Cyber Security

Posts about cyber security

My Last Post on This Domain

/ Aleksandar Todorović / Leave a comment

OK guys,

I think that it is time for me to publish the last post on this blog using WordPress as a domain. As you probably already know, GitHub is my favorite company and I have decided to switch my blog to a completely new domain.

I have published a couple of posts exclusively on the new domain and backed up every post from this domain to my new address (with one exception, but I’m working on it). I feel confident now to make the switch and I started to feel really comfortable using GitHub + Jekyll as a blogging platform, so I’ve decided to drop by and say good bye to my old domain.

From now on, you can follow me on r3bl.github.io. Be sure to use the http version of the site because https version is currently not properly implemented in the code. If you run into some issue while browsing the site or you miss a feature that I had implemented on this domain, feel free to report it here.

As always, you’re more than welcome to contact me anytime on aleksandar.todorovic@mail.ru. I hope that you’ll continue to read me on my new address.

Sincerely,
Aleksandar Todorović

Ljudi vam dosađuju pitanjima tipa kako postati haker? Evo rješenja

/ Aleksandar Todorović / Leave a comment

Uvod

Svako od nas se bar u jednom trenutku života zamislio kakav je osjećaj biti haker? Možda ste i pokušali da istražite malo tu temu, a nemate dovoljno dobro znanje engleskog jezika da bi pratili engleske tutorijale? Možda imate druga koji je vidio da koristite Linux i odma je pomislio da ste haker? Možda vodite blog post i dobijate konstanta pitanja tipa “Kako da hakujem Fejsbuk od svoje bivše”?

Ukoliko spadate u bilo koju od ovih skupina, velike su šanse da nemate baš dovoljno živaca, motivacije i želje da objašnjavate svakome šta znači ovaj pojam. Zbog toga sam odlučio da sve postove domaćih autora sakupim na jedno mjesto, tako da od sada kada god dobijete slično pitanje možete sagovorniku poslati jedan link i završiti sa diskusijom.

Predstavljam vam kako-postati-haker repozitorij

Ideja ovog repozitorija jeste da se na jednom mjestu objave linkovi prema svim tekstovima domaćih autora (bili oni na “našem” jeziku ili na engleskom) na ovu temu, da se poređaju smisleno i pravilno grupišu. Na ovaj način se kreira jedinstvena lista tekstova preko koje nove osobe mogu da nauče nešto više o ovom pojmu, te se na taj način skida teret sa nas ostalih da prelazimo iste teme više puta i oslobađa nam se vrijeme da radimo neke bitnije stvari (tipa rekompajliranje kernela).

Repozitorij sadrži samo linkove prema teksovima. Na taj način piscima nije uskraćen broj posjeta na njihovim web stranicama. Pored svakog teksta se nalazi i naziv autora, te link prema njegovoj službenoj web stranici.

Budući planovi

Trenutno imam samo jedan plan za budućnost ovog projekta, a taj plan jeste da listu postavim na sopstveni host umjesto da se listi pristupa GitHub repozotorij. Pošto trenutno nemam iznajmljen vlastiti host, kreiraću GitHub stranicu za projekat i predstaviti ga tamo u međuvremenu.

Kako doprinijeti projektu?

Doprinijeti projektu možete na više načina. Prvi način svakako jeste da pronađete tekstove na ovu temu i dodate ih na listu (ukoliko ne znate kako, jednostavno me kontaktirajte i ja ću to odraditi umjesto vas). Možete da dijelite ovaj repozitorij ili pišete o njemu pa da na taj način više ljudi sazna za njega. Možete da pišete originalan sadržaj na ovu temu da popunite praznine. Možete da mi pomognete da napravim web stranicu projekta učestvovanjem u izradi HTML verzije stranice ili dijeljenjem svojih hosting resursa za ovu svrhu.

Tekstovi koji neće biti primljeni

Dozvoljeni su samo tekstovi prema kojima čitaoc nije dužan da se registruje na neki sajt da bi ih pročitao.

Some Basic Facebook “Hacks” – Hack no. 4: DDoS a Website By Using Facebook

/ Aleksandar Todorović / 2 Comments

So, today I’m going to share with you a trick to DDoS a certain website by using Facebook’s notes feature. The process, although pretty simple, is a bit more complicated than previous posts I wrote in this series.

