Monday, June 30, 2014

Use Firefox Safari & Chrome with Tor for Mac OS X | Video Tutorial

How to build Tor from source and install it so you can proxy your web browsers through it.

If you receive the following error, 
checking for libevent directory... configure: WARNING: Could not find a linkable libevent.  If you have it installed somewhere unusual, you can specify an explicit path using --with-libevent-dir
configure: error: Missing libraries; unable to proceed.
It means that it could not find the program libevent, to fix this you just need to install libevent in the same way you are installing Tor, then go through the steps with Tor again. To install libevent:

  1. Download the newest source from
  2. Extract it just like you extracted Tor, then change to the extracted directory
  3. Type: ./configure && make
  4. Type: sudo make install
If you are getting no compiler found errors, or when trying to install libevent, if you get an openssl error, try typing this in terminal
xcode-select --install 
and install the command line tools by clicking install on the prompt.

(This should fix an errors related to missing the /urs/include directory in OS X 10.11)

Wednesday, June 18, 2014

AVAST Forum Hacked | 400,000 Users Compromised

AVAST, the antivirus software company, had its forum hacked earlier this week. This shouldn't come as much of a surprise to some people because AVAST's forum used (and still uses,) Simple Machines Forum as their forum software. A quick vulnerability search returned the following: CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.
The email that AVAST sent out contained a weird statement that I can only assume was meant to make users feel safe in the future:
We added our own login technology with SSL encryption. With this encryption, passwords will not be saved in our forum database. This means this information cannot be compromised.
SSL has nothing to do with where or how the passwords are saved. I can only assume that they mean the passwords are hashed and at best stored in a different database. However, none of this means that they cannot be compromised in an attack.

Full email:
A few days ago we informed you that the AVAST forum was attacked and because of that, we took the forum offline to improve its structure and security. It is now back up and more secure.
We decided to rebuild the forum on the same software platform we used before, but we enhanced the security on our side. We added our own login technology with SSL encryption. With this encryption, passwords will not be saved in our forum database. This means this information cannot be compromised.
The forum is an extremely important part of our business. Our members not only solve problems identified by other members, but give us valuable insight that helps us improve our business and our products. We are extremely grateful for your participation, and we hope that you will rejoin the forum and continue providing your unique insight.
To start using the new AVAST forum, please log in at this link. If you forgot your my.avast account password please change it at link.
If your MyAvast password is the same as your old forum password, please reset your password and create a new one.
Again, we regret any inconvenience this may have caused you and thank you for your contributions.
All the best,
Ondrej Vlcek
COO AVAST Software

Sunday, June 8, 2014

Enable Virtual Private Network (VPN) on Kali Linux

In Kali Linux the VPN options are grayed out because it is missing some of the required packages to enable Virtual Private Networks in Network Manager. This quick video shows you how to install the missing packages in Kali so that the VPN option is no longer grayed out.

You can omit the last two packages (network-manager-iodine & network-manager-iodine-gnome) if you'd like as they aren't needed by the average user.

apt-get install network-manager-openvpn network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome network-manager-openconnect network-manager-openconnect-gnome network-manager-iodine network-manager-iodine-gnome