Home » Posts tagged 'Firefox'
Tag Archives: Firefox
Proxmate- Browser plugins for Proxy Surfing to sites closed to certain countries
A neat technical innovation Proxmate is a browser plugin with a Chrome and Firefox version. It allows non US internet citizens to go to US sites , including Google’s Play Store, Spotify, Turntable and others
It is very professionally designed and now being used quite a lot.
Great Work by Dave Mohl at http://proxmate.dave.cx/
I wish the same principle could be applied to create a fork of Chromium /Firefox to mash up with the Tor do not track privacy software. Or if a fork is too much work- even a plugin 
How to learn Hacking Part 2
Now that you have read the basics here at http://www.decisionstats.com/how-to-learn-to-be-a-hacker-easily/ (please do read this before reading the below)
Here is a list of tutorials that you should study (in order of ease)
1) LEARN BASICS – enough to get you a job maybe if that’s all you wanted.
http://www.offensive-security.com/metasploit-unleashed/Main_Page
2) READ SOME MORE-
Lena’s Reverse Engineering Tutorial-”Use Google.com for finding the Tutorial“
Lena’s Reverse Engineering tutorial. It includes 36 parts of individual cracking techniques and will teach you the basics of protection bypassing
01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. “The plain stupid patching method”, searching for textstrings
07. Intermediate level patching, Kanal in PEiD
08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor
09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration
10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick
11. Intermediate patching using Olly’s “pane window”
12. Guiding a program by multiple patching.
13. The use of API’s in software, avoiding doublechecking tricks
14. More difficult schemes and an introduction to inline patching
15. How to study behaviour in the code, continued inlining using a pointer
16. Reversing using resources
17. Insights and practice in basic (self)keygenning
18. Diversion code, encryption/decryption, selfmodifying code and polymorphism
19. Debugger detected and anti-anti-techniques
20. Packers and protectors : an introduction
21. Imports rebuilding
22. API Redirection
23. Stolen bytes
24. Patching at runtime using loaders from lena151 original
25. Continued patching at runtime & unpacking armadillo standard protection
26. Machine specific loaders, unpacking & debugging armadillo
27. tElock + advanced patching
28. Bypassing & killing server checks
29. Killing & inlining a more difficult server check
30. SFX, Run Trace & more advanced string searching
31. Delphi in Olly & DeDe
32. Author tricks, HIEW & approaches in inline patching
33. The FPU, integrity checks & loader versus patcher
34. Reversing techniques in packed software & a S&R loader for ASProtect
35. Inlining inside polymorphic code
36. Keygenning
If you want more free training – hang around this website
http://www.owasp.org/index.php/Cheat_Sheets
OWASP Cheat Sheet Series
- OWASP Top Ten Cheat Sheet
- Authentication Cheat Sheet
- Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
- Transport Layer Protection Cheat Sheet
- Cryptographic Storage Cheat Sheet
- Input Validation Cheat Sheet
- XSS Prevention Cheat Sheet
- DOM based XSS Prevention Cheat Sheet
- Forgot Password Cheat Sheet
- Query Parameterization Cheat Sheet
- SQL Injection Prevention Cheat Sheet
- Session Management Cheat Sheet
- HTML5 Security Cheat Sheet
- Web Service Security Cheat Sheet
- Application Security Architecture Cheat Sheet
- Logging Cheat Sheet
- JAAS Cheat Sheet
Draft OWASP Cheat Sheets
- Access Control Cheat Sheet
- REST Security Cheat Sheet
- Abridged XSS Prevention Cheat Sheet
- PHP Security Cheat Sheet
- Password Storage Cheat Sheet
- Secure Coding Cheat Sheet
- Threat Modeling Cheat Sheet
- Clickjacking Cheat Sheet
- Virtual Patching Cheat Sheet
- Secure SDLC Cheat Sheet
3) SPEND SOME MONEY on TRAINING
http://www.corelan-training.com/index.php/training/corelan-live/
Course overview
Module 1 – The x86 environment
- System Architecture
- Windows Memory Management
