Email | Link Exchange | News | Phishing | SQL | SEO | Tools | | Tutorials | Penetration Testing | Trojans & Keyloggers | Videos

Share This Post With Your Friends

Saturday, February 27, 2010

How to access blocked websites from within a corporate environment: Download Anonymous Surfing Tool UltraVPN Absolutely Free

UltraVPN is a client/server SSL VPN solution based on OpenVPN. It encrypts and anonymizes your network connection.

UltraVPN is a simple user interface to connect or disconnect to our VPN servers.

To use UltraVPN, you need to right click on a traybar icon (on the bottom right of your screen) that looks like a computer with a red screen. After right clicking on it, choose "connect".

Who's using UltraVPN?
It's used in environments where, for some reason, access to the internet is restricted.

It can be used by any individual who simply wants to protect his privacy, either on a LAN or a public hotspot.

How can I use UltraVPN?
Download the software client and create a (username, password). You are now able to connect to the VPN.

What can you do with UltraVPN?
  • Access blocked websites from within a corporate environmement
  • Connect or log in into MSN if it's blocked
  • Use VoIP software like Skype if it's blocked
  • Protect your email and browsing privacy
Is UltraVPN secure?
You can check its source code and build it yourself. UltraVPN is fully based on OpenVPN. OpenVPN is the de-facto reference for SSL VPN.

UltraVPN servers are run by Lynanda . No connection or traffic logs are kept.

You can do what you want while using UltraVPN, all anonymously

If you're not sure whether UltraVPN is secure or not, feel free to ask us.

You can also get tierce-party advice about UltraVPN. Typing UltraVPN in Google is a good starting point.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Anonymous Surfing, Bypass proxy and firewall, Tools and Softwares

6000 Cheats & 10000 CD keys for various games: Download for free

* Found link while googling. I have not uploaded these files. PLS REPORT ANY BROKEN LINK on OR leave a comment here *

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Cheats and CD Keys, Tools and Softwares

How to Hide IP Address: Download IP Anonymous Surfing Tool 16in1 2009 Absolutely Free


  • 01 #1 Anonymous Proxy List Verifier 1.1
  • 02 Anonimity 4 Proxy 2.8
  • 03 Charon 0.6
  • 04 Get Anonymous 2.1
  • 05 Ghost Surf Platinum 2007
  • 06 Hide ip Platinum 3.42
  • 07 Hide The Ip 2.1.1
  • 08 Invisible Browsing 5
  • 09 IP Switcher Professional 1.01.12.0
  • 10 Multi Proxy v1.2
  • 11 Net Conceal Anonymity Shield 5.2.059.02
  • 12 Proxy Switcher Standard 3.7.2.3913
  • 13 Proxy grab 0.6
  • 14 proxy way extra v3.2
  • 15 Smart Proxy Helper 1.5
  • 16 Steganos Internet Anonym 2006 v8.0.1
DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Anonymous Surfing, Tools and Softwares

Watch TV on the internet with Readon TV Movie Radio Player. Channel from all over the world

THE COMPLETE ENTERTAINMENT SOLUTION FOR THE PC!
The program Readon TV Movie Radio Player allows you to listen to radio , watch TV broadcasts and access to latest movies on the internet. All you need is a Windows PC and and Internet connection. There is no need for a PC TV card because the TV channels are streamed through your internet connection. This is probably the best and yet free internet TV and radio you can get:
  • Thousands of TV and Radio channels.
  • Latest movies!
  • Live sports!
  • A rich variety of TV channels including movies, kids, news, general TV, music videos, etc.
  • A rich variety of Radio channels including pop, jazz, classical etc.
  • Able to record music from radio and MTV channels into MP3 files so that you can enjoy them
  • Record your favourite TV shows into asf video format.
  • Adult video search engines (thousands of videos).
  • Flash games search engine (thousands of games).
  • Movie search engine (thousands of movies)
  • Include ShoutCast, SopCast, TVU Player and Youtube.
  • Able to set password to prevent viewing of objectionable contents.
  • Automatic updating of channel lists.
FREE! And Much more!



If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

What is HackerWatch & What is Anti-Hacker Community ????

HackerWatch is an online community where Internet users can report and share information to block and identify security threats and unwanted traffic.

With 2,000 malicious threats emerging each month, Internet users must continue to employ proven methods to safeguard vital information. Although firewall software is essential, HackerWatch is unique in its mix of community participation and proven technology: by analyzing corporate and individually-submitted data, HackerWatch reveals meaningful patterns of attacks, hacking attempts, and disruptions. Once a pattern is mapped, the appropriate authorities and ISP carriers can be notified.

HackerWatch delivers a truly proactive and direct approach to Internet security protection.

How does HackerWatch improve Internet security?
HackerWatch allows individual users to pool information to prevent hacking attempts, intrusion, and unwanted traffic. By combining data from thousands of nodes, Internet traffic such as that produced by automated tools that scan for vulnerable machines can be identified. As a result, the appropriate ISP can be notified and, in turn, remove the offender’s Internet access, which serves to reduce attacks worldwide.

