All posts in “hacking”

Learn how to use hacking techniques for good by taking this online class

Image: Pexels

Breeched security, fraudulent charges, and compromised data — let’s face it: Hacking doesn’t have a good reputation.

But what you probably didn’t know is people can use their knack for slipping through the web’s tiniest cracks for good, not evil. Ethical hacking exists, whether you’re beefing up a site’s security or detecting foul play on the deep web. 

Want to learn how to hack — ethically, of course? You might want to give this online course about hacking a try.

In order to know how to ethically hack, you need to understand how these smooth criminals infiltrate seemingly secure sites — and this bundle can get you started. With eight courses and more than 67 hours of content, The Ultimate White Hat Hacker 2018 Bundle teaches you how hackers worm their way into Wi-Fi networks, phones, apps, and more.

Once you’ve mastered the hacking basics, you’ll learn how to use those skills for good with platforms like WAPTP v3.1 and Kali Linux, as well as tools like Wireshark, Tcpdump, and Syslog to patrol your network. By the end of the bundle, you’ll know how to monitor your networks, detect hackers, and keep vital information safe from unwanted eyes. 

We love a good deal as much as the next person, but we have to admit picking your own price is far better than any discount. For the next few days, you’ll be able to pay what you want for this bundle. If you beat the average price, you’ll gain lifetime access to all eight courses. Want to pay less? You’ll still walk away with a few great courses from the bundle for a little as a $1. Either way, this deal should not be missed.

MacOS High Sierra vulnerability was publicly disclosed in an Apple forum weeks ago

While Apple scrambles to issue a software fix for a major macOS High Sierra vulnerability, astute observers are wondering what took the company so long to react — after all, the problem was known about weeks ago. 

It seems that on November 13, a commenter on an Apple developer forum disclosed the very vulnerability that today threw the infosec community into a frenzy. Oh, and it was called out 9 days ago on Twitter as well. 

And just how bad is this security threat? Well, it’s not good. Essentially, it gives anyone with access to an unlocked computer the ability to set themselves as the root user — as well as log back in later to the locked computer at a time of their choosing.

To execute the hack, you only needed to go to System Preferences > Users & Groups, then enter “root” as your user name while leaving the password field blank. Try this a few times until you have access. It’s that simple. The exploit was first explained by Apple developer chethan177.

Again, chethan177 posted this on November 13. Apple only issued instructions on how to protect yourself against this on November 28. 

Whether or not anyone tried to responsibly disclose the threat with Apple remains unclear. But the fact that this attack — which in some cases can be performed remotely — was known to some developers weeks before Apple issued a statement about it is sure to turn heads. 

Mashable has reached out to Apple for comment and will update the story as soon as we hear back.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f83312%2f6fc86afc 2462 4d27 8658 951f9fd60c9d

How to protect yourself from the massive macOS High Sierra security vulnerability

So your macOS High Sierra-running machine is vulnerable to hackers. Like, really vulnerable. 

Thankfully, there’s a simple way to protect yourself — so long as you can follow a seven-step process laid out Tuesday by Apple. 

News broke Nov. 28 on Twitter that an attacker could gain root-user access to an unlocked computer simply by typing “root” into the “User Name” field, leaving the password field blank, and hitting “enter” while in the “Users & Groups” section of “System Preferences.”

To make matters worse, if a computer had screen sharing enabled, this could reportedly be exploited remotely. 

Apple is currently scrambling to issue a fix, but in the meantime it published instructions on how to protect your computer. 

“We are working on a software update to address this issue,” the company said in a statement. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012.”

When you click through the link, you find those aforementioned seven steps. 

1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).

2. Click [lock icon], then enter an administrator name and password.

3. Click Login Options.

4. Click Join (or Edit).

5. Click Open Directory Utility.

6. Click [lock icon] in the Directory Utility window, then enter an administrator name and password.

7. From the menu bar in Directory Utility:

       * Choose Edit > Enable Root User, then enter the password that you want to use for the      root user.

       * Or choose Edit > Disable Root User.

Easy right? But wait, there’s more. “If a Root User is already enabled,” the Apple statement continues, “to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Those eight steps are:

1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).

2. Click [lock icon], then enter an administrator name and password.

3. Click Login Options.

4. Click Join (or Edit).

5. Click Open Directory Utility.

6. Click [lock icon] in the Directory Utility window, then enter an administrator name and password.

7. From the menu bar in Directory Utility, choose Edit > Change Root Password…

8. Enter a root password when prompted.

So there you have it. Until Apple releases an official patch, you’ll just have to clean up its mess on your own. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f9%2fde349833 8e9b dccc%2fthumb%2f00001

Apple macOS High Sierra has a huge security flaw, and it’s stupid easy to exploit

Well this isn’t good. A bug in Apple macOS High Sierra can let anyone gain admin access to a Mac. To make matters worse, once that access has been gained, an attacker can later log back into the locked device anytime.

Published to Twitter on Tuesday by software engineer Lemi Orhan Ergin, the vulnerability is alarmingly straightforward. The flaw allows someone to create a kind of phantom profile, one that can log into the Mac with admin access, but it won’t show up on a real admin account.

Once the phantom account is created, a user simply needs to enter “root” as a username and, without entering a password, hit enter to unlock. Importantly, the hacker first has to have access to a unlocked computer to be able to pull this off. But still, it’s bad. 

Mashable confirmed this security flaw exists on macOS High Sierra 10.13.0.

Anyone looking to exploit the flaw would in most cases first need physical access to the machine while an admin is logged in. They would only need access for a few seconds, though, and then could return anytime to log in as an admin.

However, should a vulnerable machine also happen to have screen sharing turned on, it is reportedly remotely vulnerable as well. 

“We are working on a software update to address this issue,” explained Apple when reached for comment. “In the meantime, setting a root password prevents unauthorized access to your Mac.” 

Instructions to do so can be found on an Apple support page

This story has been updated with information about remote exploitation, as well as a statement from Apple.  

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f83312%2f6fc86afc 2462 4d27 8658 951f9fd60c9d