- Registers
- Introduction to Assembly
- The stack
Module 2 – The exploit developer environment
- Setting up the exploit developer lab
- Using debuggers and debugger plugins to gather primitives
Module 3 – Saved Return Pointer Overwrite
- Functions
- Saved return pointer overwrites
- Stack cookies
Module 4 – Abusing Structured Exception Handlers
- Abusing exception handler overwrites
- Bypassing Safeseh
Module 5 – Pointer smashing
- Function pointers
- Data/object pointers
- vtable/virtual functions
Module 6 – Off-by-one and integer overflows
- Off-by-one
- Integer overflows
Module 7 – Limited buffers
- Limited buffers, shellcode splitting
Module 8 – Reliability++ & reusability++
- Finding and avoiding bad characters
- Creative ways to deal with character set limitations
Module 9 – Fun with Unicode
- Exploiting Unicode based overflows
- Writing venetian alignment code
- Creating and Using venetian shellcode
Module 10 – Heap Spraying Fundamentals
- Heap Management and behaviour
- Heap Spraying for Internet Explorer 6 and 7
Module 11 – Egg Hunters
- Using and tweaking Egg hunters
- Custom egghunters
- Using Omelet egghunters
- Egghunters in a WoW64 environment
Module 12 – Shellcoding
- Building custom shellcode from scratch
- Understanding existing shellcode
- Writing portable shellcode
- Bypassing Antivirus
Module 13 – Metasploit Exploit Modules
- Writing exploits for the Metasploit Framework
- Porting exploits to the Metasploit Framework
Module 14 – ASLR
- Bypassing ASLR
Module 15 – W^X
- Bypassing NX/DEP
- Return Oriented Programming / Code Reuse (ROP) )
Module 16 – Advanced Heap Spraying
- Heap Feng Shui & heaplib
- Precise heap spraying in modern browsers (IE8 & IE9, Firefox 13)
Module 17 – Use After Free
- Exploiting Use-After-Free conditions
Module 18 – Windows 8
- Windows 8 Memory Protections and Bypass
ALSO GET CERTIFIED http://www.offensive-security.com/information-security-training/penetration-testing-with-backtrack/ ($950 cost)
the syllabus is here at
http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf
4) HANG AROUND OTHER HACKERS
At http://attrition.org/attrition/
or The Noir Hat Conferences-
http://blackhat.com/html/bh-us-12/training/bh-us-12-training_complete.html
or read this website
http://software-security.sans.org/developer-how-to/
5) GET A DEGREE
Yes it is possible
See http://web.jhu.edu/jhuisi/
The Johns Hopkins University Information Security Institute (JHUISI) is the University’s focal point for research and education in information security, assurance and privacy.
Scholarship Information
The Information Security Institute is now accepting applications for the Department of Defense’s Information Assurance Scholarship Program (IASP). This scholarship includes full tuition, a living stipend, books and health insurance. In return each student recipient must work for a DoD agency at a competitive salary for six months for every semester funded. The scholarship is open to American citizens only.
http://web.jhu.edu/jhuisi/mssi/index.html
MASTER OF SCIENCE IN SECURITY INFORMATICS PROGRAM
The flagship educational experience offered by Johns Hopkins University in the area of information security and assurance is represented by the Master of Science in Security Informatics degree. Over thirty courses are available in support of this unique and innovative graduate program.
———————————————————–
Disclaimer- I havent done any of these things- This is just a curated list from Quora so I am open to feedback.
You use this at your own risk of conscience ,local legal jurisdictions and your own legal liability.
April Fool's Day- Catblock!
Since Anonymous didnt disrupt the internet on April Fools Day by overloading the DNS Servers! , the best April Fool’s day imho goes to Adblock- that nifty extension that allows you to block ads.
Well for today- it replaced ads with funny cats- and you can even buy the cats for ads extension permanently. That’s right cats take over the Internet!
Only 2% of Chrome and Firefox users block ads! so what are you waiting for- this is how the NYTimes looks for me!!
