tv-300x2241

There are a large number of websites and programs that prompt end users to save passwords on their personal computer(s). Popular web browsers such as Mozilla Firefox, Internet Explorer, Google Chrome, and instant messaging software like Windows Live Messenger are capable of saving user logins and passwords on the local computer. A common task that arises for the end-user is to find stored passwords on a computer in order to recover lost or forgotten access information. Depending on the application being used, operating system, and specific user permissions, the task can be as easy as choosing some options in the OS or having to download specific tools to crack the password file hash.

How to Find Stored Passwords in Windows XP

Microsoft Windows has the capability to manage stored user names and passwords for individual users so unique software may not be required for this purpose.

Step 1 – Click on the “Start” menu button and launch the “Control Panel”.

Step 2 – Locate the “Pick a category” menu label the select “User Accounts” menu option.

Step 3 – Open the “Stored User Names and Passwords” menu option by selecting “Manage my network passwords” beneath the “Related Tasks” menu label. If you are logged in as an administrator, select your user account. Then under related tasks choose the “Manage my network passwords.”

Step 4 – View the list of stored usernames and passwords.

How to Find Stored Passwords in Windows 7

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “User Accounts”

Step 3 – In the left pane, click “Manage your network passwords”.

How to Find Stored Passwords in Windows 8

Step 1 – Click on the “Start” menu button and launch “Control Panel”.

Step 2 – Click on “User Accounts and Family Safety”, then on “Credential Manager”

How to View Stored Passwords on a MAC

On computers than run the Mac OS X operating system, when a user tells their computer to store a password associated with an application, website, or wireless network, the information is saved on the computer’s hard drive. OS X uses the Keychain Access utility to help Mac users to look-up and manage their stored passwords.

Step 1 – Launch the OS X “Finder” by clicking the menu icon on the computer’s dock. Then, navigate to the “Utilities” folder which is located under the “Applications” section on the Mac hard drive.

Step 2 – Open the “Keychain Access” program icon to launch the password utility application. Then, select “Passwords” from the options located in the lower left corner of the program window.

Step 3 – From the list find the application, web site or network name associated with the password you want to view and double click on it. A new window showing information about it will display.

Step 4 – Click on the “Show password” checkbox to reveal the password. You will be asked to enter your user password, and click “Allow”, in order to see it. Once you do it will be visible in the “Show password” field.

How to Find Stored Passwords in Firefox

The Mozilla FireFox Password Manager application stores user names and passwords on your computer’s hard drive and will automatically enter the data when visiting websites that require the information.

Steps to Use the Mozilla FireFox Password Manager

Step 1 – Launch Mozilla Firefox by double clicking the program icon on your computer’s desktop.

Step 2 – Select the “FireFox” menu button and then click the “Options” menu choice.

Step 3 – Select the “Security” menu tab that is located at the upper portion of the “Options” window.

Step 4 – Select the “Remember Passwords for Sites” check box if not already selected.

Step 5 – Log into a website that requires a username and password. Choose the “Remember” menu button on the subsequently displayed dialog box to save a new password in the FireFox Password Manager. Alternatively, you can choose the “Never for This Site” menu option to add an exception to the Password manger.

Step 6 – Choose the “Exceptions” menu button in FireFox to view the current exception list that the web browser is configured to never save a password. Sites can be removed from this list by clicking the “Remove All” menu button (removes all exceptions) or individually by selecting a site and choosing the “Remove” button.

Step 7 – View the saved passwords in the Password Manager by selecting the “Saved Passwords” menu button. You can also remove passwords from this window by clicking the “Remove All” or “Remove” menu buttons.

Steps to Change the FireFox Password Manager Master Password

The FireFox master password is used to protect the master key for the FireFox browser on your computer. The master key is used to encrypt email passwords, web site passwords, and other potentially sensitive information stored by the Form and Password Manager on your computer.

Step 1 – Launch Mozilla FireFox by double clicking the program icon.

Step 2 – Select the “FireFox” menu button, then click the “Options” menu choice, and choose the “Security” tab.

Step 3 – If the “Use a master password” checkbox is not selected you don’t have a master password. If it is selected then click on the “Change Master Password” button.

Step 4 – Enter your current password, and then in the fields below enter and re-enter the new password you wish to set.

