Astonished I looked upon Barnaby Jack’s demonstration of “ATM Jacking”. Every script kiddies dream come true of having an ATM machine spew forth a pile of money was being played out by Barnaby Jack on the first day of Black Hat, a annual security conference held by Hackers  along with representatives of federal agencies and corporations. (Link is to Wikipedia Page)

Basically the attacks work simply enough, Barnaby wrote a program that remotely infects the ATM machine, and with the unauthorized software on the ATM he could approach the machine and either press a secret key combo or swipe a special card, and make the ATM unload all it’s cash. Out of 4 ATM brands Barnaby found the first four he tried exploitable, out  of four. “Four for Four” he said. On the first one he used a simple debugging method to launch internet explorer and download his trojan, on another he bought an update license and got the code to send the rootkit as a fake update.

Probably the scariest and most amazing thing, is that he wrote his presentation over a year ago, for the last Black Hat conference, but wasn’t allowed to demo his findings. Since last November the ATM manufacturers have stated that they have fixed all the security holes presented, but Barnaby says there are still more he hasn’t disclosed yet. The types of ATMs effected are the smaller ones that run Windows CE, kiosk style ATM Machines like in gas stations and movie theaters. The larger ones at Banks are more secure and do not rely on dial up modems and public internet lines to connect to their servers.

No related posts.

In light of the recent ban of Facebook in Pakistan I’m going to show you how to bypass any web filter,maintain the highest form of privacy, on ANY computer, and without installing any software or visiting lame “proxy” websites! And it’s all thanks to Torfox, a derivative of Firefox and Tor mashed together! Tor uses multiple layeres of cryptography (hence the Onion routing analogy), ensuring perfect forward secrecy between routers (You and your destination). In short, TOTAL PRIVACY, and BYPASSES WEB FILTERS.

Simply go to http://torfox.org/ and download the portable Torfox Zipped package, and extract it to a folder, preferably on a flash drive.

Then run torfox.exe and it will open a slim looking version of Firfox. The first page won’t load right away, it could take up to three mins to connect, but then once it does, you can surf anywhere, without limits or worries!

Screencast coming soon!

No related posts.

Pretending to be someone your not is always alot of fun, but sometimes it’s actually necessary, like when you are a debt collector and your calls are being screened. This of course as you can guess, be misused quite badly, however to show you how easy it actually is, I’ll guide you through the process of showing a fake number on the Caller ID of whoever you want to call.

Caller ID Spoofing, is actually pretty darn easy!

First, goto this address

http://bluffmycall.com/free/

Fill out the form, you’ll need to put in your own number, and the number you want to call, and the number you want them to see.

Then Dial the phone number that they provide, and after listening to a short ad, they connect the call and spoof everything for you.

Try it out, it’s pretty simple! Remember, don’t do anything illegal, I’m sure all that data gets logged somewhere!

Anyone have any experience with this or any other Caller ID spoofing vendors?

No related posts.

You can script UAC on and off with these commands:

Disable UAC

%windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC

%windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

Shell Execute these commands with any scripting language, or even just by typing them in! But remember, you or your script need administrator rights.

And optionally, the following comand to suppress all elevation consent request and notification:

%windir%\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f

And before you ask, yes, that’s the UAC logo from Quake

Related posts:

1. Creating Hidden Users in Windows for Remote Manageability.

I’ve posted before about a “GodMode” in Win7. This time I will tell you about the other GUID’s that directly access the sub panels with in the GodMode Panel.

Same as before, make a new folder, anywhere, and raname it to one of the names below to create that control panel.

Here are all the GUID codes I could find around the net that activate different control panels:

Related posts:

1. GodMode Cheat codes in Windows 7
2. Get Telnet back in Vista and Win7

Ever have trouble changing your IP address in Windows 7? Just having to adjust to a new operating system is a total shock for most people. All the places where settings used to be are all moved or rearranged. Microsoft really paid attention to making the systems easier to learn for beginners, so if you have never used a pc before that’s great but for those of us who have, relearning actually puts us to a disadvantage.