Can HackerWatch identify hackers?
HackerWatch reduces hacking and intrusion by identifying the computers which instigate this activity. As HackerWatch expands, more sources and patterns will be identified. HackerWatch has proven very effective in locating compromised computers and servers. For example, Cheap Servers that have been infected with an Internet worm are frequently identified and the owner subsequently informed. Such action helps lower overall infection rates.

How can I submit data to HackerWatch?
HackerWatch is integrated with McAfee Personal Firewall.

Can I submit an entire log?
Not yet. In the near future, however, automatic event submission will be available through McAfee Personal Firewall.

Why does HackerWatch reject duplicate events with the same IP, port, and time?
Submitting multiple identical events is not beneficial when calculating a pattern of data. In the near future, McAfee Personal Firewall will simplify the event submission process and eliminate this message when you attempt to submit duplicate events.

CLICK HERE for World Internet Traffic Map

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Tutorial: Basic Information

Why intrusion prevention systems fail to protect web applications: Here are the TOP 7 Reasons

Organizations need to protect themselves from today's attacks which are occurring at the application layer. Intrusion prevention systems (IPSs) are often deployed in an attempt to protect web applications; however they are lacking many key protection elements. Below are the top seven reasons why IPSs fail to protect web applications:

1. A jack of all trades is a master of none.

IPSs have a wide protocol focus and are not solely focused on HTTP. This results in a reduced amount of system resources and signatures being allocated to web application protection. Web application firewalls (WAFs), on the other hand, do not inspect other protocols and can apply all processing and inspection power only to HTTP/HTTPS traffic.

2. You can't see me (access to encrypted traffic)

You can't inspect what you can't see. Most commercial IPSs are not capable of decrypting SSL traffic, which leaves a blind-spot in your detection and a channel for attackers to interact with the web application. The ability to decrypt and inspect SSL traffic is standard for WAFs.

3. Can you speak HTTP? (Application layer logic understanding)

Since IPSs are not “native” HTTP speakers, they do not properly parse the layer 7 web data down into their individual components, such as request headers, cookies and parameter names and payloads. They typically treat the HTTP data as one large blob of text which contributes to the higher false positive and negative alert ratios. WAFs are able to interpret the web data in the same way as the destination web application which means that it is able to better understand the context and apply rules and signatures more accurately.

4. Application layer rules (negative security model)

IPSs are mainly signature-based security systems so the breadth and quality is paramount. Unfortunately, most IPS signatures are based on vulnerabilities in public software so they are not effective for custom-coded web applications. WAF rules should also be generic in nature and provide “attack payload detection” to detect any variant of an attack.

5. Application profiling (positive security model)

IPSs typically inspect each request on its own, without any type of correlation of previous traffic. Commercial WAFs have automated learning and profiling capabilities based on a statistical model of all traffic that create custom, positive security profiles for each web resource. This allows for an input validation policy that permits only acceptable data to pass through and blocks attacks that are missed by the negative security model.

6. Application performance monitoring (Anti-automation/denial-of-service (DoS) defenses)

Acceptable traffic velocity levels are not a “one-size-fits-all” setting. Most IPSs have some form of base-lining capability which monitors traffic flows and can flag significant deviations, but they are not granular enough to be applied to each individual application resource. Web application attacks such as DoS, Brute force and scraping have unique thresholds for each site. WAFs are able to monitor the request velocity levels and apply threshold restrictions per resource, and block when these settings are violated. Additionally, by monitoring application response times, true DoS conditions may be identified.

7. Inspecting outbound data (information leakages)

IPSs focus mainly on the inbound requests and pay little attention to the data leaving the web applications. Attackers often use the data presented within web error messages to enumerate back-end database resources and fine tune their attacks. WAFs are able to inspect outbound response body payloads for typical database error messages and block it so that it is not provided to the client. In addition to error messages, WAFs are able to track the locations and amounts of sensitive data (such as credit card or Social Security numbers) and alert or block when there are changes.

Conclusion

Organizations need to change their approach to securing web applications by using products with specially designed features for protecting layer 7 traffic and data exchange.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion

2X Software discovers Windows crash vulnerability

Virtual computing expert 2X Software has identified one of the biggest security vulnerabilities in the Windows OS for many years.

Any PCs and servers running anything from the latest Windows 7/Server 2008 versions down to Windows 2000/Server 2003 are affected – they can be crashed just by running some simple code giving major implications for Denial of Service attacks.

Microsoft has already been informed.

This means tens of millions of home and business PCs and servers across the globe are potentially at risk.

One of 2X Software’s bespoke testing tools uncovered the critical error in the Windows operating system resulting in a blue screen and system reboot.

Testing this 10-year old bug showed that the following operating systems are all affected: Windows 2000, Windows XP (and XP Embedded), Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2.

The code needed to crash the system is very easy to develop and perfectly legal, with no ‘tricks’ or unusual techniques being required.

With just a few lines of code an application can be created that will crash the whole Windows system.