Replace ads with cats-
for chrome here-
https://chrome.google.com/webstore/detail/gighmmpiobklfepjocnamgkkbiglidom
for firefox here-
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
read more on catblock here-
http://adblockforchrome.blogspot.in/2012/03/inturdusing-catblock.html
but if you want to buy catblock—
see this
https://chromeadblock.com/pay/?source=catblock
Does the Internet need its own version of credit bureaus
Data Miners love data. The more data they have the better model they can build. Consumers do not love data so much and find sharing data generally a cumbersome task. They need to be incentivize for filling out survey forms , and for signing to loyalty programs. Lawyers, and privacy advocates love to use examples of improper data collection and usage as the harbinger of an ominous scenario. George Orwell’s 1984 never “mentioned” anything about Big Brother trying to sell you one more loan, credit card or product.
Data generated by customers is now growing without their needing to fill out forms and surveys. This data is about their preferences , tastes and choices and is growing in size and depth because it is generated from social media channels on the Internet.It is this data that can be and is captured by social media analytics.
Mobile data is also growing, including usage of location based applications and usage of Internet from the mobile phone is leading to further increases in data about consumers.Increasingly , location based applications help to provide a much more relevant context to the data generated. Just mobile data is expected to grow to 15 exabytes by 2015.
People want to have more and more conversations online publicly , share pictures , activity and interact with a large number of people whom they have never met. But resent that information being used or abused without their knowledge.
Also the Internet is increasingly being consolidated into a few players like Microsoft, Amazon, Google and Facebook, who are unable to agree on agreements to share that data between themselves. Interestingly you can use Yahoo as a data middleman between Google and Facebook.
At the same time, more and more purchases are being done online by customers and Internet advertising has grown much above the rate of growth of other mediums of communication.
Internet retail sales have the advantage that better demand predictability can lead to lower inventories as retailers need not stock up displays to look good. An Amazon warehouse need not keep material to simply stock up it shelves like a K-Mart does.
Our Hypothesis – An Analogy with how Financial Data Marketing is managed offline
- Financial information regarding spending and saving is much more sensitive yet the presence of credit bureaus alleviates these concerns.
- Credit bureaus collect information from all sources, aggregate and anonymize the individual components accordingly.They use SSN as a unique identifier.
- The Internet has a unique number too , called the Internet Protocol Address (I.P)
- Should there be a unique identifier like Internet Security Number for the Internet to ensure adequate balance between the need for privacy as well as the need for appropriate targeting?
After all, no one complains about privacy intrusions if their credit bureau data is aggregated , rolled up, and anonymized and turned into a propensity model for sending them direct mailers.
Advertising using Social Media and Internet
https://www.facebook.com/about/ads/#stories
1. A business creates an adLet’s say a gym opens in your neighborhood. The owner creates an ad to get people to come in for a free workout.
2. Facebook gets paid to deliver the adThe owner sends the ad to Facebook and describes who should see it: people who live nearby and like running.
The right people see the ad3. Facebook only shows you the ad if you live in town and like to run. That’s how advertisers reach you without knowing who you are.
Adding in credit bureau data and legislative regulation for anonymizing and handling privacy data can expand the internet selling market, which is much more efficient from a supply chain perspective than the offline display and shop models.
Privacy Regulations on Marketing using Internet data
Should laws on opt out and do not mail, do not call, lists be extended to do not show ads , do not collect information on social media. In the offline world, you can choose to be part of direct marketing or opt out of direct marketing by enrolling yourself in various do not solicit lists. On the internet the only option from advertisements is to use the Adblock plugin if you are Google Chrome or Firefox browser user. Even Facebook gives you many more ads than you need to see.
One reason for so many ads on the Internet is lack of central anonymize data repositories for giving high quality data to these marketing companies.Software that can be used for social media analytics is already available off the shelf.
The growth of the Internet has helped carved out a big industry for Internet web analytics so it is a matter of time before social media analytics becomes a multi billion dollar business as well. What new developments would be unleashed in this brave new world is just a matter of time, and of course of the social media data!
Chrome Extension- MafiaaFire
The chrome extension MafiaaWire basically gives you an updated list of redirected websites. So the next time , your evil highness shuts down your favorite website- the list promises to give you an update. While obviously entertainment intellectual property is a very obvious site category for such redirects, in some cases these extensions can be used for simple things like hosting dissents or protesters against govt corruption in non US countries .