How to Recover Passwords Hidden Behind Asterisks

A common problem that arises for end-users is determining what passwords are saved by their web browser if they do not have access to the Password Manager or equivalent application on their computer. The BulletsPassView utility is one of the most used freeware applications capable of performing this task. The program is a tool that is designed to reveal the passwords stored behind the asterisks in the standard password text box on the Windows operating system and Internet Explorer web browsers.

Improvements made to the BulletsPassView application from the legacy Asterisk Logger utility include support for Windows 7/8/Vista, support for Internet Explorer password text boxes, improved command line support, Unicode support to properly capture non-English language passwords, and not revealing the password inside of the password text-box itself (inside of the main window of the application only). The new version of BulletsPassView does have limitations; however, as it is not able to retrieve passwords displayed in the Chrome, FireFox, or Opera web browsers as well as the network and dial-up passwords on Windows. This is due to the fact that these applications do not save the password stored behind the asterisks to improve security.

Steps to Use BulletsPassView

Step 1 – Download the appropriate version of BulletsPassView for your computer. Please note that if you are using a 64 bit Windows computer there is a different version of the software than for 32 bit computers. You can tell if your Windows computer is a 64 bit by selecting “Start,” “Control Panel,” and “System” menu options and the OS type will be listed about half-way down the subsequently displayed screen.

Step 2 – Double-click the executable file downloaded to launch the application. The BulletsPassView program does not require an installation process. On launch, the program will make a first scan to locate any password text-boxes actively displayed and show the result on the program’s main window.

Step 3 – Open a website in Internet Explorer that has a password saved which you need to recover. Then click the “Refresh” menu button on BulletsPassView or press the “F5” key on your computer to display the password. Alternatively, the application supports an “Auto Refresh” option that is selectable under the “Options” menu to automatically scan for new passwords every few minutes.

Step 4 – Open the Windows command prompt by selecting the “Start” menu button and entering “CMD” in the search text field. Then, enter the fully qualified path to the BulletsPassView application and include “/stext <Filename>” followed by pressing the “Enter” key. This will save the list of passwords currently displayed on the computer’s screen to save the information in a simple text file.

BulletsPassView Command Line Options

BulletsPassView supports a number of command line options to save on-screen data into a number of formats to include text, XML, HTML, CSV.

/stext <Filename>       Save the list of bullet passwords into simple text file.

/stab <Filename>         Save the list of bullet passwords into a tab-delimited text file.

/scomma <Filename> Save the list of bullet passwords into a comma-delimited text file (csv).

/stabular <Filename>   Save the list of bullet passwords into a tabular text file.

/shtml <Filename>      Save the list of bullet passwords into HTML file (Horizontal).

/sverhtml <Filename>  Save the list of bullet passwords into HTML file (Vertical).

/sxml <Filename>        Save the list of bullet passwords into XML file.

 

Find Stored Passwords Using Cain & Abel

Cain & Abel is able to disclose or recover stored passwords on computers using the Windows operating system (OS). The application is distributed as freeware and includes the capability to conduct password-box revealing, network sniffing, brute-force, and dictionary attacks. The application does not exploit software bugs or vulnerabilities to ensure a higher quality of service. The primary purpose of the software is to simplify the recovery of passwords and credentials for network administrators, security professionals, and security software vendors. The current version of the software is faster than previous versions and provides support for encrypted protocols such as SSH-1 and HTTPS.

Find Stored Passwords in ZIP Files Using ALZip

ALZip is freeware produced by ESTSoft and is designed to recover lost or forgotten passwords from ZIP files. ALZip allows end-users to compress, uncompress, and recover lost passwords for zip file archives. The application has a “Password Recovery” menu option that when selected will recover the lost information for the end-user.

Other Popular Password Recovery Tools

Some of the other popular password recovery tools found are the freeware utilities produced by NirSoftFreeware, Ultimate ZIP Cracker, and the Password Recovery Tool for MS Access 1.

NirSoftFreeware has a number of handy freeware utilities for recovering lost passwords from IE, Outlook, and various Instant Messaging clients.

Ultimate ZIP Cracker (shareware from VDGSoftware) recovers passwords from ZIP, ARJ, MS Word, and MS Excel formats. The program supports Brute Force attacks, Smart, Dictionary, Date, and Customized searches when recovering passwords associated with the supported file formats.

