New Attack Cracks Common Wi-Fi Encryption in a Minute

Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. "They took this stuff which was fairly theoretical and they've made it much more practical," he said.

They Japanese researchers discuss their attack in a paperpresented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard(AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

WPA with TKIP "was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago," said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said.

Wi-Fi-certified products have had to support WPA 2 since March 2006. "There's certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time," Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. "It's not as bad as WEP, but it's also certainly bad."

Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

Your Ad Here

Read rest of entry

How do I shut down a workstation via Remote Desktop?

When you are connected to a workstation via Remote Desktop, the "Turn Off Computer" option changes to "Disconnect". But what if you really want to turn off the computer, hibernate it, or put it on stand-by?

Note: These tips work on Windows XP, but there is no guarantee that they will work in future versions of Windows.

One way to do this is to run Task Manager and select your shutdown option from the "Shut Down" menu.

Another trick is to click on the desktop and type Alt+F4. This will call up the shutdown dialog, where you get the usual shutdown options like "Shut down", "Shut down without installing updates", "Restart", "Stand by", and "Hibernate".

These next two tricks are documented and will continue to work in future versions of Windows:

If you're a command line person, you can run shutdown.exe, but that program supports only shutdown and restart; it doesn't do stand-by or hibernate. But the shutdown.exe program has a serious flaw: It requires you to have administrator privileges. If you are a limited user with shutdown privileges, the shutdown.exe program will complain. (Which means that I don't use it.)

Finally, if your computer isn't using Fast User Switching, you can type the Ctrl+Alt+End hotkey, which is the Remote Desktop version of Ctrl+Alt+Del and consequently takes you to a dialog where you can do various system-type things, among them logging off and shutting down.

Published Friday, October 20, 2006 7:00 AM by oldnewthing

Read rest of entry

Windows Hack – Remote control your home computer from work

There’s always that time when you need desperately to get into your home computer from work, be it to get financial or tax information or just to kick off a download of that great movie your buddy just told you about. Most of us bound behind the corporate firewall can’t get to much of anything outside of 80 or 443 as far as ports go, besides that a lot of us don’t even have rights to install new software on our computers. So we need a hack that doesn’t require any installation on our work computer, but will allow most of us to terminal into our home computer.

The hack is to allow a remote desktop connection to your computer over port 443, which is the standard http ssl port, and is typically left open for internet browsing by the sys-admin. The hack should work on most Windows 2000/XP/Vista machines. This hack will not work if you’re serving up an SSL website out of your house. Keep in mind this hack requires editing the registry and if you don’t know what your doing or modify the wrong key it could severely trash your computer, please perform at your own risk.

Step 1: Make sure Remote Desktop Sharing is enabled on your computer

1. Right click My Computer and click Properties, then click on the Remote Tab – alternatively Click Start -> Control Panel -> System -> Advanced System Settings (Vista Only) -> Remote Tab
2. Check box to allow remote users to connect

Step 2: Swap RDP Listening Port in Registry from 3389 to 443

1. Click Start -> Run -> Type regedit -> Click OK
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \Terminal Server\Wds\rdpwd\Tds\tcp
3. Double Click PortNumber -> Switch the radio to Decimal -> Change the value from 3389 to 443 and click OK
4. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ TerminalServer\WinStations\RDP-Tcp\PortNumber
5. Double Click PortNumber -> Switch the radio to Decimal -> Change the value from 3389 to 443 and click OK
6. Restart the computer

Step 3: Router – Set up a port forward to pass 443 to your home computer (Linksys router)
This is for a user that has a home network, if you don’t have a router you don’t need to perform this step.

1. Login to your router
2. Go to the port forward tab, on a linksys router this is the Applications and Gaming tab
3. Map a forward from incoming 443 to 443 on the internal IP address of the box you just modified to listen on port 443
4. Go to the Security tab under Firewall and check Filter Multicast, uncheck Block anonymous internet requests
5. Click on VPN link under Firewall enable all VPN options for passthrough

http://www.ip-adress.com/

If your IP isn’t static, use a Dynamic DNS service and install a client to update your IP, http://www.dyndns.com/services/dns/dyndns/

Step 5: Test it out at work
You should now be able to create a Terminal Services connection across port 443 to your home computer behind the corporate firewall using the remote desktop connection software already installed on most corporate images.