So, what do you need to do?

Well, first of all, you go to the target’s website and create a list with unique photos posted on that website. You put them in appropriate HTML tag like this:

<img src=”http://targetname/file?r=1” />
<img src=”http://targetname/file?r=2” />
<img src=”http://targetname/file?r=1000” />

 

The next thing you need to do is to write a note on m.facebook.com (it’s a mobile version of Facebook).

Now, you need to duplicate that note a couple of times with one or several other Facebook accounts.

After you’ve done that, all you need to do is to open that notes at the same time and watch the site go down. This process will generate thousands of HTTP requests in a couple of seconds to the target site.

You might want to check out previous posts in the series:

Through the Algorithm (2014) To a Free World

/ Aleksandar Todorović / Leave a comment

I like watching movies about hacking. There are only two possible outcomes of me watching this kind of movies: they’re fantastic OR they’re terrible. If the movie is fantastic, I’m going to enjoy it of course. But, if the movie is terrible, I’m going to laugh my ass of how stupidly hacking is displayed in that movie.

Well, this movie goes into that other group. It’s called Algorithm (like you haven’t seen that coming from the title of the post). I’m going to start my story by talking about how I found out about this movie.

A couple of hours ago I was just browsing my Twitter feed like I usually do. But this time, there was a certain link to a blog post that got my attention. It’s a post by Jonathan Schiefer, a writer and a director of this film. In a post titled The Free Future Starts Now, he talks about how piracy changed the way he looks at his movie. He didn’t earn much from the movie (not even enough to compensate the money he spent making the movie), but still, he did something marvelous. He shared his movie with the world for free for 24 hours. He knew that after those 24 hours are over, the pirating of the movie is going to be unstoppable, but that didn’t stop him from doing that. Now, his movie is all over the internet, and he feels damn proud about that.

I’ve never done a movie review before (hell, I don’t remember even reading any), especially not in English (I’m just saying this because I’m not a native English speaker as you probably notices by now), but I will give it a go. That’s the least I can do for Jonathan and his excellent piece of work.

This is the first movie I ever rated on IMDb and it got a perfect 10 from me. The movie is a perfect example that you can make a movie about hacking without making something up. Everything I saw in this movie is possible, and that’s something that really impressed me. It’s something that made this movie stand up from the rest of the similar movies I saw. Everything seems possible. Although I didn’t like the way hackers are represented in the movie (I think of a hacker more in an ideological way, as someone who thinks outside the box, not as someone who breaks computer systems), I completely understand why Jonathan decided to represent hackers in such way.

This movie covers a story about a hacker (or if you’re like me, the term cracker might work better for you) who will try to break into anything he wants. He went out of line once and broke into some government database, which was a big mistake (of course). His friends were tortured by the government because of that and in the end he himself got tortured because a friend of his betrayed him. After they tortured him, the government did offer him a job, something that would probably happen if this was a real life situation (think of Sabu as a perfect example). I don’t want to spoil everything so I’m not going to say anything more about the story. I highly suggest you to pirate the movie if you’re interested.

What I liked even more than the story was the way the technology was described in the movie. He talks about Linux, about Tor browser, the disadvantages of the open WiFi network, the disadvantages of proprietary programming languages, and the main ideology of every hacker: that the information should be free.

Jonathan even went one step ahead as he adopted those words from the movie in the real life by sharing the movie with the world.

As he said in the blog post I linked, it all started with the software. Then came the books. Next stop was sharing the music. Now, we’re at a stage where sharing movies is something we encounter with on a regular basis. And the next stop is going to be sharing small physical objects (by using 3D printers).

I’m going to end the post by sharing the last couple of sentences from the post Jonathan published, because I really think that those sentences cover it all:

When everything is free there won’t be any poor. There won’t be any wealth inequalities. There won’t be people starving because anyone can just print food. People won’t go into debt for the rest of their life to go to college because we’ll have equal access to information and art. There will be no tricking the ignorant because people won’t be ignorant because information will be free.

I’m crazy enough to believe I can help change the world. And the world I want is when the future is free!”