Password Recovery Tool for MS Access 1 (from Hongxin Technology & Trade) is a free tool to recover MS Access passwords. The application provides support for MS Access database files through the 2003 version. The ability to recover passwords for newer versions of Access is not stated to be supported.

tv-virus

The six-year old Conficker worm is still a major presence in the threat landscape, accounting for 38% of all detections in the first half of 2014, according to security vendor F-Secure’s latest Threat Report.

The Finnish firm’s H1 round-up found, by contrast, that detection’s of malicious Java plug-ins in the browser dropped from over 40% last year to just 11% in the first six months of 2014.

“Finally, the current versions of Java are such that there are too many hurdles in the way for Java to be easily exploited,” commented security adviser Sean Sullivan during a webcast to discuss the report.

F-Secure chief research officer, Mikko Hypponen, added that Conficker’s persistence is likely down to regions in which there are still a large number of legacy systems and high piracy rates. Brazil, for example, was the number one country when it came to Conficker detection’s, he said.

“When you’re running pirated versions of applications or the operating system itself patching is more problematic, so you have more security problems,” Hypponen added.

Web-based attacks, during which malware redirects the victim’s browser to malicious sites, accounted for 20% of detection’s, with ‘other’ taking up the remaining 38%.

Elsewhere, F-Secure spotted 25 new malware variants specifically targeting Mac machines.

Although their capabilities and distribution methods are becoming more sophisticated, Hypponen   claimed that “the situation isn’t out of hand” on the Apple platform, relative to Windows PCs and Android mobile devices for which there are far greater numbers of malware variants.

The Google mobile platform, for example, witnessed 294 new malware families or variants in the first half of this year, compared to just one for the more tightly controlled iOS ecosystem, according to the report.

The other notable trend of the period was a growth in ransomware activity on desktop and mobile platforms, with the likes of Cryptolocker, Koler, Slocker and other malware all causing problems for users, said F-Secure.

Posted: 06/09/2014 in Apple, Cyber Crime, Hacking, Mac, malware
Tags: , , , ,
tv crime2Until now we have seen a series of different malware targeting Windows operating system and not Mac, thanks to Apple in way it safeguard its devices’ security. But with time, cyber criminals and malware authors have found ways to exploit Mac as well.
GROUP BEHIND THE MAC VERSION OF BACKDOOR
Researchers have unmasked a group of cyber criminals that has recently started using a new variant of XSLCmd backdoor program to target Mac OS X systems. This Mac version of backdoor shares a significant portion of its code with the Windows version of the same backdoor that has been around since at least 2009.
According to FireEye researchers, the group, dubbed as GREF, is already infamous for its past cyber espionage attacks against the US Defense Industrial Base (DIB), companies from the electronics and engineering sectors worldwide, foundations and other NGO’s as well.

We track this threat group as “GREF” due to their propensity to use a variety of Google references in their activities – some of which will be outlined later in this report. Our tracking of GREF dates back to at least the 2009 timeframe, but we believe they were active prior to this time as well.” researcher said.

WINDOWS MALWARE NOW TARGETING MAC OS X
The malicious program used by the group has ability to open a reverse shell, list and transfer files and install additional malware on the computer it infects. The Mac version of backdoor can also log keystrokes as well as capture screenshots. The group has been using the same XSLCmd backdoor to target Windows users for years.

The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.

HOW BACKDOOR HIDE ITSELF
Once installed on a Macintosh computer, the malware copies itself to /Library/Logs/clipboardd and$HOME/Library/LaunchAgents/clipboardd. The malware also creates a com.apple.service.clipboardd.plistfile to ensure its execution after the system reboots.
The code contained in the malware checks for the OS X version of the devices, but account for version 10.8 (Mountain Lion) and versions older than that. This indicates that the malware lack in support for OS X version 10.9, the current version of Mac.
Indeed, this specific sample of malware “..uses an API from the private Admin framework that is no longer exported in 10.9, causing it to crash.
GROWING MARKET OF MAC MALWARE
In a follow-up blog titled, Apple OS X: Security Through Obscurity is becoming an Absurdity, FireEye researchers mention Forrester in claiming that the usage of Apple devices is growing rapidly with 52 percent of newly issued computers in the enterprise being Macs.
Since 41 percent of enterprise including VIPs, executives and manager level employees are Apple users, they automatically becomes the prime and rich targets of the cyber criminals. So, cyber criminals are trying every effort to turn malicious and complex Windows malwares to target Mac users.

