Posts Tagged ‘iHack’

Security blog Defense in Depth has found a glaring security flaw in OS X Lion that enables hackers to change the password of any user on a machine running Lion. “[While] non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Patrick Dunstan from Defense in Depth explained in a recent blog post. The result is that anyone could use a simple Python script, created by Dunstan himself, to discover a user’s password. It gets worse. Reportedly, OS X Lion does not require its users to enter a password to change the login credentials of the current user.

That means typing the command:

dscl localhost -passwd /Search/Users/CoreBuilder

will actually prompt you to set a new password for CoreBuilder. As CNET points out, a hacker could only take advantage of the known bug if he or she has local access to the computer and Directory Service access.

CNET suggests disabling automatic log-in, enabling sleep and screensaver passwords and disabling guest accounts as some preventative measures to keep your Mac secure.

[Via CNET]

Some of my friend ask me time to time how to use iTunes smartly via keyboard there is the full list of keyboard controls (for Windows). This list covers them all – from [Enter] to play a song, to [Ctrl+Alt+Down], which mutes the volume…

Let me highlight a few in particular: “Snap window to screen size”, “Reshuffle the current playlist” and “Toggle artwork”.

Play the selected song [Enter]
Plays to the next album in a list [Shift][Ctrl][Alt][Right]
Plays the previous album in a list [Shift][Ctrl][Alt][Left]
Create a new Smart Playlist [Shift][+]
Reshuffle the current playlist [Shift][Shuffle Button]
Delete the selected playlist immediately [Ctrl][Delete]
Delete the selected playlist and all the songs listed in it [Shift][Delete]
Check or uncheck all the songs in a list [Ctrl][Click checkbox]
Expand or collapse all the subfolders and lists [Ctrl][Click triangle]
Snap window to screen size [Shift][Double click the title bar]
Refresh the Radio or Party Shuffle list [F5]
Next Music Store Page [Ctrl][]]
Previous Music Store Page [Ctrl][[]
Mini Player [Ctrl][M]
Stream audio from a URL [Ctrl][U]

File Menu:
New Playlist [Ctrl][N]
New Smart Playlist [Ctrl][Alt][N]
New Playlist with selected songs [Ctrl][Shift][N]
Add File [Ctrl][O]
Close Window [Ctrl][W] or [Alt][F4]
Import… [Ctrl][Shift][O]
Get Info [Ctrl][I]
Show File [Ctrl][R]
Show File that is currently playing [Ctrl][L]
Print [Ctrl][P]

Edit Menu:
Undo [Ctrl][Z]
Cut [Ctrl][X]
Copy [Ctrl][C]
Paste [Ctrl][V]
Select All [Ctrl][A]
Unselect All [Ctrl][Shift][A]
Preferences [Ctrl][,]

Controls Menu:
Play / Pause [Spacebar]
Next song [Right]
Previous song [Left]
Next Chapter [Ctrl][Shift][Right]
Previous Chapter [Ctrl][Shift][Left]
Increase volume [Ctrl][Up]
Decrease volume [Ctrl][Down]
Mute [Ctrl][Alt][Down]
Eject Disc [Ctrl][E]

View Menu:
Toggle Browser [Ctrl][B]
Toggle Song Artwork [Ctrl][G]
Toggle MiniStore [Ctrl][Shift][M]
Toggle Visualizer [Ctrl][T]
List View [Ctrl][Alt][3]
Album View [Ctrl][Alt][4]
CoverFlow View [Ctrl][Alt][5]
Video/Viz: Half Size [Ctrl][0]
Video/Viz: Actual Size [Ctrl][1]
Video/Viz: Double Size [Ctrl][2]
Video/Viz: Fit to Screen [Ctrl][3]
Video/Viz: Full Screen [Ctrl][F]
View Options [Ctrl][J] or [Right click on a column heading]

A hacker who calls himself Kirllos has obtained and is now offering to sell 1.5 million Facebook IDs at astonishingly low prices — $25 per 1000 IDs for users with fewer than 10 friends and $45 per 1000 IDs for users with more than 10 friends — according to researchers at VeriSign’s iDefense. Looking at the numbers, Kirllos has stolen the IDs of one out of every 300 Facebook users.
Information for sale includes login credentials; whether or not the e-mail addresses and passwords are legitimate is currently unknown. Typically, this information would be sold for between $1 and $20 per account, according to data from Symantec. Currently, around 700,000 accounts have been sold. The threads where the accounts are being sold have been removed, as far as we are able to tell.
The users whose e-mail addresses and passwords have been compromised risk having their identities stolen, but they could also become targets of more insidious scams. As always, we will keep you updated about any Facebook scams that come across our news desk.
Hacking Facebook isn’t a new hobby for this person. Here’s a screenshot of another offer the hacker previously made on a forum earlier this year; then, he was then selling 100,000 hacked accounts from users around the world:

Kirllos also appears to have had an interest in iPhone applications at one point. According to some forum users, he was born in Russia, lives in New Zealand, is 24 years old and speaks both English and French.
It’s generally a good idea to change your password periodically. It’s also advisable to ensure that your social networking passwords are all different and to generate difficult passwords that include numbers, capital letters and special characters, if at all possible. Roboform, PassPack and KeePass are a few free or affordable resources to help you manage your online passwords in a secure fashion.
Additionally, our friends at Facebook recommend taking the following precautions:

  • Use an up-to-date browser that features an anti-phishing blacklist.  Some examples include Internet Explorer 8 and Firefox 3.0.10.
  • Choose unique logins and passwords for each of the websites you use.
  • Check to see that you’re logging in from a legitimate Facebook page with the domain.
  • Be cautious of any message, post or link that looks suspicious or requires an additional login, even if it’s coming from a friend.

More tips on securing your account can be found at Facebook’s official Security Page.

NEWS VIA mashable