of hackers for your intro:

Hacktivist – those who hack due to some ideas and to make a statement.

Script kiddie –  they usually use pre-build tools and have no technical skills.

Grey hat  – they reveal the weakens to the company after they get unauthorized access.

Black hat – get unauthorized access

White hat – ethical hacker, they document everything they do and reveal the weaknesses & vulnerabilities to the company.

• What skills required for ethical hacker

– Programming skills

– Fundamentals of Networking

– Operating System

– Get to know as many technology as you can put your hands on

• What to code in ?

To answer this question, one have to consider on what platform you will be working on.

– Web applications: PHP, ASP , JPS

– Mobile apps : Swift/Objective-C, Java( Android) ,

– Software [desktop] : C#, C++, Objective-C

It is necessary to learn the fundamentals of programming, like data types, the variable manipulation at the OS level to the use of functions, etc. Here are some tips to take in consideration:

1. Try to understand the OS level operations on the language you are learning or alternatively learn the assembly language.
2. Keep your self motivated in your learning path and remember to achieve results takes time.

• Here are resources that will help to learn from scratch

1. Breaking into Information Security: Learning the Ropes 101
2. Web Hacking 101

The post How To Become an Ethical Hacker – Beginners Guide appeared first on Hack Ware News.

There are few simple steps to take to hide a drive or to show a drive. 

To hide a drive: 

• Open CMD ( Windows Key + R and type CMD , press enter)

Hide Any Drive in Windows Using Command Prompt

• Type diskpart and press enter, if prompted for UAC (User account control) dialog-box, click Yes
• Type List Volume and enter to list all available drives on your system
• Type select volume e to hide  Volume 0
• remove letter e to hide volume 0

Hide Any Drive in Windows Using Command Prompt

Result

BEFORE

AFTER

To show a drive follow below steps

The post Hide Any Drive in Windows Using Command Prompt appeared first on Hack Ware News.

Many of the hacks happened in the late 2017, signifying that these trends may continue into the New Year, as hackers are essentially human and “old habits die hard. In the meantime, some hackers may modify their methods for system breach for new challenges.

Therefore, the Hackwarenews team has conveniently made a top three “to-do lists” and make sure this list entered into your New Year resolutions.

Fix the micro-processers first

Just after the countdown party, the world’s second largest chipmaker, Intel stunned the world citing its flagships product, the Pentium processers are vulnerable to hack by data-theft bugs such as Meltdown and Spectre.

To be fair, Intel is not alone, as its system is susceptible to Meltdown, other chip designs used in smartphones like Advanced Micro Devices and ARM Holdings fall prey to Spectre. Both Meltdown and Spectre give hackers access to the entire memory contents of computers and later these information can be used for mounting new attacks.

Brian Krzanich, the CEO of Intel then announced over the annual trade show, Consumer Electronics Show (CES) on Tuesday, 9 Jan 2018, that the company will patch up 90% of the processors made over the past 5 years by the end of this week. The remaining 10% will be secured by the end of January 2018.

Beware of QR codes

Many countries are pushing for cashless society, thank to wide-spread use of online shopping popularized by Amazon and Alibaba. More often now, consumers did not need to bring their wallet, full of physical money notes for shopping on malls and outlet stores – all these can be replaced by a swipe or scan from your personal cellphone.

Some shopping outlets even have promotional QR code for consumers to scan and receive discounts. So whenever there is money, thieves will follow, seeking to siphon credits out of unsuspecting eyes.

Behind these QR codes, there might be some embedded code with malicious content that introduced Trojans and viruses to consumers that eventually steal personal information and so on.

Apparently, the QR code scam is rife in China, according to South China Morning Post, with a significant amount of cash siphoned from consumer pockets unknowingly. To protect yourself, you can be prudent to follow some of steps mentioned at scambusters.org.

Don’t be kidnapped by ransomware

Kidnapping has evolved over the physical realm and now it has gone viral. If you own a business, have an office and making profitable returns over the quarters, then you are exposed to such risk.