 

Originally posted on Naked Security:

The FBI says it is investigating the alleged theft of nude and other photos of female celebrities, including Jennifer Lawrence and Rihanna.

Jennifer Lawrence by Gage Skidmore. WikipediaFBI Spokesperson Laura Eimiller told NBC News:

The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.

Meanwhile, Apple also said that it is “actively investigating” the theft of personal images after it was alleged that its iCloud service was exploited by the person who posted the photos online. Speaking to Recode, Apple spokeswoman Natalie Kerris said:

We take user privacy very seriously and are actively investigating this report.

Though it hasn’t been confirmed, many sources have speculated that the photos were stolen from iCloud accounts.

Actress Kirsten Dunst, also named on the list, appears to think her photos were taken…

View original 294 more words

Windows TV

Microsoft on Friday quietly urged its users to uninstall the most recent round of security updates, after reports emerged that it crippled their computers with the infamous “Blue Screens of Death” (BSoD), which is really a matter of shame for one of the largest technology giants.
Microsoft released security updates on its August Patch Tuesday that addressed privilege escalation vulnerabilities but an apparent font cache clearing issue caused Windows boxes to turn the colour of the screen to Blue.
The tech giant forced to make this decision after hundreds of complaints, regarding the infamous Blue Screen of Death error, were sent to the company. This was not the only update to be made last week.

The offending Microsoft patch identified as MS 14-045, one of the nine updates which fixes three security issues including one in the Windows kernel – the heart of the operating system – can cause system crashes forcing users to reboot it.

Soon after the initial release of the patch, the issue surfaced on Microsoft’s support forum with a post from a member named Xformer complaining of “Stop 0x50 errors,” aka blue screen after applying any of four updates (KB2982791 KB2970228 KB2975719 or KB2975331).
If you update your Windows with the update, a message flashed on the screen that reads: “Your PC ran into a problem and needs to restart. We’re just collecting some error info and then we’ll restart for you (0% complete).
Installation went smoothly. After rebooting everything worked fine. But when I shut down my notebook and switched it on a little later it came up with a blue screen with a Stop 0x50 in Win32k.sys. I could not even boot into safe mode as Windows failed to start no matter which mode chose“, Xformer explained on Microsoft’s support discussion forum.
The vast majority of complaints came from the users running Windows 7 PCs with the 64bit version, and as a response, Microsoft published a FAQ for the update which includes an official and detailed explanation stated:

Microsoft revised this bulletin to address known issues associated with installation of security update 2982791. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. Microsoft recommends that customers uninstall this update.

An additional precaution from the company’s side is that it has removed the download links to the 2982791 security update. How to uninstall this update, see Microsoft Knowledge Base Article 2982791.
Microsoft asserts that investigations are ongoing, following the instructions to uninstall the updates. According to the company, the issue could also be the result of three prior updates, from which #3 is the most severe:
KNOWN ISSUE 3
Microsoft is investigating behavior in which systems may crash with a 0x50 Stop error message (bugcheck) after any of the following updates are installed:
  • 2982791 MS14-045: Description of the security update for kernel-mode drivers: August 12, 2014
  • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
  • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
  • 2975331 August 2014 update rollup for Windows RT, Windows 8, and Windows Server 2012
This condition may be persistent and may prevent the system from starting correctly.
The uninstall instructions are long and involved in the Knowledge Base articles as mentioned above, but users are recommended to uninstall the buggy update as soon as possible.

 

facebookTVAmerican singer and actress Taylor Swift has lost her scam mojo, as her fake sex tape spreading on Facebook was excluded from the top ten most successful scams, according to Bitdefender. An analysis revealed the celebrity is no longer as popular as last year, when bogus videos of her managed to spread malware on the social network.

Millions of users fall for Facebook scams every year and while Taylor Swift no longer features in the top 10, Rihanna continues to be the most tempting celebrity used as a hook for malware delivery via social media.

A free trip to Disneyland was also excluded from the list, while “guess who viewed your profile” scams keep a steady first place in the panel, comprising almost one third of the total. “Change your Facebook color” schemes now circulate internationally and claim 7.38 per cent of the total number of scams.