1. Click Start -> Programs -> Accessories -> Communications (2000/XP) -> Remote Desktop Connection
2. Put in your public IP address or DynDNS address and :443 and click Connect
3. You should be able to login with the username and password you use on your computer

Read rest of entry

How to change your admin password

This is a cool little computer trick for Microsoft Windows trick that i have picked up. Log in and go to your DOS command prompt and enter these commands exactly:

cd\

cd\windows\system32

mkdir temphack

copy logon.scr temphack\logon.scr

copy cmd.exe temphack\cmd.exe

del logon.scr

rename cmd.exe logon.scr

exit

So what you just told windows to backup is the command program and the screen saver file. Then you edited the settings so when windows loads the screen saver, you will get an unprotected dos prompt without logging in. When this appears enter this command that’s in parenthesis (net user password). So if the admin user name is Doug and you want the password 1234 then you would enter “net user Doug 1234″ and now you’ve changed the admin password to 1234. Log in, do what you want to do, copy the contents of temphack back into system32 to cover your tracks.

Your Ad Here

Read rest of entry

How to make an e bomb

Steps:

1. Open up your notepad.
2. Then type in @echo
3. Choose something for your E-bomb to do. If you'd like it to start pinball, type in 'start pinball'.
4. Do lots of it. You're trying to be obnoxious, right? If you want to make it for example 10 times appear on your screen, you should type 'start pinball' 10 times
5. Save it as for example pinball.bat. You should include '.bat ' after you name the file then save it anywhere you want.

Now all you need to do is open the file or send it to an unsuspecting person.

Please use this information up to a limit, do not overdo it like typing "start pinball" 100 times, which would just cause the computer to crash.

Have fun, fool your friends with this.

Your Ad Here

Read rest of entry

Use you iphone as a universal remote

A group of students from University of Toronto "have completed something that could potentially replace all the remotes you have scattered around the house". It's called Universal Infrared Remote (UiRemote). It is currently available only for iphone.

 Using this application on iphone, you can control anything that can be controlled by an infrared remote. You can also teach it to "learn" any buttons, or button combination macros, of any standard remote.

UiRemote works by using a custom infrared adapter that plugs into the phone’s headphone port. At the time of writing, the application is still in its beta stage. You can find out more about this application at http://uiremote.wordpress.com/ .

Your Ad Here

Read rest of entry

hack this site!!

Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
url:  http://www.hackthissite.org/

Your Ad Here

Read rest of entry

pro evolution soccer

I cant actually belive that the game is out , The 2009 installment of the award-winning sports franchise brings a raft of extensive new additions that will further bridge the gap between PES and the real thing. The new game has undergone a stunning graphical update to ensure its players look and move even more like their real-life counterparts. Similarly, all-new options allow users to tailor the game to their own tastes, while new moves, innovative new control elements and key online elements will further the realism of the new game.

Download Pro Evolution Soccer PES 2009 Full PC Game ISO

Download Pro Evolution Soccer PES 2009 Full PC Game ISO Rapidshare

http://rapidshare.com/files/267140780/pes.Skullptura-egydown.rar.007
http://rapidshare.com/files/267140739/pes.Skullptura-egydown.rar.008
http://rapidshare.com/files/267140679/pes.Skullptura-egydown.rar.005
http://rapidshare.com/files/267140666/pes.Skullptura-egydown.rar.006
http://rapidshare.com/files/267140656/pes.Skullptura-egydown.rar.004
http://rapidshare.com/files/267140480/pes.Skullptura-egydown.rar.002
http://rapidshare.com/files/267140473/pes.Skullptura-egydown.rar.003
http://rapidshare.com/files/267140464/pes.Skullptura-egydown.rar.001

Download Pro Evolution Soccer PES 2009 Full PC Game ISO Megaupload

http://www.megaupload.com/?d=XWM9DYI2
http://www.megaupload.com/?d=1CKAP2E5

CRACK

Serial
APVM-69N6-WW3U-UE7R-3PKM

Your Ad Here

Read rest of entry

Make Folder Invisible or hidden

To make any folder completely invisible or hidden, you need to do two things
1. Make the folder name invisible 2. Make the folder icon invisible. This method is applicable for Windows XP and Vista.

