Author - systemdigits.com

How To Find The WiFi Password Of Your Current Network

There are different ways to retrieve the WiFi password of the network that you are connected to. Out of these, some methods include complex steps, whereas some are pretty handy and require only few commands to extract the WiFi password of your current network. Read the article to know how you can do this.

 

 

Forgetting our own WiFi password is one of the most common mistakes we often commit. It’s really irritating not knowing the password of your own WiFi network to which your most of the devices are connected and having a hard time connecting a new one. So, here I will try to solve this problem for you. (Pardon me for using old Windows Classic theme, I like it this way :P).

 

 

In the following tutorial, I am going to tell you five different methods to find out WiFi password of your current network. These methods include retrieving WiFi password on a Windows, Linux, Mac, and Android device.

 

Method 1: Finding the WiFi Password  in Windows Using Command Prompt

  • First open the Command Prompt on your Windows PC by typing cmd in the Start Menu.
  • Now select Run as administrator by right-clicking on it.

wifi-password-cmd

  • Once Command Prompt is opened, you need to type the following command in it (Replace systemdigits with your WiFi network name), and hit enter.

 

 

  • After hitting Enter, you will see all the details including your wifi password as key content (as shown in the above picture).
  • In case you want a list of your previous WiFi connections, type this command:

wifi-password-previous-profiles

 

Method 2: Revealing WiFi Password Using General Method in Windows

  • First navigate through the system tray and right-click the WiFi symbol.
  • Now select Open Network and Sharing Center.wifi-password-network-sharing center
  • Now click on Change adapter setting. Since I am using Windows Classic theme here, so you might find a little change in the icons, but I assure you that the method is same in Windows 7, Windows 8, and Windows 10.

wifi-adapter-setting

  • Now right click on the WiFi network and select status on the drop-down menu.

wifi-adapter-setting-status

  • Now click on Wireless Properties in the resulting pop-up window.

wireless-properties

  • Click on Security and then Show characters to find out the password of your current WiFi network.

wifi-password-simple

Method 3. Retrieve WiFi Password in Mac using Terminal

  • Press Cmd+Space to open Spotlight, and then type terminal to open the Terminal window.
  • Now enter the following command (replace systemdigits with your WiFi network name and press enter) and then enter your Mac username and password.

mac-wifi-password-network

 

  • Your WiFi password of the current network will appear in plain text.

Method 4: Extracting WiFi Password in Linux

  • Press Ctrl+Alt+T in order to open the terminal in Linux.
  • Now type the following command (replace systemdigits with your WiFi network name) and then enter your Linux username and password.

 linux-wifi-password

 

  • You will find your WiFi password there, in case you want to know the network name, type the following command:

Method 5: Finding Wifi Password in Android

This method needs a rooted Android device with the free app ES File Explorer installed on it. Follow these simple steps to recover your WiFi password:

  • Open ES File Explorer. Now in the menu, go to Local, then tap on Select Device. Here ES File Explorer will ask for the Super User permission, click and allow it.
  • Now open the folder named data and look for folder misc.
  •  Now open the folder “wifi” where you will spot a file named wpa_supplicant.conf.
  • Open it as text and look for your WiFi name (SSID). Below the SSID, you’ll find your lost WiFi password (psk).

 

Ten Free Wireless Hacking Software

There are lots of free tools available online to get easy access to the WiFi networks intended to help the network admins and the programmers working on the WiFi systems and we have picked the top 10 of those for ethical hackers, programmers and businessmen.

Internet is now a basic requirement be it office or home as it is majorly used in smartphones besides computer. Most of the times people prefer to use wireless network LAN which is much easier and cost effective.

It has been observed that the neighborhood WiFi hot-spots are visible on user’s device however one can get access to the same only by cracking password with the sole purpose of using free internet. Also in case of big firms where all the employees are connected through a wireless network admin might want to keep a check on the network traffic and hence even they need tools to crack the network.