This flaw can be easily used inside malicious applications to generate a Denial of Service attack.

The problem can be easily corrected within the OS code by validating the arguments passed to the API.
Paul Gafa, CTO of 2X Software, says: “This is a major problem with potentially tens of millions of devices at risk. Such a vulnerability leaves users open to Denial of Service attacks which can be devastating – imagine your company servers and PCs being restarted remotely every few minutes.

“As it affects all the latest versions of the operating system, I expect Microsoft to patch it very quickly. They have already been informed.”

As the crash vulnerability needs some code to run, users are at risk when running an application, script, or active x control.

As with all malicious code, the best way to avoid problems is not to run any applications from unknown sources, avoid websites of unreliable content, configure your web browser to the safest settings, and arm yourself with an updating virus scanner.

Businesses running Thin Client architecture that use other operating systems, such as 2X, are unaffected.

However, the Windows-based server side will have the same crash vulnerability (i.e. terminal server or VDI guest operating system).

The vulnerability appears to have been introduced during the development of the Windows 2000 Operating System (as Windows NT 4.0 is unaffected) and so is around 10 years old.

It is also present on 64-bit versions of the Operating System (having tested Windows 2008).

Configuring the user as a limited one without administrator rights has no effect and the problem still persists.
As per the screenshot, the crash occurs in the win32k.sys module.

Server-based Computing and Virtual Desktop Infrastructure inherently provide a more secure environment for enterprises.

Running hosted applications and desktops, with the necessary administrative precautions in place, will result in such attacks being less harmful as the local OS is not located where the application is running (and where the data is stored).

Furthermore, such centralised environments are less likely to suffer from attacks where trojans are used, as servers are normally closely monitored.

SOURCE: http://www.securitywatch.co.uk
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News, Microsoft Security Updates

A bug in its software resulted in some Facebook users receiving hundreds of e-mail messages meant for other users the social networking site said Friday.

“During our regular code push early Wednesday evening, a bug caused some misrouting to a small number of users for a short period of time,” a Facebook spokeswoman said in a statement.

Receiving emails from about 100 starting around 8:30pm on Wednesday and was later temporarily unable to access his Facebook account. Facebook removed all but two of the messages; however, many had already been forward to a third-party email account, where they could not be deleted.

The company said that its engineers diagnosed the problems “moments after it began” and have since resolved the problem. Facebook would not say how many users were affected.

The embarrassing gaffe is not the first time that company has sent private information to others. In March 2008, a bug in the Facebook software made it possible for people to publicly view photos that members had designated as private.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Ed Miliband’s Hacked Account Sends Sex Tweets

Obscene hacked tweets, apparently from MPs Ed Miliband and Harriet Harman, should be a warning for all of us to be more careful online, say security experts

Cabinet minister Ed Miliband and Leader of the Commons Harriet Harman have fallen victim to Twitter phishing, with Miliband’s followers getting spam promising better sexual performance.

“Hhey, i’ve been having better sex and longer with this here”, said Miliband’s hacked Twitter account, but the MP quickly tweeted a message to his 6,664 followers saying: “Oh dear it seems like I’ve fallen victim to twitter’s latest ‘phishing’ scam.”

Harriet Harman told MPs on Thursday that her account had been hacked, sending messages without her knowledge, but the content of those messages has been left untold. Ms Harman smily said: “I wouldn’t ever send a tweet like that.”

Shadow Prisons Minister, Conservative MP Alan Duncan, who received Harriet Harman’s tweet, took it in good part, according to the Press Association, tweeting: “I did get a message in Harriet’s name, so I sent a friendly message back by text. A bit confusing, and all in my first week on Twitter.”

While the MPs have added to the amusement of the nation, we can also learn from their embarassment, according to Graham Cluley of security firm Sophos: “Miliband needs to do more than just tweet an explanation for his bizarre tweets,” said Cluely. “He also needs to change his password, and think long and hard about whether he is using that same password on any other websites.”

SOURCE: www.eweekeurope.co.uk
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Friday, February 26, 2010

Cyberwar: The Next National Security Threat And What To Do About It

North Korea Better Prepared For Cyberwar Than US

American corporations and government agencies are more integrated into the Internet than their counterparts in North Korea, where most of the country has access to only a tightly controlled Intranet known as Kwangmyong.

China can limit cyberspace utilization in a crisis by disconnecting nonessential users. The U.S. cannot...North Korea can sever its limited connection to cyberspace even more easily and effectively than China can. Moreover, North Korea has so few systems dependent upon cyberspace that a major cyber war attack on North Korea would cause almost no damage.

U.S. ranking first in offense but dead last in both defense and dependence on the Net. The hermit kingdom ranks exactly opposite, which puts it at the top of the list's overall scoring and the U.S. at the very bottom. (It's also below Iran, though he doesn't spell out the reasoning behind that unlikely opinion.)