Step 1- Make folder name invisible

- Right click on folder that you want to be invisible or hidden, choose “rename” option. Erase the original folder name. (Cursor should be blinking in name field)
- Now hold down “ALT” key.
- While holding the ALT key type 0160 or 255 from right side number keypad.
- Now release ALT key.
You will see cursor will move 1 step. Now click ENTER.

- You will see folder name is invisible now.

Step-2 Make folder icon invisible.

- Now go on to the properties of the folder ( By right click ) and click “Customize”, and click “Change Icon”.

- Here you will find some icons without any kind of images, choose it and click OK.

Now your folder will be completely invisible. To locate the folder try to select theinvisible folder by holding mouse and drag it around folder.

Your Ad Here

Read rest of entry

Uninstall and remove any software program forcefully from XP and Vista with tricks

If you are unable to uninstall any softawre, you can remove it with this tricks. In your PC, there should be an msi file that you can use to uninstall the programproperly if you are not able to delete it from control panel.

It’s a bit tricky to find exactly which msi it is though so be VERY CAREFUL when doing it cause if you delete something by accident, you could cause yourself SERIOUS problems.

So as I said, please follow this CAREFULLY.

Go to C:\Windows\Installer ( or D:\Windows\Installer ) (type in RUN or address bar of windows )

If you can’t see the ‘Installer’ folder, go to the ‘Tools’ menu and choose ‘Folder Options’, click on the View tab and choose to ‘Show hidden files and folders’ and remove the ticks (if present) from ‘Hide protected operating system files’ and ‘Hide extensions for known file types’. Click on ‘Apply’ and then ‘OK’.

Go to the ‘View’ menu and choose ‘Details’

Above the list of files and folders is a heading called ‘Name’, right click on this and choose to also show the ‘Author’ field. Right click on ‘Name’ again and choose to show the ‘Subject’ field if it’s not already visible (You may have to select ‘more’ if it’s not already in the list).

The column headings (e.g. Name, Size etc) can be moved by left clicking and dragging the heading. Arrange these headings so that you have, from left to right ‘Name’ then ‘Subject’ then ‘Author’, this will make life a little easier.

Left click on the ‘Author’ heading to sort them alphabetically by author.

Locate the files where the author is ‘Your Program’. To the left in the Subject heading will be a description of this file and to the left again is the file name. Any files where the name is xxxxxxx.msi and the author is Your Program, right click on it/them in turn and choose UNINSTALL (DO NOT DELETE ANYTHING FROM THIS FOLDER).

Once that’s been done, go to the ‘Tools’ menu again and choose ‘Folder Options’, click on the View tab and choose NOT TO ‘Show hidden files and folders’ and REPLACE the ticks in ‘Hide protected operating system files’ and ‘Hide extensions for known file types’. Click on ‘Apply’ and then ‘OK’.

Once you’ve done that, restart your machine.Your unwanted program have gone!

Your Ad Here

Read rest of entry

Remove Trojan virus and spyware From PC in two minutes (XP)

If your PC has Just attacked by Trojan virus or spyware, and your Computer System is giving you worries, just remove the Trojan virus or spyware from your PC by “Restoring” your pc, without using anti-Trogan or anti-spyware.

After restoring your PC, your computer will go in past, and every traces of Trojan virus or spyware will be removed from your PC.

To restore your PC just go at- Start > All Programs > Accessories > System Tools> System Restore.

After doing this, choose the latest backup of your system. Your problem gone!

Remember that system restoring is totally safe for your computer system, you will not loose any current files of your system.

Your Ad Here

Read rest of entry

Free Airtel GPRS Access for Internet on mobile by using TeaShark Browser

Now you can surf unlimited Internet on your mobile phone by FREE AIRTEL GPRSactivation (access) if you use free TeaShark Browser for your mobile handset.