Vulnerability in the wireless LAN is majorly due to poor configuration and poor encryption. Poor configuration includes the case of weak password mainly done purposefully by the network admin to check the network traffic. Poor encryption is dangerous as it is related to the 2 security protocols WEP (Wired Equivalent Privacy) and WPA (WiFi Protected Access) and WPA is again of 2 types WPA1 and WPA2, WPA was introduced in 2003 as WEP protocol was easy to crack. The tools used to hack the network is used either for the purpose of sniffing the network : as is the case of network admins and
    cracking the password: used by programmers to rectify the trouble shooting and by the people who want to use internet free of cost. It has been seen that based on this concept there are around 10 tools together which can be understood to hack wireless LAN.

Aircrack

Most popular wireless password cracking tool, it attacks 802.11a/b/g WEP and WPA. This tool manufacturers also provides tutorial for installation of the tool and its usage for cracking the password. Prior to using this tool it is essential to confirm that the wireless card can inject packets as this is basis of WEP attack. This can be downloaded from: http://www.aircrack-ng.org/

2) Cain & Able: This tool intercepts the network traffic and cracks the passwords forcibly using crypt-analysis attack methods. It also helps to recover the wireless network keys by analyzing routine protocols. Can be downloaded from : http://www.oxid.it/cain.html
inSSIDer

This tool has been awarded “Best Opensource Software in Networking” and is a paid software available at a cost of $19.99. This is popular scanner for Microsoft Windows and OS X operating systems and can do a lot of tasks which can be helpful for the admins to sniff the network LAN. Can be downloaded from : http://www.inssider.com/
WireShark

This is network protocol analyzer. So again good for the network admins to keep a check on the traffic. Basic requirement is that the user should have a good knowledge of the network protocol only then they can use this tool. Can be downloaded from : https://www.wireshark.org/
CoWPAtty

This tool is an automated dictionary attack tool for WPA-PSK. CoWPatty is simple to use however it is slow as tool uses the password dictionary for generating hack for each word contained in the dictionary by using the SSID. Can be downloaded from: http://sourceforge.net/projects/cowpatty/
Airjack

This is a Wi-Fi 802.11 packet injection tool. Mostly used to check for the “man-in-the-middle (MiTm) flaws” in the network and mitigate them. Can be downloaded from : http://sourceforge.net/projects/airjack/
WepAttack

This is an open source Linux tool for breaking 802.11 WEP keys. While working with this tool a WLAN card is required and basically the tool attacks working key using the dictionary words. Can be downloaded from : http://wepattack.sourceforge.net/
OmniPeek

This is again network analyzer tool working only on Windows OS. This tools captures and analyzes the network traffic. The tool can be also used for trouble shooting. Can be downloaded from : http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer
CommView for WiFi

This is for wireless monitoring and protocol analysis. Captured packets can be decoded by user-defined WEP or WPA keys.  This again is mainly used to monitor the WiFi traffic by the professional programmers, protocol admins and even at homes. Can be downloaded from : http://www.tamos.com/products/commwifi/
CloudCracker

This is online password cracking for WPA protected WiFi networks. It is used to crack the passwords by using a dictionary of around 300 million words. Can be downloaded from : https://www.cloudcracker.com/

Most of these tools are free; some of them are for protocol analyzers to monitor the trouble shooting whereas others are for hacking the password for unauthorized internet access also there are tools which use the dictionary words to crack the password.

For the network admins and the professional programmers these tools should be more helpful for understanding the cracking of password and hence helping them professionally.

However, one needs to be cautious when using the tools as this might be an offense to use the tools to crack the passwords and get unauthorized access to the internet in some countries. Also such kind of tools are also used by cyber criminals and terrorists to get easy access for free usage of internet anonymously.

Record-breaking 1 Tbs speed achieved over 5G mobile connection.

New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.

1TBPS OVER 5G
Security researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.

After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.

The 5G test was conducted at the university's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.

DOWNLOAD 100 MOVIES IN JUST 3 SECONDS
1Tbps of speeds are far faster than previously announced 5G tests – Samsung’s 7.5 gigabits per second (Gbps) record, which was 30 times faster than 4G LTE (Long-Term Evolution) speed and just less than 1% of the Surrey team's speed.

    "We have developed 10 more breakthrough technologies and one of them means we can exceed 1Tbps wirelessly. This is the same capacity as fiber optics but we are doing it wirelessly," 5GIC director Prof Rahim Tafazolli told the news website V3.