“Why do people still want to see who has been taking a peek at their profile, despite all security warnings? I think they believe these are legitimate apps,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “This is social engineering at its finest – a challenging mental game that pushes the right psychological buttons. The baits have changed over time, with stalkers, peekers, admirers, overly attached girlfriends and exes haunting you, but the reason this scam works is simple: human nature.”

The past couple of years have seen a proliferation of Facebook scams to parallel the social networking platform’s growth. Here are the ten most widespread in a list that also shows their proportions and targeted countries.want-to-see-who-views-your-facbeook-profile-420x500

The top 10 Facebook scams are:

1. Total profile views/visitors (Check out now who viewed your profile) – 30.20% (UK/US, Australia).
2. Change your Facebook Color/Colour – 7.38% (UK/US, Australia).
3. Rihanna sex tape with her boyfriend – 4.76% (UK/US, Australia).
4. Check my status update to get free Facebook T-shirt from Facebook – 4.21% (UK/US, Australia).
5. Say goodbye to Blue Facebook (Dites Aurevoir au Facebok BLEU) – 2.76% (France).
6. Unsealed. We are giving them away for free – 2.41% (UK/US, Australia).
7. Check if a friend has deleted you – 2.27% (UK/US, Australia).
8. See your top 10 profile peekers here! – 1.74% (UK/US, Australia).
9. Find out how to see who viewed your profile – 1.55% (Spanish-speaking countries).
10. Just changed my Facebook theme. It’s amazing – 1.50% (UK/US, Australia).

Bitdefender research also shows an increasing amount of viral video scams abusing Facebook’s like and share options. In the last year, fraudulent websites that use likejacking and YouTube have spread not only in English, but also in German, Chinese, and Italian.

 

 

tv crime2
Government CIO says National Research Council was hit by intrusion from ‘sophisticated’ state-sponsored actor

The Canadian government has said it will take it a year to build a more secure IT infrastructure after the National Research Council (NRC) was hit by a recent cyber attack it’s blaming on Beijing.

In a brief statement, the NRC said that intelligence agency the Communications Security Establishment had recently “detected and confirmed” an intrusion into its infrastructure.

“Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the Privacy Commissioner. NRC has also taken steps to inform its clients and stakeholders about this situation,” it added.

“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure. This could take approximately one year however; every step is being taken to minimize disruption.”

A separate statement by the Government of Canada CIO went further, claiming the attack was perpetrated by a “highly sophisticated Chinese state-sponsored actor”.

“While the National Research Council’s networks do not currently operate within the broader Government of Canada network, since the detection and confirmation of the cyber intrusion, the National Research Council’s networks have been isolated from the broader Government of Canada network as a precautionary measure,” it added.

“We have no evidence that data compromises have occurred on the broader Government of Canada network.

China appears to have assumed its typical stance in response to such allegations – outright denial.

Yang Yundong, a Chinese embassy spokesman in Ottowa, emailed Bloomberg to angrily refute what he described as “groundless allegations”.

The question now remains whether, after potentially a whole year, the NRC’s newly fortified security systems will be up to the task of defending against the next generation of advanced attacks no doubt currently being developed by nation states.

Amichai Shulman, CTO of security firm Imperva, argued that any “meaningful change” to IT infrastructure takes time.

“It is quite obvious today that adopting a technology across a large organization takes more time than it takes for the next technology to emerge,” he told Infosecur

“This is the reality and we should embrace it. Organizations find different ways to handle this risk in the general IT domain and particularly in the IT security domain.”

Planning infrastructure changes with “visionary consultants” and installing products from vendors who have capabilities “on top of market requirements” are just two ways to future-proof systems, he added.

“Moreover, by working with vendors who provide holistic solutions rather than niche products and system integrators who provide the integration between products of different domains the organization is better fitted for the unforeseen challenges of the day after deployment ends,” claimed Shulman.

Richard Cassidy, senior solutions architect at Alert Logic, argued that auditing and continual review of “security systems, practices and data” can help organizations stay one step ahead of more advanced threats.
“It is positive that the need to review existing infrastructure and practices has been identified, but more importantly for NRC is in the understanding on why the incident occurred and how they can assure they put in place processes around existing available technologies to continually monitor, review and respond to anomalies, suspicious activity or unauthorized access attempts to critical assets once the new infrastructure is implemented,” he added

Reported by Infosecurity