SOURCE: Forbes
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion

Thursday, February 25, 2010

Download Free Wondershare Office Recovery Software

* Found this useful tool while googling. I have not uploaded this tool. PLS REPORT ANY BROKEN LINK @ OR leave a comment here *

Wondershare Office Recovery, from Wondershare Software, is a new powerful office recovery tool specially designed for recovering office files and PDF files lost caused by accidental deletion, formatted, virus infection, bad sectors, misuse of partition tools and so forth, allowing users to restore variety of office files formats, including DOC, DOCX, XLS, XLSX, PPT, PPTX, PST, DBX, ACCDB, MPP, PUB, ONE, XSN and PDF files.

Features of Wondershare Office Recovery:
  • Easy 3-step to recover lost files – Select, scan and recover without special technical skills
  • Restore lost office files and PDF files due to intentional deletion/formatting/virus attacks and other reasons
  • Recover lost files from various storage devices including PC hard drive, external hard drive, memory stick, USB flash disk, DVDand more
  • Choose precise file formats for accurate recovery
  • Preview recoverable files before recovery
  • Recovery result won’t affect the original file format and layout
  • Supports Office 97, XP, 2000, 2003 and 2007
Note: Open the application. Press the "Get Code".

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

Download Microsoft Office Password Recovery Magic Tool for free here

* Found this useful tool while googling. I have not uploaded this tool. PLS REPORT ANY BROKEN LINK @ OR leave a comment here *

Any office files' read-only passwords can be recovered here. We still can recover *.xls, *.ppt, *.mdb, *.doc and Office 2007 formats files. The easy-to-use interface help users do exact search. Users can set parameters to exact the range of searching password, such as the length of the password and the shape of the password. Users still can using dictionary file, which is a string document to find password more quickly.

Features of Office Password Recovery Magic:
  • Recover the lost or forgotten password quickly.
  • Recover read-only passwords for Microsoft Office Word.
  • Recover read-only passwords for Microsoft Office Excel.
  • Recover read-only passwords for Microsoft Office PowerPoint.
  • Recover read-only passwords for Microsoft Office Access.
  • User-friendly interface.
Version: 6.1.1.138 (+Portable)
Developer: Password Recovery Magic Studio Ltd
Updated: 2010.02
Language: Multilanguage
Platform: Windows 98/2K/XP/2K3/Vista/7
Size: 5.38 mb

DOWNLOAD HERE
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

Download RAR Password Cracker for Free

This program is intended to recover lost passwords for RAR/WinRAR archives of versions 2.xx and 3.xx. The program finds by the method of exhaustive search all possible combinations of characters ("bruteforce" method), or using passwords from lists ("wordlist" or "dictionary" method). Self-extracting archives and multivolume archives are supported. The program is able to save a current state (you can interrupt the program at any time, and restart from the same state later). Estimated time calculator allows you to configure the program more carefully.

RAR Password Cracker requires Windows 9x/ME/XP/NT4/2000/2003. There are no special requirements for memory capacity, but the processor performance should be as high as possible. Special hardware is not required.

RAR Password Cracker 4.xx is shareware. You may download free evaluation version of the software:

Version 4.12 (zip, 201 Kb): DOWNLOAD HERE

Version 4.12 (exe, 205 Kb): DOWNLOAD HERE

The software may be used and evaluated free of charge and without time limit. However, if you wish to use RAR Password Cracker without limitations of free evaluation version, you must purchase the license.

Here you can find wordlists for Dictionary attack
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

Just few minutes back, around @ 12:45 P.M. on 25th Feb, 2010, I found the below error on Twitter. Is this due to some DDOS ATTACK ???
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Denial of Service attacks, Hacking News

Wednesday, February 24, 2010

U.S. would lose cyber war: Warning from former intelligence chief, John Michael McConnell

A former intelligence chief warned lawmakers Tuesday the U.S. would lose a cyber war waged today.

John Michael McConnell, a former Navy vice admiral and director of national intelligence under President George W. Bush, told the Senate Commerce Committee at a hearing Tuesday afternoon that the United States was the "most vulnerable" target for a massive, crippling cyber attack, primarily because the country is also "the most connected" to the Web.

He offered the panel a stern warning: "If we were in a cyber war today, we would lose."

"We would lose," McConnell repeated.

McConnell also said he feared it would "take that catastrophic event" to get lawmakers to take action to strengthen cyber security.

He sugggested a devastating attack would signal to both voters and their representatives that the Internet poses a real threat to private information, much-needed utilities, ubiquitous financial services and critical government resources.
Tuesday's hearing on the Internet and information security was prompted by a string of high-profile cyberattacks that have hit a number of U.S. businesses -- from a January attack on Google believed to originate in China, to an unrelated attempt later in the month on Intel, to still a third hack that for months targeted smaller businesses in 196 countries.

Legislation that could implement the country's first Web security framework has remained stalled for months in the Senate, in part because the healthcare and jobs debates have consumed lawmakers' time.

A cybersecurity bill did pass the House last year, but that legislation would only devote resources to researching better cybersecurity practices. By contrast, senators working on the upper chamber's bill signaled Tuesday they would prefer a more policy-based bill.