Win7 has cheat codes?

Enter the “Godmode” Folder. Ok I know that this is not a new trick, and that it’s been brought back to life by the colorful naming but I must admit, I like it easy, and “Godmode” makes it easy. I have found this to be quite useful so I decided I would share it with you.

Godmode is a reference to the old IDDQD cheat code in ID Software’s Doom game series. IDDQD made your player invincible ie: godlike.  IDKFA gave the player all the weapons, and all the keys to all  the doors in the game. This is kinda similar to the latter as it gives you every control panel that is spread throughout the computer, on one screen. I remember how difficult it was to find the new Add Remove Programs, well not anymore! IP address settings? Not any more! This is pretty humorous as “Godmode” really has nothing to do with creating Control Panel Icons.

Gaining this super elite Godmode over your computer is actually pretty simple! Just create a folder, anywhere, and rename it to: GODMODE.{ED7BA470-8E54-465E-825C-99712043E01C}

You can copy / paste that into the rename field to make it easier. This will grant you access to ALL system settings in one location. Which in Win7 can be pretty handy. If you’re like the average person, finding where Microsoft has moved everything to can be tiresome. Having it all in one place is really helpful.

Want to really impress your friends? Well Godmode has nothing to do with this Hack. Actually the GUI ID in the name is everything to do with it, that word in front of the period is just what the folder will end up being named. The word before the period/fullstop can be whatever you want to call the folder. So Green_CompleX.{ED7BA470-8E54-465E-825C-99712043E01C} Would work just as well, but the functionality is really the most interesting part of all. Enjoy exploring all those hard to find settings!

Just right click your desktop, and goto new, then click on folder name it:

GODMODE.{ED7BA470-8E54-465E-825C-99712043E01C}

Some Screenies for the nonbelievers:

And the coup de gras:

*Special thanks to a reader for pointing out my typo in the Cheat code for DOOM..

Related posts:

1. Win7 GUID Codes
2. Windows 7 Review

What is CHDK? It’s a firmware enhancement (I like that word because it’s not a replacment) that work on many of Canons Cameras. CHDK gets loaded into your camera’s memory upon bootup (either manually or automatically). It provides additional functionality beyond that currently provided by the native camera firmware. The CHDK project allows users to non-destructively modify the firmware and write custom programs with new features.

CHDK is not a permanent firmware upgrade: you decide how it is loaded (manually or automatically) and you can always easily remove it.

Quick answers to 7 key questions about CHDK:

1. What is CHDK?

CHDK is not just one thing! The term CHDK refers to free software – currently available for many (but not all) Canon PowerShot compact digital cameras – that you can load onto your camera’s memory card to give your camera greatly enhanced capabilities.

2. Am I likely to be interested in CHDK?

The enhanced capabilities that CHDK provides are most likely to be of interest to experienced photographers – if you believe that your Canon PowerShot camera already has more features than you will ever need, you probably won’t be interested in CHDK.

3. Is CHDK safe to use?

Probably. See this page for more information

4. How does CHDK work?

CHDK makes use of the microprocessor that controls the camera (every digital camera contains a microprocessor) to act as a programmable computer that provides the extra capabilities.

5. What extra capabilities does CHDK provide?

The current set of extra capabilities fall into six categories:

a. Enhanced ways of recording images – you can capture still pictures in RAW format (as well as JPEG), and for video images you can have increased recording time and length (1 hour or 2 GB), and a greatly increased range of compression options.

b. Additional data displays on the LCD screen – histogram, battery life indicator, depth of field, and many more.

c. Additional photographic settings that are not available on the camera by itself – longer exposure times (up to 65 seconds), faster shutter speeds (1/25,000 sec, and faster in some cases), automatic bracketing of exposure, etc.

d. The ability for the camera to run programs (‘scripts’, written in a micro-version of the BASIC language) stored on the memory card – these programs allow you to set the camera to perform a sequence of operations under the control of the program. For example, a camera can be programmed to take multiple pictures for focus bracketing, or take a picture when it detects that something in the field of view moves or changes brightness.

e. The ability to take a picture, or start a program on the memory card, by sending a signal into the USB port – you can use the USB cable to take a picture remotely.

f. The ability to do a number of other more useful (and fun) things, such as act as a mini file browser for the memory card, let you play games on the LCD screen, etc.