Just like any classic kidnapping cases, the hackers will block access of computer system from legit users until a ransom is paid. Apparently, such attacks were on the rise in 2017, thanks to the popularity of the infamous WannaCry ransomware.

Into the New Year, with the toughening of cyber-security among the corporate firms, there is a trend that hackers turning to personal devices like cellphones where users stored personal information on credit card or online shopping credit accounts.

Readers can follow this link on the FBI tips on dealing with ransomware threat. However, the site lacks of suggestions on personal protections over ransomware, but the same principles do apply. So for the rest of 2018, be prudent, street-wise and hope for the best!

The post Hacking trends in 2018 appeared first on Hack Ware News.

Googler is a powerful, feature-rich and written in Python. This command line tool lets you access Google  and Google Site Search within the Linux terminal.

It provides an interface from the command line to Google search and displays results inform of title, URL and abstract information in pages, with page navigation similar to that on a GUI web browser.

Users can integrate it with a text-based web browser and open the result directly in the web browser.

Watch the quick demo of Googler.

Google search in Linux CLI

Firstly, let’s install a utility called Googler.  

Users of Ubuntu Linux and its derivatives such as Linux Mint, Xubuntu can install it via this PPA by executing the commands below:

$ sudo add-apt-repository ppa:twodopeshaggy/jarun
$ sudo apt-get update
$ sudo apt-get install googler

The post Google search in Linux CLI appeared first on Hack Ware News.

1. Keylogger

Do you know one of the reasons why the online banking sites sometimes gives you the option to use their virtual keyboard? The answer to that is a simple, the software that makes recording of the key strokes in a sequence called Keylogger!

1. Denial of Service [ DoS/DDoS ]
2. Waterhole attacks
3. Fake WAP
4. Eavesdropping
5. Phishing
6. Virus, Trojan
7. ClickJacking
8. Cookie theft
9. Bait & switch

The post What are Top 10 Common Hacking Techniques? appeared first on Hack Ware News.

The fact is pretty obvious that footprinting is essential to any successful attack. By and large, 70% of any attack should be spent gathering precise footprinting. In doing so, an attacker presumably knows operating system, open ports and any services running on those open ports as well as any vulnerable applications installed.
Certainly, all of this information will be paramount in order to determine the selection of tools and technologies.

There are two different types of footprinting or reconnaissance: active or passive. Each one has pros and cons.

Here let us walk through active footprinting which we interact directly with a target. Active type is more accurate and faster than the passive one. However, it involves more risk of detection and sometimes could get caught unless an attacker has permission in written form.

One of the first steps in any active footprinting is to reduce a set of IP ranges into a targeted and active host.

To achieve this, it does require performing port scanning or Operation system fingerprinting. There are numerous types of port scanners to name. But we will discuss a popular open-source tool called Nmap.

Nmap is a free and open source tool for network discovery and security auditing. It comes with either command line or GUI version. Nmap runs on all major operating systems such as Windows, Linux, and Mac OS X.
Before we start port scanning, we need to understand the TCP three-way Handshake.

TCP three-way Handshake

As a diagram is shown above, the host attempting a connection sends a destination host a packet with a SYN flag. Then, the remote host would check that the proper authorizations are in place for this connection to be made. If all the requirements are met, then the remote host sends the first host a packet with the SYN and ACK flags. Finally, the first host sends a single ACK flag back to the second host, completing the handshake and establishing the connection.

Basic Nmap Scanning

First, we will do basic ping scan which simply pings every IP in a range of IPs and reports any hosts that respond.
As seen below, we scan a range of IP 192.168.56.0/24 that it will diagnose every IP from 192.168.56.0 to 192.168.56.255. So we can see there is a list of hosts on a network.

Based on the scan result below, we have three hosts are up running currently. (192.168.56.101, 192.168.56.102 & 192.168.56.103)

OS Discovery
Next, we will identify what operating system OS the particular host running.

According to the above screenshot, we clearly see the detail information of operating system for two particular hosts.

Comphrensive Nmap Scanning

There is not only very basic scanning with Nmap but also comprehensive investigation like open or close ports and services as well as its version.