The bill's two co-sponsors, Commerce committee Chairman Jay Rockefeller (D-W.Va.) and ranking member Olympia Snowe (R-Maine), said Tuesday during they hearing they remain committed to introducing that legislation soon.

"The bill has undergone a number of revisions," Snowe said, noting that she, Rockefeller and others have huddled closely with industry leaders on potential tweaks.

"We risk a cyber-calamity of epic proportions with devastating implications for our nation," she later added, stressing the importance of passing that legislation soon.

SOURCE: TheHill.Com
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Tuesday, February 23, 2010

British Not Prepared for Cyber Attack: A Serious Issue raised by Cyber Security Operations Center (CSOC)

Continuing to my post earlier The U.S. Ready For A Cyberwar ??

Earlier this month, the Bipartisan Policy Center held a mock cyber war game in which the US came under cyber attack. By the end of the exercise, the power grid was down in much of the East Coast, telecommunications were severely disrupted and the Internet was virtually useless. The war game demonstrated some of the severe difficulties and challenges that would arise in the event of a cyber attack and helped to underscore that the US is not currently prepared to handle such an attack.

It now appears that the British are in a similar bind. According to an article in The Register, the Cyber Security Operations Centre (CSOC) has predicted that a cyber attack that caused even minor damage would prove “catastrophic” for public confidence in the government.

As use of the Internet becomes even more interconnected with daily operations, “any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being,” according to the CSOC. “A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal.”

The report for Whitehall is part of a report produced by the CSOC about future threats.
CYBER WARS: A PRIMER

TIMELINE

1999 NATOWeb sites are attacked from within Serbia after alliance warplanes begin bombing Yugoslavia in an effort to stop then-president Slobodan Milosevic's ethnic cleansing campaign in Kosovo.

1999 China attacks a Canadian Internet service provider that had been hosting a Web site of the Falun Gong spiritual movement, which is outlawed by Beijing. The attacks temporarily shut down the site.

2000 The Internet sites of the Palestinian Authority, Hezbollah and Hamas are attacked after three Israeli soldiers are abducted. In an apparent act of retaliation, the Israeli Knesset, ForeignMinistry, Bank of Israel and Tel Aviv Stock ExchangeWeb sites are taken down.

2005 Peru and Chile engage in hacker attacks against each other during a dispute over a fishing zone between the two countries. Targets include the Web sites of the Peruvian judiciary and Chilean National Emergency Office.

2005 Cyber attacks increase between Japan and China after a controversial visit by Japanese lawmakers to a SecondWorld War shrine.

2007 The Russian government mounts a cyber war against Estonia in apparent retaliation for Estonia's decision to relocate a SecondWorld War memorial honouring the Soviet Red Army.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Don't get too excited if you received a confusing email from agriculture commissioner Todd Staples.

A direct message sent by Twitter on Monday evening pointed followers to a link that read, "you look funny here."

The link redirected readers to a site that reported a "web forgery."

Staples later responded on his Twitter site: "If you received a msg from me, disregard as my account was compromised. Settings have now been changed, thanks so much for following!"
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

GateRocket rolls new version of FPGA debug tool: Designers can select individual design blocks to run

FPGA verification and debug software vendor GateRocket Inc. Tuesday (Feb. 23) announced the newest version of its RocketVision debugging software, introducing new capabilities that allow designers to select individual design blocks to run in their simulator or GateRocket's RocketDrive hardware verification system.

The new features are said to reduce overall design bring-up time by 50 percent or more compared with traditional approaches by enabling engineers to find and fix bugs faster and avoid unnecessary re-runs of synthesis-to-place-and-route iterations, according to GateRocket.

RocketVision 5.0 adds a new SoftPatch feature allows engineers to try a "soft" RTL fix to the FPGA without rerunning synthesis and place-and-route, according to GateRocket. The SoftPatch feature enables users to sequence through each bug and test fixes without re-building the FPGA, eliminating hours of tedious work (weeks or months over the course of a project), according to the company.

The new version of RocketVision also includes an enhanced AutoCompare features that helps identify bugs at the block or full chip level, GateRocket said. It allows designers to automatically compare the signals between the RTL and hardware representations of the complete FPGA design and highlights any differences that occur, simplifying the debugging process and helping to quickly identify the location of each divergence, the company said.

Both the latest versions of RocketDrive and RocketVision now support 64-bit versions of the industry's most popular simulators from Mentor Graphics Corp., Cadence Design Systems Inc. and Synopsys Inc., GateRocket said.

RocketVision 5.0 is a RocketDrive option and is available immediately with a starting price of $9,500, the company said.

SOURCE: http://www.eetimes.com
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Software Bugs

Customer Vs. Bank: Who is Liable for Fraud Losses??? : Key Questions About Responsibility Security

At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks.

But now this story shapes up as a significant test case for the banking industry, raising several key questions that must be answered about fraud and responsibility.

"It will establish who is liable in the U.S. - the bank or the customer - for fraud losses that result from phishing," says Tom Wills, Senior Analyst, Security, Fraud & Compliance, Javelin Strategy & Research.