With 1Tbps, it is possible to download a file 100 times the size of a feature film in just three seconds. This incredible speed is over 65,000 times faster than the current 4G download speeds.

5G EXPECTED TO ROLL OUT BY 2020
The test was carried out over a distance of 100 meters using equipment built at the university. The head of the 5GIC said he planned to demonstrate the technology to the public in 2018. It’s believed that 5G could possibly be available in the UK by 2020.

UK communications regulator Ofcom has been supportive of efforts to get 5G to the public. Ofcom previously said it expected 5G mobile should be able to deliver speeds between 10 and 50Gbps, compared with the 4G average download speed of 15 Megabits per second (Mbps).

    According to Prof Tafazolli, there were hurdles to overcome before 5G would be ready, he said, "An important aspect of 5G is how it will support applications in the future. We don't know what applications will be in use by 2020, or 2030 or 2040 for that matter, but we know they will be highly sensitive to latency."

There is a need to bring "end-to-end latency down to below one millisecond" in order to enable latest technologies and applications which would just not be possible with 4G. Tafazolli mentioned 3D holographic chess games on smartphones, controlling connected cars over 5G and other possible future applications requiring such low latency.

5G – NEW FRONTIER FOR CYBER ATTACKS
5G will, no doubt, provide a high speed Internet connectivity that would be really a great news for all, but that would be a distinction for cyber criminals as well. In Future, by leveraging 5G technology, it would be very easy for hackers and cybercriminals to take down almost any website on the Internet using Distributed Denial of Service (DDoS) attacks.

In Era of expected 50Gbps Internet speed at home or business, there would be no need for cyber criminals to make a critical infrastructure of botnets by compromising hundreds of thousands of devices, rather they only need few devices with 5G Internet connection to launch the ever largest DDoS attack of around 1 Tbps.

To resolve such issues in future, High speed Internet service providers and online communications service providers need to setup real time monitoring, reporting, limiting, and mitigation and protection mechanism against DDoS attacks in an attempt to protect online users.

Learning to become a Hacker.

Hacker doesn’t mean “to use hacking tools which made by professional or by other anonymous hackers”  if you do use hacking tools you would called “cracker” or “noob” in the hackers world.

Becoming a hacker is not an easy job, it needs a lot of interest, passion and hardwork. If you are interested in hacking or in cyber world then it’s not a tough job for you to become a hacker.

So let us elaborate in steps for becoming a hacker

1. Learn about basic computer stuff (using operating system, and other stuff)

Learn using operating system, fixing every problem you face in your pc, then you should use multiple operating systems like linux or more,

2. Learn about networking concepts

Learn about networking concepts, new networking terms (protocols, ip addresses, http, ftp and more)

3. Learn c programming language or Javascript

c programming language, is the first language picked mostly for learning programming

4. Learn php scripting language

As per the professional hackers, php is much more useful for hacking into web entities, php is also useful for web developing

5. Try to understand how hacking tools work

You can use hacking tools which are made by experts, but this won’t make you a hacker, more a script kiddie or noob (this is real hackers would call you). In order to get a real hacker, you need to understand how hacking tools work and be able to code them even yourself.

6. Learn about new malwares

Every week new malware is being introduced to the cyber world which are made by black hats, in order to gain fame, earn money or more. Learn about malwares through hacking websites.

Do some research on them, particularly about how they are working

7. Learn some white hat hacking

It’s your choice whether you want be  black hat or white hat, while white hats are known as good guys, black hats are the ones doing illegal things with their hacking skills, either for personal interests or for money. Do some white hacking, it will help you gain experience in hacking, if you want be white hat, then you should participate in bug bounty programs.

8. Try to make tools with python

Python is a widely used programming language, you can use python for making your own hacking tools, or other programming languages in which you are good, but python is the most preferred language used by hackers for making hacking tools

9. Most important step is secure yourself from being hacked

Before starting into hacking stuff, it is important to secure yourself from being caught or being hacked by using a VPN or other methods.

