Author: DN

Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI

Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).

To get it up and running make sure you do:

apt-get install qt4-dev-tools

Running Gerix Wireless 802.11 Hacking Tool

$ python gerix.py

You can download Gerix here:

gerix-wifi-cracker-master.zip

Or read more here.

Read the rest of Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI now! Only available at Darknet.

Twitter API Bug Enables Third Party Access to User Data

The researcher submitted his discoveries through HackerOne on November 6 and the issue was acknowledged around the same time subsequent to giving elucidations and exhibiting the privacy violation problem.

Nonetheless Twitter settled the issue on December 6 subsequently informing the analyst that he could distribute the subtleties of his report.

Samsung fixed three vulnerabilities that allowed hackers to take control of users’ accounts.



A Cross-Site Request Forgery (CSRF) vulnerability in Samsung’s account management system has been taken care of by the company. The vulnerability which was identified by Artem Moskowsky, a Ukrainian bug bounty hunter, allowed hackers to take over any Samsung account by exploiting the users’ gullibility and make them access an infected link.

What is CSRF?  

The vulnerability is classified as a CSRF as it allows fraudsters to manipulate user consciousness and make hidden commands operational on other websites the users are currently logged into while they are browsing the hacker’s site.

Notably, three CSRF issues were found in Samsung’s account management system.

While the first one allowed a hacker to make alterations in the profile details, the second one led them to disable two-factor authentication (in case of being enabled) and the last and the most disastrous one permitted attackers to change an account’s security question and answer.

Once exploited, the vulnerability could have been misused by the hackers to log into the victim’s account by creating a new password via password recovery. 

That further would have allowed the attacker to exercise authority over the user’s inter-connected smart devices, access to personal notes, health-related data and to keep an eye on the victim’s movements through the feature ’Find My Device’. 

There’s no clarity on whether the vulnerabilities were taken advantage of or not. Meanwhile, for the discovery of the three aforementioned vulnerabilities, Samsung rewarded $13,300 to the security researcher. 

Weekly Update 117

Presently sponsored by: Netsparker – a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.

I’m in Whistler! And as I say at the start of this video, I did seriously consider having a week off these videos, but I found a comfy spot by the fire and a cold beer and all was good in the world again. This week has some updates on my Canada travels, a couple of data breaches I loaded during the week, new HIBP stickers and some really screwy password practices at HSBC. I’ll still be here in Whistler next week so will pump out one more snowy update before heading home for a hot Christmas.

Weekly Update 117
Weekly Update 117
Weekly Update 117

References

  1. The worker safety HIBP sticker is pretty cool (“The user has worked __ days without having being pwned”)
  2. HSBC has a rather odd approach to password validation (“Customers can enter additional characters on their password and it will be accepted as a successful logon. We don’t classify this as a security risk”)
  3. Netsparker is sponsoring my blog again this week (I’m a long-time user of their security scanner and they’ve been a great sponsor this year – thanks guys!)