The Basics

The lawsuit, filed by EMI in a Michigan circuit court, alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. In January 2009, an EMI employee opened and clicked on links within a phishing email that purported to be from Comerica. The email duped the employee into believing the bank needed to update its banking software. Subsequently, more than $550,000 was stolen from the company's bank accounts and sent overseas.

EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures. The bank says its online security methods were reasonable "because they were in general used by other similarly situated customers of other banks." Now that this case is in the courts, observers say, several important questions will be debated re: trust, responsibility and security. Among them:

#1: How Much Trust is Lost?

Clearly, Comerica has lost EMI's trust, but how much further can this costly loss of confidence spread among banking customers - even at other institutions? "Cases like this, when they hit the courts and the press, work at a macro level to erode the trust of all banks by all customers, even affecting those institutions with good anti-phishing programs in place," says Javelin's Wills. "It will make it that much harder for all banks to migrate their customer base to the highly cost-effective (from an operational standpoint) online channel."
Anytime a company incurs a data breach that compromises personal information, the organization risks having its customers walk away for good. "That's why it's so important that, before an incident occurs, a company take proactive steps to implement a reasonable security program," says Alysa Hutnik, a lawyer at Kelley Drye & Warren, a Washington DC-based law firm that specializes in post-incident response. "Even after a breach, if a company handles the issue responsibly, those efforts can earn back trust bit by bit. But here, where a customer is out of pocket hundreds of thousands of dollars as a result of a breach and was compelled to file a lawsuit to redress the issue, yes, the trust is likely lost."

Because trust is so fundamental to banking institutions, they have to draw a distinct line, says Avivah Litan, an analyst at Gartner. "Either banks explicitly and visibly warn their customers that banking with them is not safe and that [customers] are held liable for hacking into their accounts through online banking," she says. "Or they assume liability."

#2: Is a Bank Liable For Phishing?

Should a bank be held liable for a customer's employee falling for a phishing email that supposedly represents the bank? The EMI/Comerica case highlights several hotly-debated issues.

On the plaintiff's side, the employee's vulnerability to the phishing attack raises the core question of 'What is sufficient training?,' says attorney Hutnik. Most employees have been warned about phishing attempts, but even the most robust training does not protect against occasional human error. Does this training need to occur more frequently, or is it a matter of customizing the training to the evolving and specific types of phishing attempts? If a company is going to be responsible under the law for employees' vulnerability to phishing attempts, Hutnik says, that's a pretty good incentive to increase training.

Can a bank be held liable? Some security experts say emphatically 'No.' "The bank clearly could have made better decisions on how to update security information," says Branden Williams, Director of VeriSign's PCI Practice. "But judging by the timelines, they may have been ahead of their time with offering multi-factor authentication for online business banking."

SOURCE: http://www.bankinfosecurity.com
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion, Phishing Attack

IT Governance launches new penetration testing service

IT Governance (ITG), which bills itself as a one-stop shop for compliance expertise, has diversified into penetration testing.

According to the Ely-based IT services firm, cybercriminals are increasingly targeting IP addresses, website applications, firewalls, network devices, hardware and software.

As a result, the firm says, all internet-facing networks and resources are subject to automated, malicious probing and, when a vulnerability is detected, the exploitation of that vulnerability is also usually automatic.

The firm's penetration testing service is billed as examining and testing the technical security measures an organisation has in place to protect its networks and applications.

Effective penetration testing – often known as 'pen testing' – involves the simulation of a malicious IT attack, using a carefully-planned combination of methods and tools to mimic the range of possible attacks.

However, says ITG, instead of completing the attack, its pen testing team will document the vulnerability and recommend steps to reduce the risk.

The consequent findings then form the basis of a remediation programme.

Alan Calder, ITG's chief executive, said that, in a world where attacks on networks and applications are growing in number at an exponential rate, effective pen testing is the only way of establishing true security.

"The penalties incurred by organisations failing to defend against such attacks are becoming ever steeper", he said.

"Client demand drove us to launch our ITG security testing service. More and more of our ISO27001 consultancy customers have recognised the need for security testing to be part of their initial security plan, as well as their longer term security maintenance", he added.

According to Calder, clients want a pen testing service that can be integrated into the range of consultancy services they are already using, and also one that is delivered by a reputable and ISO27001-certified company, such as ITG.

"Compliance requirements also increasingly recognise that penetration testing should form part of ongoing security activity in all organisations. Department for Work and Pensions contracts, for instance, look for suppliers to achieve ISO27001 certification, as well as to carry out an initial penetration test, and then to maintain an acceptable level of technical information security", he said.

"We are not just looking to provide short-term analysis and remediation. We want to support organisations in the long term with a comprehensive suite of security services, ensuring their information assets continue to be protected from today's evolving IT security threats."

SOURCE: This article is featured in IT Forensics
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion, Penetration Testing

Monday, February 22, 2010

What are the Web's greatest security threats ??