Teakshark is a free browser for mobile phone. you can download this Teaksharkbrowser from here. Remember that this Teakshark browser is made for smartphones only. Few handsets may not be able to run this browser.

After installing Teakshark browser on you mobile hand set, just do following to surf Internet on your mobile free of cost. This is useful for all including Airtel Blackberry users.

1. you need to have Airtel Sim card on your mobile phone.

2. After installing, open it on your mobile, it will ask for access point, choose Airtel Live as access point. you need not to activate GPRS through SMS for using it, just choose Airtel Live as access point.

3. After finishing settings, open any website. All website will open in it.

You will find that your money will not be debited from your Airtel account.

The exact mechanism of how it is working is still not known, It may be due to some unseen programs. It is expected that in future this facility will not be available for free.

You need not to set any configuration of Airtel GPRS for this facility. Use it with cautious, you may be debited in future (no evidence found yet).

Read rest of entry

Increase Blog or Site Traffic..............

well ....................this is a common question from a few , how do you increase your site traffic...........well look no further ............................but you have to work hard tooo

1. Signup at Stumbleupon.com and make friends in your niche. You can then stumble your post and get your friends to also.

2. Go to Socialposter.com and fill in the exact url to your blog post then title,general summary text then your tags. Now submit to as many social sites as you can. If this is your first time to use these sites then you will need to signup.

3. Signup at technorati.com and add your blog then ping it when you update.

4. Get a free account at mybloglog.com and add your blog then join the communities and make friends. There is even a cool widget you can add to your blog like what you see on the right here.

5. Leave comments on blogs in your related niche. Here is a great free tool to monitor popular blogs in your niche so you can be notified and make one of the first good quality comments. Check it out at Commentsniper.com

6. Join Squidoo.com and make a lens then add a link to your blog.

7. Submit your blog to as many blog and rss directories as you can. Here is a good place to start http://www.masternewmedia.org/rss/top55/

8. Make sure and add your blog url to your forum signature on any forums you are a member. This can be a powerful way to attract visitors especially if you have quality forum posts.

9. Find one of the top bloggers in your niche then write a good review post of them. Let them know and they will probably link back to you.

10. Have an easy way for your readers to sign up for your RSS feed.

Read rest of entry

Discussion: crack key for any software

Need Help finding keys and cracks for various full version software!!!!!!!

JUST NAME YOUR SOFTWARE AND WE WILL GIVE YOU LINKS TO ITS CRACKS OR REGISTRATION KEY

Read rest of entry

Turn photoshop templates into wordpress themes

I am ecstatic about this… Smashing Apps just had a writeup about this new piece of software that turns your Photoshop templates into WordPress themes quickly and easily. And free!

That software is Divine.

How it works is you:

• Download and install divine
• Open Photoshop and launch Divine
• Assign all the WordPress elements like post title, post date, etc
• Specify your FTP parameters and upload your new theme to the web!

Truly, this is going to put a whole new spin on WordPress theme design - and it’ll probably put quite a few blog design companies out of business - which is unfortunate. Looking forward to what happens with this app though!

Read rest of entry

OS in a web browser- Windows Vista

For a long time, I’ve believed that the future of operating systems lies in a browser - hence Web Browser OS.

If you think about it, the only thing you SHOULD need to get up and running is a basic OS that runs your computer and opens up a web browser (which Linux does nicely).

WindowsForAll does exactly that.  It allows you to use the Silverlight technology and open up a full, Windows operating system in your web browser.

This os browser operating system deploys quickly and you can run all the native components on it.  The downside is you can’t store data and files on the instance because it technically ‘lives in the cloud.’

As clustering technology and server disk drives increase in size though, we’ll be able to enjoy the full potential of browser based operating systems!

Read rest of entry

Rapidhshare time bypass :

1. Download Firefox and install Skipscreen addon to bypass download wait time for rapidshare, zshare, etc.

2. Now, on restarting Firefox, just take any zshare download link (say http://www.zshare.net/download/501441765a5f90b8/) which requires you to wait for 50 sec to download file in absence of Skipscreen addon.