10. Spend a lot of time with hacking and programming

The more time you spend with hacking or programming, the more you’ll become stronger

So spend at least 4 to 5 hours daily,

 

Macro Malware Is Back From The Dead, Here’s How To Defeat It

Macro-malware-backShort Bytes: The notorious macro malware from the 1990s is making a comeback in a big manner. The latest security reports suggest that macro malware attack techniques have evolved with time and you need to be extra cautious. Read this article to know how macro malware works and know the steps to defeat such attacks.

Macro malware is back – it’s the latest word on the street – according to the security researchers at MacAfee Labs. They have just released their regular threat report that outlines the latest security trends. Hiding in Word documents, Macro malware first rose to the surface in the 1990s.

But, why are we witnessing a sudden rise of the Macro malware in the last month? The MacAfee Labs report tries to find out the reasons and mentions the steps that need to be taken to secure ourselves.

If you are an avid follower of the security trends, you would remember the familiar message from about 20 years ago that read “Warning: This document contains macros.” Threats like WM.Concept (first macro virus to spread through Word) and Melissa (first mass-mailing macro virus) haunted the PCs until Redmond took steps to calm them down.

How does macro malware work?

A Macro automates the frequency of a performed task and does it repeatedly. Usually, a macro malware is a piece of embedded code hidden in a document. If it’s attached to a Microsoft Office file, it’s usually written in Visual Basic for Applications.

macro-malware-return

Whenever some infected PC’s user performs an operation like opening a document or starting Word, a macro malware runs automatically. Due to the popularity of Microsoft Word, this malware spreads easily. When Microsoft recognized the threat, it changed the default Office configuration and stopped allowing macro execution.

Why has macro malware returned?

Many big organizations use macros and make themselves prone to the risk by opening the backdoor. As a result, hackers take the advantage of the situation and use methods like social engineering to facilitate the return of macro malware. It is spread through spam email attachments with frequently changing subjects to avoid detection.

In the recent years, the increasing popularity of the Office software has allowed them to access more low-level PC features. During the past few quarters, we have noticed a huge increase in the macro malware. As a result, the Office macro threat is at its highest level in the past six years.

macro-malware-return
How to defeat macro malware attack?

After being around for almost two decades, the new breed of macro malware has become more efficient and flexible by utilizing features like PowerShell.

macro-malware-return-word

    To defeat such attacks, you are advised to install the operating system and Office updates and patch the vulnerabilities regularly.
    Use an antimalware software and configure it to scan all email and attachments. Turn off the settings that allow the documents to download and open directly.
    Don’t open unexpected documents received in emails and configure your browser security settings to the maximum level.
    Look for pings from IP addresses like 1.3.1.2 or 2.2.1.1, etc. from internal computers.
    Be extra cautious while opening empty documents that ask you to enable macros to views the content.

Source: MacAfee Labs.

Bill Gates Sponsored Giant Fans Will Soon Suck CO2 From Air and Recycle it as Fuel

Carbon-Engineering-Plant; CO2 is the major cause of climate change and global warming. As of now, sustainable development is just in speeches and when an immediate solution was seeming unlikely, Carbon Engineering came up with a technology that would reduce and recycle the CO2 present in the atmosphere instantaneously.
The rate of climate change today, and its effects on the planet’s future, incite some of the strongest opinions and anxiety among the people. While the world acknowledges it, yet no one wants to share the responsibility. No wonder Elon Musk calls this as humanity’s dumbest experiment.

Carbon emission is the biggest contributor to the increase in global temperatures worldwide, and it will continue to do so until an immediate solution is panned out. Planting trees can do the trick, but it would require vast amounts of fertile land to absorb even a small volume of CO2. But what if we could build something that does the same as forests- suck CO2 out of the atmosphere?

Carbon Engineering, a company sponsored by Bill gates, is working on technologies to take CO2 directly out of the atmosphere. It sounds amazing but not easy as CO2 represents just one molecule out of 2500 molecules in the air.

Carbon Engineering has built the prototype contactor that converts 100 kilos of carbon dioxide present in the atmosphere every day into harmless carbonates. Now just imagine the extent of their full-scale system.

At its maximum capacity, the full-scale system by the Carbon Engineering team is expected to capture the emissions from 300,000 cars every year. Air capture doesn’t require any exotic technology and can be scaled in size and installed anywhere on the Earth (since CO2 is present everywhere) depending on the economic and industrial needs of the place.