Some Basic Facebook “Hacks” – Hack no. 2: Find out who’s calling you on your phone by using Facebook

/ Aleksandar Todorović / 2 Comments

As I’ve already said in my previous post, In this blog post series I’m going to post about some useful Facebook “hacks” that you can do without ever leaving Facebook at all. I will not be using any external software, website or something similar while posting about this topic.

You have some mobile numbers but you don’t know who’s behind them? Well, Facebook automatically allows you to search users by their mobile number, so all you have to do is to enter that phone number in Facebook’s search. There is absolutely no option for you to disable that what so ever.

It’s a lot easier to find someone if you have them as your friends, you’ll get a lot more exact information that way, because the default privacy setting for this is limited to friends only. You can also do this with an email address.

A fun project: Create an Android/iPhone/Windows Phone/FirefoxOS application. When someone unknown number calls you, the application opens up Facebook and enters that mobile number in Facebook’s search and displays the top result to you, so you know who’s calling you even if you don’t have them inside your address book.

If you want to make this kind of application, please do let me know. I’m willing to use it and I’m willing to share it on my blog. I’m just lazy as fuck, so I won’t be creating that application any time soon.

You might want to check out other posts in this series:

Get Office 365 License For Free! [A Little Contest]

/ Aleksandar Todorović / Leave a comment

So, even though I’m a regular Linux user, I use Microsoft’s software whenever I need them. I’ve bought an Office 365 Home Plus license in July of this year. So, what did I get with it? I got five Home subscriptions, each one with a licensed Office suite, 1 TB of OneDrive space and some premium Skype minutes (I can’t remember how many exactly). The license expires in July, but I will renew it as soon as it expires.

After using this license for a couple of months now, I still have two licenses laying around without an owner and I’ve decided to share it with you guys for free! The only requirement for this contest is that you have Windows 7 or newer installed on your PC because the older versions are not supported with this version of Office suite.

Now considering that probably more than two people are interested in getting it, I’ve decided to create a little contest. All you have to do is to write some short story and send it to me. I don’t have any specific theme that I want you to write about, you can write about anything you want to, but I will prefer the topics that I’m interested in than those that I am not.

Those topics include anything related to open source, hacking, Linux, PC Master Race, NSA spying, artificial intelligence, social engineering or human psychology. You can write your story in any language I know: English, Bosnian, Serbian or Croatian.

I want to know something about you. I want to hear your story and learn something from your experience and I’m ready to give you $80 worth software just to hear your story.

You can send your stories to my email address (aleksandar.todorovic@mail.ru), just put [Office Contest] in the beginning of the email subject. I will select two stories that I like the most and share the license with them. I will probably publish the winning stories on my blog with the explanation on why I chose them. The contest ends on November the 5th. The winners will be announced on November the 6th.

Here’s a picture as a proof that I have two licenses available right now (excuse my poor GIMP knowledge):

Screenshot

What exactly is a hacker?

/ Aleksandar Todorović / 2 Comments

Quote:
Not to be confused, hacker is a person who wants to share his knowledge about computers with others. Hacker is every person who thinks in an unconventional way. An idea that a hacker is someone who does something malicious is an idea created in Hollywood.

This is a quote from a report about a hacking convention called BalCCon 2k14 that took place for the second year in a row in Novi Sad, the second biggest city in Serbia.

I think that this quote describes perfectly what a hacker is. I feel kinda tired of all those “you call yourself a hacker, you’re going to end up in jail” conversations and Google+ posts in hacker communities where idiots ask stuff like: “teach me how to hack fb plz”.

I do realize that 95% of people don’t understand us who call ourselves hackers and I do realize that they will probably never learn, but I feel so tired of this that I had to share this quote with you.

If you’re not sure what a hacker is, I suggest you to start learning by reading this Wikipedia article about a term hacker. You will start to realize that the hacker is a much more broader term than the one you have in mind, although I don’t think that this article explains it a lot.

In the end of this post, I want to share another quote with you. This quote is from Bruce Schneier‘s book called Secrets and Lies (2000) and I think that this definition covers it all.

Quote
A hacker is someone who thinks outside the box. It’s someone who discards conventional wisdom, and does something else instead. It’s someone who looks at the edge and wonders what’s beyond. It’s someone who sees a set of rules and wonders what happens if you don’t follow them. A hacker is someone who experiments with the limitations of systems for intellectual curiosity.