3. Now, in presence of Skipscreen, just enter http://www.zshare.net/download/501441765a5f90b8/ in address bar and you don’t have to wait for 50 seconds to download zshare file. On entering url, Skipscreen handles wait times and you get download file immediately.

Read rest of entry

Vodafone Hack for Free GPRS

I have been asked by many Vodafone Users to post a Method to get a free GPRS for the Vodafone. Nobody wants to pay for what he/she uses. I am also a Nobody so I was also in trying out all the things to get free GPRS for Vodafone users since I am also a Vodafone User. Finally I have got a Full proof way to get free GPRS for all the Vodafone Users. This method has been tested on different mobiles and has been confirmed to be working. Still if anybody faces any problem please contact me and I will try to solve it as quickly as possible.

Followng are the Settings you require to configure on your Mobile:

Account Name: Vodafone_gprs
Homepage: http://live.vodafone.in
User Name: (no need)
Pass: (no need)

Access Point Settings:

Proxy: Enabled
Proxy Address: 10.10.1.100
Proxy Port: 9401
Data Bearer: Packet Data

Bearer Settings:

Packet Data Access Point: portalnmms
Network type: IPV4
Authentication: normal
User Name: (no need)
Password: (no need)

*IF that happen this settings is not working then change the proxy port number to:-

Proxy Port: 9401

Read rest of entry

Backtracking EMAIL Messages

when you ask most people how they determine who sent them an email message and the response is almost universally, “By the From line.” Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The “From” header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the “From” header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options. In Gmail to view the headers there is a option show original in the menu at the top-right corner of the message.

Below are listed the headers of an actual spam message I received. I’ve changed my email address and the name of my server for obvious reasons. I’ve also double spaced the headers to make them more readable.

Return-Path:

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for ; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID:

From: “Maricela Paulson”

Reply-To: “Maricela Paulson”

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels…isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”MIMEStream=_0+211404_90873633350646_4032088448″

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn’t come from yahoo’s email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here’s is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 – 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 – 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN’s WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom’s web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host’s IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header.

Read rest of entry

Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.

The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks. Todd Mumford, from the SEO company called SEO Visions Inc, states “This can be a serious problem for Internet Marketers who travel often and use their wireless laptops and Gmal services often and do not always have access to a secure connection”

Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”

If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Read rest of entry

Free Calls

Gizmo Call

Make FREE calls quickly

Simply type gizmocall.com/18005551212 into your browsers address bar.
(put the number you want to dial in place of 18005551212)

Make FREE calls to landline and mobile phones in over 60 countries by participating in the All Calls Free plan.

Users NEW to the All Calls Free plan get 20 minutes of free calling simply by getting ONE friend to sign up for a new Gizmo account. There are no commitments and no hidden fees.

Get Started Now!

1. Tell a friend to download Gizmo5 and have them add their phone number to their profile.
   
2. Add each other to your contact lists and you can call that person for FREE using Gizmo5.
   
3. Be sure to make at least 1 Gizmo5 to Gizmo5 call per week or your free minutes will expire.
   

Read rest of entry

Setting Up A Hackers Workstation

Hi guys, Hope you have gone through the previous article and you’re now ready to take on the hacking stuff. At very beginning you have to make your workstation ready, so that things will be available to you at one click.

You have to collect some of the tools, Operating System & documentation on your PC with a very clear format.

Operating System:

Which OS to use, choice is all yours. Windows in all cases is not so ‘made for hacking’ according to me. Whatever XP,Vista or windows 7. They are all just OS which are made for novice public which can learn computers.

If you are a regular Linux user, Then shift to Backtrack Linux. It is Linux made for hacker geeks & completely embedded with all penetration testing tools in it. You can Download Backtrack here. But if you have never used Linux & wish to learn then you can use basic Linux distributions like Ubuntu. But remember that you or not supposed to learn Linux desktop environment like windows, you have to learn its shell or terminal. (command prompt of Linux)

As I said Choice is all yours you can go with Windows also. Its all on you. (Suggestion: If you can’t make it habit to learn new things, you can never be a HACKER)

Hackers Toolkit:

In your root directory or C:/ in windows make a folder named Tools. So that you can access all tools from command prompt easily E.g. c:/tools/example

Go surf for these tools enlisted.

