--Originally published at Paco's adventures

This post is for you to experiment with your router. Maybe you know, or don’t, but you can access your router and change stuff like the name of your network, the password and also the password to access the router. To enter the router you first need its IP address, which you can find in the properties of the network you are connected. After you enter that IP address in a web browser you will be in a log-in page and here is where the fun begins (It’s something like this):

If you check the manual of your router it will tell you that to access it you write something like “admin” or “root” as username and “password” or “admin” for the password, this is the default setting of the router, and you should/must not leave it like that, why? because if someone want to be a bad person, they can enter and modify the things I wrote at the beginning.

You can check the brand of your router in the internet and you will find a page that tells you the default username and password to access it, so it’s not difficult for someone (hacker) to find out and do bad things to your network.

But why am I telling you all of this? Well it’s because of a friend’s story: He went to a place where sell buffalo wings, he saw that the place had wi-fi and just for the heck of it he checked if their router was secure, and oh surprise, it wasn’t he could’ve done anything he wanted, but he is a really nice guy and told the owner the problem and even help him fixed it. Now, almost every place I go (restaurants, bars, shops, etc.) I try to enter their router so Continue reading "Become the hackerman of your router" →

--Originally published at Paco's adventures

Maybe you have noticed that the cars are getting more advanced in their technology, this is great, or is it? More technology doesn’t always mean better or more secure. Of course I’m talking about this from the perspective of informatics, right know most of the cars have bad, or not even have security against hackers. But, why is this an issue? How can this happen? and what are the big companies going to do? Well, let me tell ya!

First, How can someone hack a car? I’ll try to be as simple as possible with the explanation. A lot of the computers used in the cars control things like the brakes, air conditioner, stereo, lights, the gearbox, etc. Mostly all the cars use a bus network to connect each of the computers. Something like this:

In a network like this, you just need to access one of the computers to see what the other computers are doing, and usually there is not a lot of security inside the bus. It has been proved that a lot of ports in the computers are left open for no reason and the hackers can exploit them. Things like the bluetooth and the wi-fi inside the car doesn’t have security. Here is an example of cars hacked (Volkswagen and Audi):

https://www.bleepingcomputer.com/news/security/volkswagen-and-audi-cars-vulnerable-to-remote-hacking/

And if you look for yourself, there are more examples of other cars being hackable. All of this is an issue, a big one, because as I said before, they can control things like the breaks and the gearbox, the hackers can cause an accident making it seem like it was your fault and also it would untraceable, in my opinion the companies should slow down their car releases and start making sure their cars aren’t easily hackable, thankfully they are Continue reading "Not even your car is safe!" →

--Originally published at Paco's adventures

When you hear about a platform/company having passwords leaked or stolen, yeah you should be worried but not a lot like going crazy if you know that they (the platform/company) have good encryption with a little bit of salt and pepper and they reset your passwords when you forget them, what do I mean by these two things?

First the salt and pepper. You all know that the passwords have to be encrypted for security reasons, in this context “salt” means adding more words to the password the user types in, for example: I type “CatDog”, the platform adds “R4%” (the salt part) to what I typed so it becomes “CatDogR4%” and then it encrypts it so the encrypted password becomes more difficult to decipher it.

You might say: “This is useless if the hacker finds out what the ‘salt’ is” and you are right but that’s why the pepper, the pepper is like the salt but dark…. Okay it was bad joke but seriously the pepper is like the salt but it’s random, using the example from before: I type “CatDog” and the system adds a random letter and the “4%”, it becomes “CatDogY4%”; the hacker has to spend more time because of the random part. You can say both salt and pepper are really useful, but none of this matters if the company doesn’t use them, but how do you know if they even encrypt your password? This brings me to the second point.

