how to Disable the Remote Registry service in Windows

>> Saturday, August 29, 2009

The "Remote Registry" service enables remote users to alter registry setting on your computer. By default, the "Startup type" setting for the "Remote Registry" service may be set to "Automatic” or "Manual" which is a security risk for a single user (or) laptop computer user.

So, to make sure that only users on your computer can alter the process registry disable this "Remote Registry" service.
Here is how it can be completed:
1. Click Start and pick Control Panel from the Start Menu items.


If you find difficulty in accessing the Control Panel in your computer,

CLICK HERE To Know the Different Ways To Access the Windows Control Panel
2. If your Control Panel is showing items in Classic View, find the icon named Administrative Tools and double click on it.

Alternatively if you are under Category View, click Performance and Maintenance and then Click Administrative Tools

3. Now double-click on Services applet which is used to start, stop and configure windows services on your computer. This open the service window listing all the windows services.
4. From the right pane of the Services Window, find the service named Remote Registry

5. Double-click the "Remote Registry" service which shows the Remote Registry Properties for your Local computer.
Now, press the Stop button first to stop the started service and then pick Disabled from the drop down menu under 'Startup Type' and click Apply->OK.

6.Close the "Services" window and restart your computer for the changes to take effect.

That's it!! you have disabled the "Remote Registry" service on your computer to prevent unauthorized changes to the process registry.


JBoss goes Closed Source!

>> Thursday, August 27, 2009

For the past 3 years PushToTest published TestMaker, a popular utility and framework for automating Web tests, under a free open-source license. TestMaker now comes with an End User License Agreement (EULA) that costs either $12,000 per person, or $23,000 per year per person with upgrades included. Or $42,000 with no upgrades. The longer you wait the more expensive the license actually costs.

The adoption of open source J2EE application servers is growing by leaps and bounds. Many enterprises have adopted JBoss for many of their mission-critical applications. Do you happen to know what the JBoss Group is thinking?

Ask yourself, is it possible for any open source vendor to take advantage of the hard work of the community and then make it closed source? Before, you commit to using JBoss within the Enterprise, you need to consider the following:
Do not adopt an open source product unless there are alternative offerings from the community that adhere to the same standards
Do not take advantage of any proprietary features. Vendor Lockin can still occur with free software
Make sure that if they change clauses that it explicitly states that they have sole responsibility of paying prior contributors current market rate for all past contributions in order to remove liability and/or copyright infringement
Consider putting clauses into support contracts that prevent them from changing licensing terms without prior approval and full refund of any monies previously paid

If the vendor is funded by venture capital, ask for a statement directly from venture capitalists stating that they do not believe they own the intellectual property contained within the product

For the record, I am of the firm belief that JBoss Group has extreme integrity above and beyond what is found in other open source ventures and would never think of such an act. You should take the above steps with all open source vendors to protect your enterprise!


Why Open Source Software Sucks!

As an Enterprise Architect who is savage in evangelizing the merits of free and open source software within the enterprise, I worry about others jumping on the open source bandwagon and committing several fatal mistakes. For the most part, open source software sucks. The enterprise needs to consider the following truths about free and open source software.
 I am relaxing at home with my feet up on the couch brainstorming how open source projects I like such as Liferay (Enterprise Portal), Mule (Enterprise Service Bus), Drools (Rules Engine) and Magnolia (Content Management) could prosper. I came to realize the reason that these products are widely used but also relatively unknown is that they require those who truly understand technology (Not all IT employees understand IT!) for installation and support. The open source community is very strong at writing code but needs the assistance of those within Fortune 500 corporations with the other aspects of making open source software sustainable.

A simple truth is that writing documentation does not make endorphins flow. Maybe if those within corporate America considered free software as in freedom (rights and responsibilities) and wanted to make sure their investment in open source technology was sustainable they could have their employees contribute time and give back to the community by writing documentation. Good software's main problem is the lack of good documentation.

What if Enterprise Architects that worked for Fortune 500 enterprises took on the task of organizing usability studies, doing triage on bug reports, helped create bulletproof installation routines or guided open source project leads on creating friendly user interfaces, would both parties benefit? The answer to this question is patently obvious!

As I walk the halls of my own employer, I see the richness of having a diverse culture. We have individuals that speak a variety of beautiful languages such as French, Japanese, Spanish, German, Italian, Arabic, Hindi, Mandarin, Urdu, Tagalog, Vietnamese, Portuguese, Hebrew and Tamil. Open source projects could benefit by having those within corporate America provide translation services in native tongue.