And, it doesn’t end here. The pure CO2 can be combined with H2 and form hydrocarbon fuels such as gasoline and jet fuel, thus continuing the above process.

Air-capture-forming-hydrocarbon-fuel

Air capture seems quite a promising technology, a solution that could provide sustainable development at a lower cost. The conventional cars are not going out anytime soon and nor the industries going to slow their pace, so air capture could be a game changer without affecting the development agenda of the countries.

3 Easy Steps that Protect Your Website From Hackers

As a webmaster, is there anything more terrifying than the thought of seeing all of your web-developed work being altered or wiped out entirely by a nefarious hacker?  You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!

In addition to regularly backing up your files (which you should already be doing, for various reasons), taking the following three easy steps will help to keep your website safe:

 

Step #1 – Keep platforms and scripts up-to-date

One of the best things you can do to protect your website is to make sure any platforms or scripts you’ve installed are up-to-date.  Because many of these tools are created as open-source software programs, their code is easily available – both to good-intentioned developers and malicious hackers.  Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting any platform or script weaknesses.

As an example, if you’re running a website built on WordPress, both your base WordPress installation and any third-party plugins you’ve installed may potentially be vulnerable to these types of attacks.  Making sure you always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way – though this isn’t a “fail safe” way to protect your website.

 

Step #2 – Install security plugins, when possible

To enhance the security of your website once your platform and scripts are up-to-date, look into security plugins that actively prevent against hacking attempts.

Again, using WordPress as an example, you’ll want to look into free plugins like Better WP Security and Bulletproof Security (or similar tools that are available for websites built on other content management systems).  These products address the weaknesses that are inherent in each platform, foiling additional types of hacking attempts that could threaten your website.

Alternatively – whether you’re running a CMS-managed site or HTML pages – take a look at SiteLock.  SiteLock goes above and beyond simply closing site security loopholes by providing daily monitoring for everything from malware detection to vulnerability identification to active virus scanning and more.  If your business relies on its website, SiteLock is definitely an investment worth considering.

site lock hacking protection

 

 

 

Step #3 – Lock down your directory and file permissions

Now, for this final technique, we’re going to get a little technical – but stick with me for a moment…

All websites can be boiled down to a series of files and folders that are stored on your web hosting account.  Besides containing all of the scripts and data needed to make your website work, each of these files and folders is assigned a set of permissions that controls who can read, write, and execute any given file or folder, relative to the user they are or the group to which they belong.

On the Linux operating system, permissions are viewable as a three digit code where each digit is an integer between 0-7.  The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else.  The assignations work as follows:

4 equals Read
2 equals Write
1 equals Execute
0 equals no permissions for that user

As an example, take the permission code “644.”  In this case, a “6” (or “4+2”) in the first position gives the file’s owner the ability to read and write the file.  The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.

So, a file with “777” (or 4+2+1 / 4+2+1 / 4+2+1 )permissions would then readable, write-able, and executable by the user, the group and everyone else in the world.

As you might expect, a file that is assigned a permission code that gives anyone on the web the ability to write and execute it is much less secure than one which has been locked down in order to reserve all rights for the owner alone.  Of course, there are valid reasons to open up access to other groups of users (anonymous FTP upload, as one example), but these instances must be carefully considered in order to avoid creating a security risk.

For this reason, a good rule of thumb is to set your permissions as follows:

  • Folders and directories = 755
  • Individual files = 644

To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP.  Once inside, you’ll see a list of your existing file permissions (as in the following example generated using the Filezilla FTP program):

chmod 1

The final column in this example displays the folder and file permissions currently assigned to the website’s content.  To change these permissions in Filezilla, simply right click the folder or file in question and select the “File permissions” option.  Doing so will launch a screen that allows you to assign different permissions using a series of checkboxes:

chmod 2

Although your web host’s or FTP program’s backend might look slightly different, the basic process for changing permissions remains the same.

Shocking!!! Instagram hacked. Researchef hacked into instagram server and Admin panel.


how-to-hack-instagram
Ever wonder how to hack Instagram or how to hack a facebook account? Well, someone just did it!