• NMAP : Enumeration
• Nessus : Scanning & Enumeration
• Ethereal
• Snort : Network Hacking
• Netcat
• TCPDump : For sniffing TCP Packets
• WinDump
• Hping2
• DSniff : Sniffing Data Packets
• GFI LANguard : LAN Security
• Ettercap
• Whisker/Libwhisker
• John the Ripper : Password Cracking Utility
• OpenSSH
• Sam Spade
• ISS Internet Scanner : Web Server Security
• Tripwire
• Nikto
• Kismet
• SuperScan : Another Great Scanner
• Cain & Abel
• SolarWinds Toolsets
• NTop
• Nemesis
• Honeyd
• Achilles
• Firewalk
• AVG Free Antivirus
• Trend Micro online scan
• Tiny Firewall
• Symantec Virus Tools
• Linux Security Audit Tool
• Firewall Builder
• IPCop
• AirSnort : Wireless Network Hacking
• SATAN
• Rootkit Hunter : To find out installed root kits.
• SpamAssassin
• grsecurity
• IP-Scanner : To scan IP Ranges

What are these tools ? Why are they used for ? How to use it ? are some of the questions that are striking your head. Chill all dudes & babes, I am here to help you with each of the tools listed above. All you have to do is first download them all & place in your root directory.

When ever you are reading things you must have all these tools, So I am giving you the list. And yes, Don’t forget to Subscribe to Hacking Truths, because you can’t miss such valuable updates. And yes, don’t worry about such big list, you won’t need to use all at a time, they are have wide uses in different fields like – Cracking, Wireless Networks hacking, Password Hacking, Encryption, Sniffing, Scanning & Enumeration, SQL injection & Web Hacking etc.

So have the tools, and go through their home pages & read as more as you can. For any sort of problems you have, I am just a comment away from you.

Read rest of entry

Blue Ray ripping

The latest way of watching movies is through Blue ray disks, they are a futuristic version of DVD’s and blue ray disks can hold almost 50GB per disk. A very wide spread problem is backing up of videos and games from the blue ray disks to a hard drive, this seemingly amazing feat can be achieved by using a blue ray ripping software. iToolSoft Blu-Ray DVD Ripper is one such ripper which offers this feature. . iToolSoft Blu-Ray DVD Ripper offers frequent updates which allows you to easily rip high definition videos. The user is completely in control at all times even with the low system requirements. Any windows version above 200 with a processor of 1GHz or above can handle this software. iToolSoft Blu-Ray DVD Ripper is one of few software’s which offers the conversion of blue ray, dvd’s and cd format into any format required by the user.

If you think ripping is a very long and tedious process, you can’t be more wrong. With the iToolSoft Blu-Ray DVD Ripper any layman can rip blue ray disks. All you have to do is Preview, Cut Movie, Select Title of the blue ray and choose the output format, the software does the rest, it’s as simple as that.

Read rest of entry

Fool Your Friend With A Fake Virus

1) Download this an put it in ur friends startup to freak him by opening and closing his cd rom everytime he ons his comp

DOWNLOAD

2)Go to the guy's computer and make a copy of an often used program. Move the original to a safe hiding spot(c:\windows\system works great). Rename the copy's extension( the ".exe") to .txt. Open it. Find the part that says "This program must be run under Win32" or "This program can't be run in DOS mode" and change it to "Your system has been INFECTED!!!!! Happy virus checking(It'll never clean or quarrantine me)!" Then add some characters to the end. Now rename it's extension to .exe. It should now look the same as the original.

Read rest of entry

Hacking bsnl Broadband

Hacking Accounts
Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

Bsnl Broadband continues to grow as one the most popular broadband services in India with high speed facilities of upto 2 mpbs. But a large number of users of this service are vulnerable to hacker attacks because discovering and hacking the vulnerable victims of this network is shockingly simple. If you are a Bsnl Broadband user then immediately assess the security of your internet connection and take appropriate steps to secure yourself.