6. What else should I know?

Developers around the world are continuing to add new features to CHDK. Because the idea of using the camera’s microprocessor is so flexible, various developers have made different versions of CHDK, and new features continue to be developed – for example, one version of CHDK has features assist in taking stereo photographs, and even allows two cameras to be synchronized to take pictures at the same time (with an accuracy of better than 0.1 milliseconds, providing they are the same camera model).

7. How do I get started with CHDK?

See CHDK for Dummies and the Firmware Usage page !!!

(http://chdk.wikia.com/wiki/FAQ , http://chdk.wikia.com/wiki/CHDK_for_Dummies and http://chdk.wikia.com/wiki/CHDK_firmware_usage)

A sampling of those additional features/functionality.

Main features:

• Save images in RAW format
• Ability to run “Scripts” to automate the camera
• Live histogram (RGB, blended, luminance and for each RGB channel)
• Zebra mode (blinking highlights and shadows to show over/under exposed areas)
• An “always on” full range Battery indicator
• Ability to turn off automatic dark-frame subtraction
• a higher compression movie mode, and double the maximum video file size
• exposure times as long as 65 seconds
• exposure times as little as 1/10,000 of a second
• ability to use the USB port for a remote trigger input

Additional features:

• a depth-of-field (DOF)-calculator
• File browser
• Text reader
• Calendar
• Some fun tools and games

Why would I want to use CHDK?

• To get Raw file capability on cameras that don’t have that ability
• To get the ability to use scripts
• to be able to know the battery status at all times (not just when it’s about to run out of power)
• you want or need any of the other enhancement features that CHDK provides

What are scripts? Scripts are BASIC language programs that give you the ability to control the operation of the camera under program control. They have been used to add or extend the native capability of the camera: more flexible intervalometers, extended-range exposure compensation, extended bracketing ability, lightning photography, etc. See the script pages for more details.

Beyond “Standard” CHDK

Several developers have extended the basic features of CHDK to add additional major functions. You’ll find these extended features in “special builds”.

There are several “Motion Detection” versions available that allow scripts to detect when motion (or any change in light intensity) occurs in one or more predefined regions of the images (the script can then take a photograph, a video, start a timer, etc) and there are some *very* cool applications based on this implementation.

There is a “Stereo Data Maker” (SDM) version, specifically geared to stereo image applications (which also incorporates the Motion Detection routines).

Additional video compression options (more or less), and the ability to go beyond the 1 Gbyte limit.

Use your USB port as a remote control / “cable release”.

See the CHDK Special Builds section at the bottom of the front page for more information, and then follow the links to the developers’ pages for the details.

Related posts:

1. How to “Hack” your Canon Camera
2. Toshiba 3D TV sports major Hardware

Sometimes we need to remotly checkup on our network users using tools such as the Kaspersky Administration Kit, GoverLan, GFI Lan Guard, or the like. Or maybe we need to see what services they are running to check for spyware, or what printers are installed, etc. Well Microsoft has made this a breeze with Active Directory Servers, Domains, and Windows XP Pro and Vista Buisness.

Hidden Users added secretly... lol

@echo off
set UserID=MySeceretUser
set FullName=Doe, John set Comment=Administrative user
set Password=MySeceretPassword
REM Create the user:
net user "%UserID%" "%Password%" /fullname:"%FullName%" /usercomment:"%Comment%" /add
REM Add him to the Administrators group:
net localgroup "Administrators" "%UserID%" /add
REM Remove account from logon screen:
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /d "%UserID%" /t REG_DWORD /v "0"

Related posts:

1. Get the logged on username in .VBS
2. AT&T Settings for Media Net Plan on Blackberry