But, remember, even responsibly reporting a security vulnerability could end up in taking legal actions against you.

An independent security researcher claims he was threatened by Facebook after he responsibly revealed a series of security vulnerabilities and configuration flaws that allowed him to successfully gained access to sensitive data stored on Instagram servers, including:

    Source Code of Instagram website
    SSL Certificates and Private Keys for Instagram
    Keys used to sign authentication cookies
    Personal details of Instagram Users and Employees
    Email server credentials
    Keys for over a half-dozen critical other functions

However, instead of paying him a reward, Facebook has threatened to sue the researcher of intentionally withholding flaws and information from its team.

Wesley Weinberg, a senior security researcher at Synack, participated in Facebook's bug bounty program and started analyzing Instagram systems after one of his friends hinted him to a potentially vulnerable server located at sensu.instagram.com

The researcher found an RCE (Remote Code Execution) bug in the way it processed users’ session cookies that are generally used to remember users' log-in details.
wesley-weinberg-security-researcher
Remote code execution bug was possible due to two weaknesses:

    The Sensu-Admin web app running on the server contained a hard-coded Ruby secret token
    The host running a version of Ruby (3.x) that was susceptible to code execution via the Ruby session cookie

Exploiting the vulnerability, Weinberg was able to force the server to vomit up a database containing login details, including credentials, of Instagram and Facebook employees.

Although the passwords were encrypted with ‘bcrypt’, Weinberg was able to crack a dozen of passwords that had been very weak (like changeme, instagram, password) in just a few minutes.

Exposed EVERYTHING including Your Selfies

Weinberg did not stop here. He took a close look at other configuration files he found on the server and discovered that one of the files contained some keys for Amazon Web Services accounts, the cloud computing service used to host Instagram's Sensu setup.

These keys listed 82 Amazon S3 buckets (storage units), but these buckets were unique. He found nothing sensitive in the latest file in that bucket, but when he looked at the older version of the file, he found another key pair that let him read the contents of all 82 buckets.
Instagram-admin-hacking
Weinberg had inadvertently stumbled upon almost EVERYTHING including:

    Instagram's source code
    SSL certificates and private keys (including for instagram.com and *.instagram.com)
    API keys that are used for interacting with other services
    Images uploaded by Instagram users
    Static content from the instagram.com website
    Email server credentials
    iOS/Android app signing keys
    Other sensitive data

    "To say that I had gained access to basically all of Instagram's secret key material would probably be a fair statement," Weinberg wrote in his blog. "With the keys I obtained, I could now easily impersonate Instagram, or any valid user or staff member. While out of scope, I would have easily been able to gain full access to any user’s account, [personal] pictures and data."

Instagram-admin-hacking
Responsible Disclosure, but Facebook Threatens Lawsuit

Weinberg reported his findings to Facebook's security team, but the social media giant was concerned he had accessed private data of its users and employees while uncovering the issues.

Instead of receiving a reward from Facebook for his hard work, Weinberg was unqualified for the bug bounty program by Facebook.

In early December, Weinberg claims his boss Synack CEO, Jay Kaplan, received a scary call from Facebook security chief Alex Stamos regarding the weaknesses Weinberg discovered in Instagram that left Instagram and Facebook users wide open to a devastating attack.

Stamos "stated that he did not want to have to get Facebook's legal team involved, but that he was not sure if this was something he needed to go to law enforcement over," Weinberg wrote in his blog in a section entitled 'Threats and Intimidation.'

In response, Stamos issued a statement, saying he "did not threaten legal action against Synack or [Weinberg] nor did [he] ask for [Weinberg] to be fired."

Stamos said he only told Kaplan to "keep this out of the hands of the lawyers on both sides."

    "Condoning researchers going well above and beyond what is necessary to find and fix critical issues would create a precedent that could be used by those aiming to violate the privacy of our users, and such behavior by legitimate security researchers puts the future of paid bug bounties at risk," Stamos added.


Facebook Responds

After the original publication by the researcher, Facebook issued its response, saying the claims are false and that Weinberg was never told not to publish his findings, rather only asked not to disclose the non-public information he accessed.