Basically under the new SOPA act (an oline version of pepper spray http://en.wikipedia.org/wiki/Stop_Online_Piracy_Act) even browsers like Firefox and Chrome would be liable for any such extension that can be used to download American Intellectual property illegally.
In the meantime – this is an interesting and creative use case of technology and sociology merging in the brave new world.
You can read about it here-
http://en.wikipedia.org/wiki/MAFIAAFire_Redirector
MAFIAAFire works by downloading a list which contains the names of the “blocked” sites as well as the sites to redirect to. This list is downloaded every time Firefox starts up or every two days on the Chrome version (although the user has the choice to force an update on the Chrome version instead of waiting for two days).
When a user types in a domain name from the list of blocked domains, the add-on recognizes this and automatically redirects the user to the secondary site. Since this happens before the browser connects to the DNS server, this renders any DNS blocks useless.
Although the add-on checks for which sites are entered into the address bar every time (as it needs to check if that site is on its block list), it does not log these requests nor send these requests to any central server. In other words: it does not track the user.
or
Download it from
https://chrome.google.com/webstore/detail/hnifiobpjihmmjgiokkaalgomddebhng
Interesting times indeed!
Related-
Encryption
http://poemsforkush.wordpress.com/2011/12/17/encryption/
How to surf anonymously on the mobile- Use Orbot
This is an interesting use case of anonymous surfing through mobile by using Tor Project on the Android Mobile OS.
Source- https://guardianproject.info/apps/orbot/
Orbot requires different configuration depending on the Android operating system version it is used on.
For standard Android 1.x devices (G1, MyTouch3G, Hero, Droid Eris, Cliq, Moment)
- WEB BROWSING: You can use the Orweb Privacy Browser which we offer, which only works via Orbot and Tor.
- For Instant Messsaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.
For Android 2.x devices: Droid, Nexus, Evo, Galaxy
- WEB BROWSING: Non-rooted devices should use Firefox for Android with our ProxyMob Add-On to browse via the Tor network. Rooted devices can take advantage of transparent proxying (see below) and do not need an additional app installed.
- Transparent Proxying: You must root your device in order for Orbot to work transparently for all web and DNS traffic. If you root your device, whether it is 1.x or 2.x based, Orbot will automatically, transparently proxy all web traffic on port 80 and 443 and all DNS requests. This includes the built-in Browser, Gmail, YouTube, Maps and any other application that uses standard web traffic.
- For Instant Messsaging, please try Gibberbot which provides integrated, optional support for Orbot and Tor.
Developers
- Source code is available via SVN: svn co https://svn.torproject.org/svn/projects/android/ and Git: git clone https://gitweb.torproject.org/orbot.git
Chrome
If you are new to using Chrome, there are many delightful features just beneath the surface.
If you are an Internet Explorer or Firefox or Safari or Arora or Opera or Sea Monkey browser user- this is one more reason to test, just test Chrome.
Ok so who Made chrome- (note the link i.e about:credits is what you type in chrome to see features)
- Will Google be able to monetize Chrome the way it has monetized Android (Atleast by locking in both search,computing and browsing platforms)? I like the Adblock extension- and I would be happy to see more paid extensions. or even two versions one free and other freer (in choice) browsers for ads /security etc. maybe even a premium paid browser which has tor embedded in it , adblock enabled in it, and encrypted chat (like Waste Again) as an extension…. Hmm Hmm Hmm There is a SOCIAL version of Chromium called Rockmelt used ironically by Google Social Nemesis -Facebook (see http://blogs.ft.com/fttechhub/2011/06/facebook-partners-with-rockmelt-on-building-a-social-web-browser/)
- Will Google share more revenue with open source contributors and thus create a new path in open source revenue generation just like it did with online advertising as an industry? Hmm Hmm Hmm. or Will Facebook continue to lead the way with extensions and applications (which did predate the mobile app place- so thats one innovation u gotta give to Zuk’s boys