EDIT:
Here are some other articles written about what a term hacker is.

Da li živimo u cyberpunk svetu?

/ Aleksandar Todorović / Leave a comment

NAPOMENA: Ovaj blog post sam napisao prije mnogo vremena (dovoljno daleko da bude stariji od ideje da uopšte napravim blog). Sve do sada nije objavljen nigdje, a sada sam dobio želju da ga podijelim sa javnošću i na taj način malo popunim svoj blog. Post je ostao neizmijenjen u cjelosti i kao takav kopiran iz LibreOffice-a, tako da su podaci malo stariji a stil pisanja takav kakav jeste.

Inspirisan izvrsnim člankom koji je izašao u regionalnom portalu Linux Za Sve koji možete pročitati ovde, ne mogu da se ne zapitam koliko smo blizu jednoj izjavi iznesenoj u tom članku. Ta izjava glasi:

„[FLOSS zajednica] je jedan od bitnih ključeva za spas modernog društva, koje je opasno zaglibilo u materijalizam i koje nije daleko od kaotične cyberpunk anarhije.“

Ta usporedba današnjeg sveta sa cyberpunk anarhijom kakvu sam kao i većina nas nekoliko puta video u filmovima (Matrix, Blade Runner…) i „doživeo“ u PC igrama (Remember Me) me je zaintrigirala. Za one koji nisu upoznati (ako postoje takve osobe), osnova cyberpunk priče je da će u budućnosti postojati neka totalitaristička kompanija/organizacija koja će upravljati ljudima i tehnologijom na koji god način žele i da niko neće moći da ih zaustavi. Bez te kompanije/organizacije nećemo moći da preživimo jer ćemo postati direktno ovisni o njoj, žrtvujući sve što imamo da bi dobili njene proizvode, a ta kompanija/organizacija će o nama znati više od nas samih. Što više razmišljam o tome, sve više razumem da nas to ne čeka u budućnosti. Budućnost je već stigla. Mi smo deo cyberpunk sveta.

Ovaj cyberpunk svet se u nekoj meri razlikuje od one priče koju smo gledali na filmovima, ali suština je ista. Cyberpunk svet nije zavladao u stvarnosti, ali jeste u virtualnom svetu. Prosečan korisnik danas provodi većinu svoga vremena u tom virtualnom svetu. Prosečan korisnik nije ovisan o samo jednom proizvodu jedne kompanije. Ovisan je o nekoliko njih. Prije nego što kažem svoje mišljenje želim samo da navedem ovu stranicu kao izvor podataka koje ću trenutno da izložim. Podaci vrede za avgust 2013. godine.

91,19% korisnika desktopa i laptopa koristi neku verziju Microsoft-ovog operativnog sistema.
70,98% korisnika interneta koristi Google kao njihov pretraživač.
15% svih ljudi koji trenutno žive na svijetu posjeduje Facebook profil.
Preko 15% svih ljudi koji trenutno žive na svijetu posjećuje YouTube bar jednom mjesečno.

Dakle u osnovi imamo tri kompanije o kojima je prosečan čovek ovisan: Microsoft, Google i Facebook. Da li je tu kraj? Naravno da ne. Postoji i NSA, organizacija koja sigurno sakuplja podatke koje korisnici ostave na 10 od 20 najposećenijih stranica na svetu (prema ovim izvorima). Dakle stvari nisu baš kompletno kao na filmu, ali su dovoljno blizu da se zapitamo šta je sledeće. Ogromna količina korisnika neće ni da čuje za operativni sistem koji nije razvijen od strane Microsoft-a. Ogromna količina korisnika neće ni da pokuša da koristi neki drugi pretraživač osim već onih dobro poznatih kao što su Google, Yahoo i Bing.

Pitate se kada ćemo da živimo u cyberpunk svetu? Shvatite da smo već njegov deo. Naravno, ništa od ovoga trenutno nije obavezno i još uvek imamo pravo na slobodan izbor. Ali, da budemo iskreni, taj izbor koristi toliko malen broj ljudi da je zanemarljiv. Sada je samo pitanje kada ćemo mi koji pripadamo tom malom broju ljudi početi da budemo proganjani zbog toga i kada će celo stanovništvo biti čipovano tako da nam se prati svaki korak.