The social media giant confirmed the existence of the remote code execution bug in the sensu.instagram.com domain and promised a bug bounty of $2,500 as a reward to Weinberg and his friend who initially hinted that the server was openly accessible.

However, the other vulnerabilities that allowed Weinberg to gain access to sensitive data were not qualified, with Facebook saying he violated user privacy while accessing the data.

Here's the full statement by Facebook:

    We are strong advocates of the security researcher community and have built positive relationships with thousands of people through our bug bounty program. These interactions must include trust, however, and that includes reporting the details of bugs that are found and not using them to access private information in an unauthorized manner. In this case, the researcher intentionally withheld bugs and information from our team and went far beyond the guidelines of our program to pull private, non-user data from internal systems.

    We paid him for his initial bug report based on the quality, even though he was not the first to report it, but we didn't pay for the subsequent information that he had withheld. At no point did we say he could not publish his findings — we asked that he refrain from disclosing the non-public information he accessed in violation of our program guidelines. We remain firmly committed to paying for high quality research and helping the community learn from researchers' hard work.

Chinese hacker Steals $170,000 by hacking airline website and offering ticket booking:


Chinese Hacker Pockets Cool $170,000 After Hacking Airline Website
Chinese hacker defrauds hundreds of passengers by cancelling the flights and sending them re-booking offers

A 19-year-old man in Dalian, China has been arrested by the police after he was caught hacking into an airline’s website, stealing booking information from 1.6 million ticket orders, and ripping off hundreds of travelers. Using the information, the teen went on to make hundreds of fraudulent transactions that pocketed him 1.1 million Yuan ($170,000 / €156,000).

The teenager, identified as Zhang from Heilongjiang, north-east China hacked the website of a yet unnamed Chinese airline company by exploiting vulnerabilities in its B2B system. He illegally downloaded 1.6 million passengers booking details such as names, flight details, ID card numbers, email addresses, and mobile phone numbers.

He also used his access to the website to cancel some current bookings, and later, using the stolen information, he sent out groups texts, telling them that the “the plane is out of order and the flight is cancelled”. They needed to pay extra fees if they wanted to rebook. This is how the hacker made his money, by offering a re-booking link that pocketed him re-booking fees.

It took the airline three weeks to notice the data breach. The airline lost more than 80,000 yuan ($12,365 USD) from people demanding a refund.

The hack lasted from July 31 to August 20, and by August 22, the airline announced the breach after several fraud complaints from customers, and also on the same day alerted Guangzhou police.

“The suspect coded the hacking software himself,” a police officer said.

According to People’s Daily Online, authorities eventually tracked down Zhang and arrested him in Dalian, a city in North China, on November 11. A police officer said the hack was a result of a loophole in the airline’s computer system and was not highly sophisticated.

5 ways to find what Google knows about you


Five ways in which you may find out what information does Google possess about you

Since Google has become the synonyms with Internet, the whole science of advertisement has somewhat changed. But one thing has remained unaffected-Threats of your personal information being leaked or sold to some ad-company. We are here with some ways you can know upto which extent your details are being kept.
1.Account Login Details

Using Google you can actually check all your account login details that will include all the device details with which your account is logged in. And also the location of the device where your account is logged in. And your can use this service at the page Google Security with your account.
2.Google Dashboard

This is one of the cool feature of Google where you can see all the summary of your Google account in a single place. This will include all yours calendar records, your contacts details, your sync bookmark, your cloud printed documents and lots of things that you will get to know when you use this. So visit the Dashboard to see all these details.
3.Google Ads you clicked

This is one of the cool thing that keeps track on your internet ads interest activities, with this you will get to know about the ads that you had clicked and all these will be categorized according to their type and you can see all your clicks interest. So visit Google Ads page today.
4.Recent activity on Web or Apps

This is the another cool feature that allow user to check out their searches keyword that they had used in some of apps and with that you can have a look on the most used or searched keyword by visiting the Web & App Activity Page.
5.Location History

One of the best feature that provided by the search engine website to user is the location history. This feature can be really helpful when you want to find any missing person by checking its location history. You can manage each and everything easily. You may like to visit Google Location History.