SQL injection and cross-site scripting are the top venues for mischief.

2009 social networks were at the greatest risk, malware and defacement remained the most common outcome of Web attacks, and SQL injection was the most common attack vector.

Perhaps not surprisingly, analysis of Web hacking incidents reveals that social network sites such as Twitter and Facebook are becoming premier targets for hackers. One in five incidents (19 percent) between January and June 2009 targeted social network sites, making them the most commonly attacked market.

InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros.

Many attacks on social networks involve cross-site scripting (XSS) worms. Additionally, insufficient anti-automation controls permit hackers to brute force attack login credentials. In one incident, an attacker accessed a Twitter Admin account that had a password reset tool and compromised 33 high-profile accounts, including President Obama’s.

Web attacks are driven by crime. Most occur because the hacker wants money, not glory. However, in some instances, the attacks are performed by professionals seeking to advance a cause.

In 2009, defacement of Web sites was still the number one driver for Web hacking (28 percent). Defacement includes visible changes and covert changes, such as the planting of malicious code. Criminals exploit Web application vulnerabilities to plant malware that subsequently infects clients who visit the Web site. The hacked sites become the hacker’s primary method of distributing viruses, Trojans and root kits.

On the other end of the spectrum, ideologists use the Internet to express themselves using Web hacking to deface Web sites. The majority of defacement incidents are of a political nature, targeting political parties, candidates, and government departments, typically with a specific message related to a campaign.

Web defacements are a serious problem and a critical barometer for estimating exploitable vulnerabilities in Web sites. Defacement statistics are valuable since they are one of the few incidents that are publicly facing and thus cannot be easily swept under the rug.

SQL injection tops the attack methods

SQL injection remains the No. 1 attack vector, accounting for nearly one-fifth of all security breaches (19 percent). These attacks alter the contents of the back-end database and inject malicious JavaScript. Interestingly, the overall attack more closely resembles a XSS methodology, as the end goal of the attack is to have malicious JavaScript execute within victim’s browsers to steal login credentials to other Web applications.

While not a new attack vector, attacks that take advantage of insufficient authentication are increasingly severe due to the proliferation of user-contributed and managed Web sites. This is closely related to CSRF, a vulnerability that was recognized several years ago as a potent attack vector. While it took longer for CSRF to appear than expected, the rise in CSRF incidents is in line with authentication abuse, since it provides an alternative mechanism for performing actions on behalf of a victim.

What you think about this guys. Pls share you views here. Awaiting Comments..!!
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion, SQL injection

Argentinian hackers hoist flag on English language paper website as Falklands stand-off moves to cyberspace

Argentinian hackers drew first blood in the latest Falklands stand-off tonight by plastering the country’s flag across the islands’ newspaper website.

The computer attack came as a British oil rig was set to begin searching for oil after arriving in the South Atlantic waters from Scotland.

The Argentine activists hacked into the English-language Penguin News to post a flag on the home page and an audio recording of the song ‘March of the Malvinas,’ Argentina’s name for the Falklands.

They also wrote ‘the islands are Argentine’ and claimed the move was a ‘tribute’ to the country’s soldiers who died during the Falklands War.


The hackers posted the Argentine flag on the website of the Falklands newspaper Penguin News

The material has now been removed.

The planned oil exploration has met with outrage from the Argentine government, which fears it is being cut out of a share of any potential revenues.

Buenos Aires has threatened to ban British companies with any links with the oil venture from the mainland and has insisted that all ships travelling between Argentina and the Falklands must seek permission.

SOURCE: Mail Online
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Whenever you search for more than one keyword at a time, a search engine has a default strategy for handling and combining those keywords. Google defaults to searching for occurrences of your specified keywords anywhere in the page, whether side by side or scattered throughout. To return the results of pages containing specifically ordered words, enclose them in quotes, turning your keyword search into a phrase search , to use Google's terminology.

On entering a search for the keywords:

Learn ethical hacking

Google will find matches where the keywords appear anywhere on the page. If you want Google to find you matches where the keywords appear together as a phrase, surround them with quotes, like this:

"Learn ethical hacking"

Google will return matches in which only those words appear together.

Google's Boolean default is AND, which means that if you enter query words without modifiers, Google will search for all your query words. For example, if you search for:

Learn ethical hacking website "penetration testing"

Google will search for all the words. If you prefer to specify that any one word or phrase is acceptable, put an OR between each:

Learn ethical hacking OR website OR "penetration testing"

* Make sure you capitalize OR; a lowercase or won't work correctly *

If you want to search for a particular term along with two or more other terms, group the other terms within parentheses, like so:

Learn ethical hacking (website OR "penetration testing")

This query searches for the word "website" or phrase "penetration testing" along with "Learn ethical hacking"

If you want to specify that a query item must not appear in your results, prepend a (minus sign or dash):

Learn ethical hacking website -"penetration testing"

This will search for pages that contain both the words "Learn ethical hacking" and "website," but not the phrase "penetration testing."