When I said that it’s good that when the platform asks you to reset your password when you forget it’s because they REALLY DON’T KNOW YOUR PASSWORD. They may have a database with the passwords encrypted, but they can’t de-encrypt them, that’s why when you forget your password they don’t send you an email Continue reading "A password with salt and pepper!" →

--Originally published at Paco's adventures

Hey everyone! I’m sure a lot of you have heard about the bitcoins and how are increasing and decreasing in value and that some people or countries are already using them or even banning them, but, Do you really know how they work or what exactly are? Do you know how to obtain them? Is it really safe to invest on them? Well, I’ll try to give you all this answers and also some data of bitcoins related to security.

First, What are bitcoins? Bitcoins are a descentralized cryptocurrency, follow up question: What is a cryptocurrency? It is a digital currency that uses cryptography to secure and verify transactions and also for the creation of more units.

That’s a good explanation but I will add more to it. Bitcoin is digital money that it has no real value in real life (like gold or bills), just the believe that they have some other value in products. But how does it operate? Well there are a group of people in the bitcoin network, the maintainers, who have a copy of the ledger (book of financial accounts), and they are in charge of making sure the transactionsare correct and not a fraud. Each transaction has the amount, the accounts from where and to who is going that transaction and also a signature encrypted to make sure is the real person doing the transaction and not a fake account, each transaction has their own signature.

To make sure all the maintainers have the same ledger, all of them vote… with MATH! That’s right, they pull a math problem and the first who solve it, and also has a record of multiple problems solved, becomes the “leader” and everyone follows its ledger.

When they solve a problem, and also there is a fee for Continue reading "Let’s talk about Bitcoins!" →

--Originally published at Paco's adventures

Hello everyone! How you doing? Sorry for not uploading in a long time but now I’m back so let’s get to the main topic: Passwords, more specifically, remembering passwords and reusing them in different pages and accounts.

I’m gonna be honest, I’m really bad at creating and remembering different passwords for my accounts whether it’s for games, job, school or Netflix. Not only that but I usually use the same password with some variations like numbers, special characters and more.

Also, if I want to use a completely new password I write it down in a note where my other passwords are, and also my usernames, and I leave it on my desk. But then, if I don’t remember my username or password and I’m out, I’m basically screwed. Maybe there are people out there with a problem like mine, well in that case I found or rather my classmates and my teacher gave me a great solution: LastPass.

This is a great tool and it had helped me a lot. It is a password manager service that can be use in your web browser and what it does is that you create your account and you get you master password, after that when you enter your username and password for Youtube, Facebook, etc. your password gets locally encrypted. After that, not only you don’t have to type again both of them to enter, LastPass remember them and it doe sthe job for you.

Not only that but it also has a security test where it compares all your passwords in all the accounts and tells you how strong or weak are and how many times you repeat it how similar are they to others so you can take action and change them. When I did the test the first Continue reading "What was my password again?" →

--Originally published at Paco's adventures

No, I’m not telling to buy one (unless you really want one, then go for it!). What I’m saying is that, if you want to be a hacker, be a white hat hacker; yes, you can use a white hat if you want, but that’s not the real meaning of it.

You might not know but there are 3 types of hackers and they are represented by a hat with a certain color: Black, Gray and White. The black hat hackers are those who break into networks or other systems and do harmful stuff like taking down a website or service or steal and sell passwords, bank account or data in general.

The white hats are those called ethical computer hackers and they use their skills in security to help companies or the goverment to find possible security flaws that could be explode by black hats. Some black hats had turned to the white side after the goverment/company offer them a job because of their prowess in security. Some of the most known white hat hackers are:

• Dan Kaminsky
• Tsutomu Shimomura
• Kevin Mitnick (former black hat)

The gray hats are the ones in the middle. They generally don’t have malicious intentions but they act illegally and they do what they do because they can, not because they want to earn money. If they get some kind of data, the way they use that data comes down to the hacker’s moral code.

Now you know that not all hackers are bad, some of them are here to help us. If you want to know more about  hackers, other security stuff or simply you liked the post leave a comment. Thanks for passing by!