First lets see how simple it is to get bsnl broadband usernames and passwords. For this you shall need a ipscanner tool called Angry IP Scanner http://www.angryziber.com/ipscan/ or anything similar.

Ok so lets begin...

Step 1 : Start Angry IP scanner and goto options > ports. Type in 80 in the first ports textbox and click ok.
Then goto options > options ; in the display section select "only open ports" and click ok&save.

Now on the main screen put in the ip scan range as something 59.*.0.0 - 59.*.255.255 (for e.g. 59.95.2.3) and click the start button. And the list that shall follow next are the victims. In this example we choose the range 59.95.0.0 - 59.95.255.255. You will be surprised at the number of victims you discover.

Step 2 : Pick the ip-address of any of them and open up your browser and type in http://59.*.*.* (the * should be replaced by the values from the ip you are using. A box will popup asking for username and password. Enter the username : admin and password : admin .There is a high chance that you will be able to login with that username and password.
admin-admin is the default username and password that is set while manufacturing the adsl modem devices.

What follows next is the modem administration panel.
Simply search for the "WAN" option and click it. On the next page you will find the username and password of that user. now right-click on the page and click view source. in Mozilla/Opera This frame -> view frame source

Now in the source code search for this : INPUT TYPE="PASSWORD"

and the value field of this input element will have the password
if its not there as in case of D-Link DSL 502T ADSL Routers the search for this
input type="hidden" name="connection0:pppoe:settings/password" value="password" id="uiPostPppoePassword"
and the value field will have the password
Well each steps take less than 1 minute so getting username passwords wont take even 2 minutes and is easier than sending a mail.

And this exposes the weak security of bsnl broadband users.

Well this is not a weakness but more of a mis-configuration which leads to insecurity. If you understand networking then you would probably realise that it was merely logging into the remote administration service of the modem and nothing else. This was not really hacking but a simple search of victims who are absolutely ignorant of their weak security on the internet.

Most routers have an option where remote management can be disabled. In other words, you can only connect to the configuration interface from the internal network, not the WAN(Internet) side. You would definitely want to make sure remote management is not active to protect yourself.

Note : On SmartAX MT880 eventhough Remote Management is disabled , it permits remote logins from over the Internet. So change your mode administration passwords immediately.

The problem is that the professionals at Bsnl are ignorant of such simplicity of networking and unable to advise the users or guide them to take proper security measures leaving their customers and themselves absolutely unsecure.

Now lets check a few more options related to this issue. A bsnl broadband modem can be used in two modes. RFC Bridged mode and pppoe mode.

In the RFC Bridged mode the device behaves like a modem device that is attached to your computer and you use some dialup software to dial into the isp through this modem.This is PPPOE from the PC and the adsl device is a good modem. This mode is safer as the username password are on your pc and nothing is on the modem.

In the PPPOE mode the adsl device becomes a router - a distinct network device with many features enabled. In this mode the username password is stored in the modem which will dial to the isp and establish the internet connectivity. The computers will just connect to this router who would be their primary gateway. Now this is the mode where the risk exists.

If remote administration is enabled the remote users from the internet can login to this modems administration panel. Now the main problem is the default admin username-password which most users dont change due to ignorance. "admin-admin" is pair that works in most cases giving you full access to the modems internals. What follows next is simple as drinking a glass of orange juice.

Many users install firewalls and think they are safe, but they fail to understand that the firewall protects their PC not the "router" since the topology is like

(PC) -> router -> internet

So how should you secure yourself ?

1. Use RFC Bridged mode if it is sufficient for you.

2. Change the default admin password of your modem.

3. Disable wan ping reply . ( this will prevent the hackers from directly discovering your pc when it is on the internet)

4. Disable remote configuration feature.

5. Check your broadband usage on a regular basis and compare it with your own surfing schedules to check whether someone else has used it or not. If suspiscious usage is indicated then immediately change your bband password as well. Or a better suggestion will be to change broadband passwords on a regular basis.

Try to spread the security awareness to your friends and other relatives who are using Bsnl broadband and encourage them to secure their internet connectivity.

Read rest of entry