* Note that the symbol must appear directly before the word or phrase that you don't want. If there's space between, as in the following query, it won't work as expected: *

Learn ethical hacking website - "penetration testing"

Be sure, however, to place a space before the - symbol.

There are certain words that Google will ignore because they are considered too common to be of any use in the search. These words"I," "a," "the," and "of," to name a feware called stop words .

You can force Google to take a stop word into account by prepending a + (plus) character, as in:

+the hackers

Stop words that appear inside of phrase searches are not ignored. Searching for:

"the hackers" lifestyle

Will result in a more accurate list of matches than:

the hackers lifestyle

Simply because Google takes the word "the" into account in the first example but ignores it in the second.

The Google synonym operator, the ~ (tilde) character, prepended to any number of keywords in your query, asks Google to include not only exact matches, but also what it thinks are synonyms for each of the keywords. Searching for:

~ape

Turns up results for monkey, gorilla, chimpanzee, and others (both singular and plural forms) of the ape or related family, as if you'd searched for:

monkey gorilla chimpanzee

Along with results for some words you'd never have thought to include in your query. (Synonyms are bolded along with exact keyword matches on the results page, so they're easy to spot.)

If you're looking to spend $500 to $800 on a sony laptop; Google for:

sony laptop 10..15 inch $500..$800

The one thing to remember is always to provide some clue as to the meaning of the range, e.g., $, size, megapixel, kg, and so forth.

You can also use the number range syntax with just one number, making it the minimum or maximum of your query. Do you want to find some land in Noida that's at least 50 acres? No problem:

acres Noida land 50..

On the other hand, you might want to make sure that raincoat you buy for your terrier doesn't cost more than $10. That's possible too:

raincoat dog ..$10

Google normally does not recognize special characters such as $ in the search process. But because the $ sign was necessary for the number feature, you can use it in all sorts of searches.

Try the search - "weekly sale" bargains 10

and then - "weekly sale" bargains $10

Notice how the second search gives you far fewer results? That's because Google is matching $10 exactly.

|
Geared by Amarjit Singh
For more articles similar to this post visit @

BBC website crashed: BBC bosses were left red-faced

BBC bosses were left red-faced when a TV documentary about the power of the internet crashed its own website.

Viewers were told to complete an online behaviour test after web documentary The Virtual Revolution aired on BBC2 on Saturday.

But servers crashed and thousands of the show's 1.3million viewers were faced with blank screens.

One viewer - called @cloggingchris - Tweeted: "Oh the irony."

A series spokesman also turned to Twitter, writing: "We may have to call this a DoS (Denial of Service) attack to save face."

The show featured interviews with Twitter fan Stephen Fry and Microsoft billionaire Bill Gates.

SOURCE: http://www.thesun.co.uk
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Sunday, February 21, 2010

Damn! I m so pissed off with Facebook today. What’s that? You guys having the same problem as well? Yes, Facebook is suffering from some flue this morning and I have friends from all over the world complaining about it.

While some countries are facing no problems with log in but a lot of problems after they log in, some other countries can’t even log in. But don’t be jealous of the ones who can log in, it’s simply no use. Even if they can log into their accounts, their apps are not opening and pictures are not getting loaded properly.

404 errors, picture upload failures and a lot of other problems have occurred. Mobile face book is facing the same problem as well. The outrage of the people has taken the micro blogging website Twitter by storm. “Facebook down” discussions and tweets are topping Twitter trends.

Reports are flowing in that the popular social networking site Facebook is facing a number of problems today. Though the site has not provided any official declaration on the matter as yet, people having accounts on the site are continually blogging on twitter and other sites that detailing the problems they are facing.

Mashable has made a list of the most common problems being encountered today
  • No CSS on certain pages
  • Failure to Upload Photos
  • Lots and Lots of Random Errors
  • Status Update Errors on the iPhone and BlackBerry apps
  • Very slow performance
  • Crashing Firefox 3.5.8
In the wake of this, people all over the world are gripped by the panic if facebook has been hacked and their data compromised. Just a day earlier, It was reported that the virus Kneber Botnet is out hacking login credentials of e-mail accounts, social networking accounts and banking accounts.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

How to Hack Gmail Account Passwords Using Phishing Attack: Gmail Fake Page

How to Hack Gmail Account Passwords Using Phishing Attack

Step 1: Download Gmail fake login page and extract the contents into a folder. Visit here to download GMAIL FAKE PAGE

Step 2: Create your free account at , or and upload the extract files here

Step 3: I have uploaded all files at t35.com. Simply upload all the extracted files here.

Step 4: Open you fake page, enter user name and password and try out whether its working. You fake page will be located at http://yoursitename.t35.com/Gmail.htm

Step 5: A password file will be created in the same directory and you can check it at http://yoursitename.t35.com/GmailPasswords.htm.

Now you are ready to hack Gmail accounts password. If you face any problem, post your comments here.
  • How hack Facebook accounts passwords -
  • How hack Twitter accounts passwords -
This post is for educational purpose only. holds no responsibility how you are using the downloaded files.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Cracking, Phishing Attack
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)