Let us examine any open ports, services, and its version.
The Nmap command with -sV option actively probe open ports to determine what service and version they are running.

When performing a version scan (-sV), Nmap sends a series of probes, each of which is assigned a rarity value between one and nine. If we look up the scanning result against 192.168.56.101, we have seen all open ports, type of services running on those ports and its version precisely.

Here is another scanning result for another host 192.168.56.103. Sometimes, the open ports could ensure us the type of operating system as another alternative guess.

Port scanning or OS fingerprinting

Please remember that proper footprinting is a very important fundamental for any successful attack.
There are many tools for port scanning or OS fingerprinting other than Nmap. However, Nmap always stays ahead of the rest.

The post Port scanning or OS fingerprinting appeared first on Hack Ware News.

There is a famous Chinese general Sun Tzu saying about planning, attacking and winning several battles as “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Why is footprinting important? A few reasons are outlined as below.

1. Understand Security Posture
2. Minimize Focus Area
3. Identify Vulnerabilities
4. Draw Network Diagram

The primary objectives of footprinting include gathering information about the target’s network and system, even the organization information.

The quickest reconnaissance is using a search engine to extract information about the target such as types of system, login pages, and employee details.

This method is known as passive footprinting in which an attacker never makes contact with the target system.

Discovery of target’s IP address

We are here to find out the IP address of the target system by means of using the PING utility. Let us pretend the hackwarenews.com as a target.

From the above experiment, the target domain’s IP address is 5.189.142.154. We also get other information on Ping Statistics, such as packets sent, packets received and approximate round-trip time.

Location of web server

We could also find out where the web server has been hosted. In order to do that, it does require to key in the target domain name in https://www.site24x7.com/find-website-location.html and https://check-host.net/ as shown below.

In order to get better and reliable information, we have to gather data from several sources. Based on the findings above, we will know that the target web’s server has been hosted in Munich, Germany.

Revealing of name server and mail address

There are numerous ways of finding the primary name server and responsible mail address as below.

Our target system would work with the primary name server called ns1.contabo.net and the mail system being hosted contabo.de

The above information is essential for an attacker. Last but not least, there are various tools and technologies to get and hack the whole system.

The post Fundamentals of Ethical Hacking appeared first on Hack Ware News.

Penetration testing is a test performed by professional hackers to determine if a system is vulnerable to attack – before the attackers do. In other words if the tested systems defenses were enough and which defenses the test overcome. Majority of professional hackers will use some specific tools to complete the job.

HWN recently talked to security pros and asked them about their most used tools. Below list are those used day to day, while some of them require a license, most of them are free.

>_ Nmap

Network Mapper (Nmap) was first released  20 years ago and it is a security scanner with capabilities ranging from probing networks to OS detection, spoofing, and the features are extensible by scripts to provide more sophisticated service detection, vulnerabilities detection, etc.

>_  Aircrack-ng

This is another well knows day to day complete suite of tools for assessing WiFi networks. It’s focus is on monitoring ( packet capture and export of data to text files ), attacking (replay attacks, deauthentication, fake access points and others via packet injection), testing ( checking WiFi cards and driver capabilities), cracking (WEP and WPA PSK). Aircrack-ng is a fork of the original Aircrack project.

>_ Wifiphisher

This is an effective access point tool for linux that enables automated phishing attacks against WiFi networks by harvesting credential or execute actual infection. Detailed documentation is available on Wifiphisher website.

>_ Burp Suite

Burp is a graphical tool written in Java for testing web apps security.  The free version is limited, but the paid version offers a set of advanced solutions for web application security checks

>_ OWASP ZAP

>_ SQLmap

>_ CME (CrackMapExec)

>_ Impacket

>_PowerSploit

>_ Luckystrike

>_ BeEF (Browser Exploitation Framework)

>_ THC-Hydra

>_ Immunity Inc. – Debugger

>_ Social Engineer Toolkit (SET)

>_ Metasploit

>_ Penetration Testing Tools Cheat Sheet

>_ SecLists

The post Pen Testing Tools The Pros Use appeared first on Hack Ware News.