Monday, June 30, 2014

Use Firefox Safari & Chrome with Tor for Mac OS X | Video Tutorial

How to build Tor from source and install it so you can proxy your web browsers through it.

If you receive the following error, 
checking for libevent directory... configure: WARNING: Could not find a linkable libevent.  If you have it installed somewhere unusual, you can specify an explicit path using --with-libevent-dir
configure: error: Missing libraries; unable to proceed.
It means that it could not find the program libevent, to fix this you just need to install libevent in the same way you are installing Tor, then go through the steps with Tor again. To install libevent:

  1. Download the newest source from
  2. Extract it just like you extracted Tor, then change to the extracted directory
  3. Type: ./configure && make
  4. Type: sudo make install
If you are getting no compiler found errors, or when trying to install libevent, if you get an openssl error, try typing this in terminal
xcode-select --install 
and install the command line tools by clicking install on the prompt.

(This should fix an errors related to missing the /urs/include directory in OS X 10.11)

Wednesday, June 18, 2014

AVAST Forum Hacked | 400,000 Users Compromised

AVAST, the antivirus software company, had its forum hacked earlier this week. This shouldn't come as much of a surprise to some people because AVAST's forum used (and still uses,) Simple Machines Forum as their forum software. A quick vulnerability search returned the following: CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.
The email that AVAST sent out contained a weird statement that I can only assume was meant to make users feel safe in the future:
We added our own login technology with SSL encryption. With this encryption, passwords will not be saved in our forum database. This means this information cannot be compromised.
SSL has nothing to do with where or how the passwords are saved. I can only assume that they mean the passwords are hashed and at best stored in a different database. However, none of this means that they cannot be compromised in an attack.

Full email:
A few days ago we informed you that the AVAST forum was attacked and because of that, we took the forum offline to improve its structure and security. It is now back up and more secure.
We decided to rebuild the forum on the same software platform we used before, but we enhanced the security on our side. We added our own login technology with SSL encryption. With this encryption, passwords will not be saved in our forum database. This means this information cannot be compromised.
The forum is an extremely important part of our business. Our members not only solve problems identified by other members, but give us valuable insight that helps us improve our business and our products. We are extremely grateful for your participation, and we hope that you will rejoin the forum and continue providing your unique insight.
To start using the new AVAST forum, please log in at this link. If you forgot your my.avast account password please change it at link.
If your MyAvast password is the same as your old forum password, please reset your password and create a new one.
Again, we regret any inconvenience this may have caused you and thank you for your contributions.
All the best,
Ondrej Vlcek
COO AVAST Software

Sunday, June 8, 2014

Enable Virtual Private Network (VPN) on Kali Linux

In Kali Linux the VPN options are grayed out because it is missing some of the required packages to enable Virtual Private Networks in Network Manager. This quick video shows you how to install the missing packages in Kali so that the VPN option is no longer grayed out.

You can omit the last two packages (network-manager-iodine & network-manager-iodine-gnome) if you'd like as they aren't needed by the average user.

apt-get install network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome network-manager-openconnect network-manager-openconnect-gnome network-manager-iodine network-manager-iodine-gnome 

Sunday, May 25, 2014

Ebay User Database Hacked - Request All Users to Change Their Passwords

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.

Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:
  • As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
  • We are applying additional security to protect our customers.
  • We are working with law enforcement and leading security experts to aggressively investigate the matter.

Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.

We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Devin Wenig Signature
Devin Wenig
President, eBay Marketplaces

Thursday, May 22, 2014

Kali is Vulnerable to Heartbleed - How to Upgrade OpenSSL for Kali Linux

Kali Linux uses a version of OpenSSL that is vulnerable to the heartbleed attack. Your ram could be dumped as you use a terminal tool to connect to a malicious server.

Kali hasn't updated their repositories to include the updated version of OpenSSL yet, so I will walk you through the process of installing the updated version.

OpenSSL 1.0.1g download:
tar xzf openssl-1.0.1g.tar.gz

Terminal Commands:
openssl version
cd openssl-1.0.1g
./config --prefix=/usr --openssldir=/etc/ssl

Subscribe to my channel:

Have a video request? Let me know:

Sunday, May 18, 2014

Take down websites and servers from 1 computer - Slowloris DOS Tutorial

In this video I show you how to get and use Slowloris to DOS (Denial of Service) websites and servers from a single computer or even a smartphone. This is a very simple attack to use and it can be ran through Tor or other proxies as it doesn't require very much bandwidth at all.

This video also walks you through how to setup an Apache server in Kali Linux to test the attack on.

If you like my videos, please subscribe to me on YouTube:

Follow me on Twitter, @gFogerlie and Google+

If you have a video request you can let me know in the comments here or on my channel:

Friday, May 16, 2014

Mac OS X 10.9.3 Update Bug - Fix Missing User Directory in Finder and Apps

A bug with the recent OS X 10.9.3 update causes the Users folder to no longer be available in Finder and some apps. There are a few ways to fix this, but the simplest one that persists after reboot is to create an AppleScript and have it load on login.

tell application "Terminal"
    do shell script "chflags nohidden /Users" password "yourLoginPassword" with administrator privileges
end tell
This video will walk you through a couple fixes including a very simple fix that will work after you reboot.

The more complicated fix that I briefly showed in the video is to:

start your computer with Alt + CMD + P + R in order to do a PRAM reset.
Then start your computer with CMD + R for recovery partition boot
Launch Disk Utility and repair permissions. Quit Disk Utility and open Terminal (Utilities -> Terminal) and type :
cd /Volumes/Macintosh\ HD (or the name of your partition)
chmod 755 Users
chmod 755 Users/Shared
chflags nohidden Users
chflags nohidden Users/Shared

A method I don't recommend for now.

If you like my videos, please subscribe to me on YouTube:

Follow me on Twitter, @gFogerlie and Google+

If you have a video request you can let me know in the comments here or on my channel:

Friday, February 21, 2014

Myspace Security Certificate Fail

I'm not interested in social media, at least not for any of the reasons that most people are. I do enjoy the way sites use social manipulation to hook you into actively using their site. With that in mind, and having heard a great deal about how was being recreatted/rebrandded and how much money they were spending on advertising alone ($20 Million, I believe,) I couldn't help but take a peek. 

And this is what I saw:
I briefly looked at the cert, it looked fine except for the obvious not valid before date was set to the next day. I don't think this was anything malicious, nor an error on my side. For those who don't know, the vast majority of the incidents of this type of error is due to the end user's clock being incorrectly set to a time before the date on the certificate.

I proceeded and everything seemed as you would expect. I have since revisited and looked at the cert, which seems to have been issued years earlier, so my guess is it was just a server misconfiguration. If anyone knows or has a better idea I'd like of know. At the time it wasn't my intent to look into the matter so I didn't research any further.