The only way for open source software to not suck is by having enterprises acknowledge that the word free is not free in terms of price but free as in freedom and comes with rights and responsibilities. Enterprise architects fulfill your duty...


Linux-based home recording studio

Open source software has been available for multi-track recording for some time, but only in recent months has it finally matured to a point where it can handle both entry-level and production-level tasks. In the past you had to spend thousands of dollars to be able to record, which put recording demo tapes, extended play records, and long play records well beyond the budget of a hobbyist or struggling band.Check out:

Nowadays we have good quality open source software for recording and the Internet as a distribution mechanism. The cost to record is literally the same as the price of your computer and the time spent recording. The cost of hosted Web space to distribute is very cheap. You can and should also distribute your music on peer-to-peer networks. Today, you have the ability to create recordings on your computer using stock OEM hardware that rival the recordings available at your local music store and distribute your music to millions.


Cracking techniques for disgruntled employees (Part One)

Ever wanted to learn how to deface a website? Visit this site to learn how!How to deface a website for dummies
Hopefully, everyone reading this will use the same techniques to figure out what information is revealed about sites they control and will help others to secure theirs. This post is for educational and research purposes only. Do not attempt to violate the law with anything contained here. If you are here for illegal reasons, leave now. Only you are responsible for your actions.


Cracking techniques for disgruntled employees (Part two)

Bet ya didn't know that the number one tool used to crack web sites is google? Google is a really great search engine and is useful for finding lots of stuff on the Internet, including but not limited to files that google should have never seen in the first place. Listed below are some interesting google searches...service.pwd
"access denied for user" "using password"
filetype:php inurl:vAuthenticate
"ORA-00921: unexpected end of SQL command"
intitle:"please login" "your password is *"
Hopefully, everyone reading this will use the same techniques to figure out what information is revealed about sites they control and will help others to secure theirs. This information should not be used by disgruntled employees under penalty of me sentencing you to another four years of rule under George Bush.


How to crack a corporate network in 60 seconds

Ever seen the movie gone in 60 seconds? Well in the same way it is easy to steal a car, it is just as easy to steal passwords off a corporate network. Since the vast majority of corporate networks run Microsoft software such as Windows, it makes the task easy. Most enterprises are slow to upgrade even in situations where Microsoft told them to upgrade to Active Directory and that they will no longer be supported. Their lack of aggressiveness turns into an opportunity for those who want to crack a network in 60 seconds.

Lets look at the fastest way this can be accomplished...

Let me stand on my soapbox for a moment. If you are still running Windows NT and are a network administrator and/or responsible for IT security, go to your boss and ask him/her to fire you immediately!

The best way to attack a Windows network is to get hold of the Windows SAM file. The SAM file holds username, user ID (SID) and hashed passwords for all users. Once you have gotten a copy, you can use tools such as l0phtCrack and Cain & Abel. These tools can crack passwords in about eight hours. While not sixty seconds it is sufficient for most needs.
I have to keep my promise of telling you how to do it in sixty seconds though. In order to understand how it will be accomplished, you need to understand a little about how the SAM file is protected. First of all, the hashing routine used by SAM is based on the DES algorithm. Essentially, a 32 byte hash is generated from the password as follows:

Convert the password to uppercase

Truncate the password to 14 characters. If shorter then pad

Split the password into two 7 character halves and generate two 16 byte hashes using DES algorithm

Concatenate the two 16 byte hashes to form the 32 byte hash

If you understood the above steps, you would realize that cracking is reduced to cracking on or possibly two 7 character passwords without regard to case. This makes the number of combinations incredibly small.

To make the problem space even smaller, there are two different approaches one can use. The first is a dictionary-based approach where weak passwords are defined as any dictionary word or lame permutation of a dictionary word such as "password9". Precomputed hashes can be compared since the vast majority of users will use real words in their passwords instead of random character sequences (Security folks don't think for a second that changing your security policy is the answer). Secondarily, if you are on a non-switched network, a clever individual can use NetMon to sniffer the hashes off the wire.

Using this technique on a Pentium 4 3.2 Ghz machine (I have a Gateway), it takes 10 seconds to load the dictionary into memory but less than one second to actually crack the password. Subsequent runs will also take less than one second!

If you want to make it more difficult to perform this type of attack on your network, please see the following Microsoft Knowledge base articles.

Local Security Policy - 147706

Disabling hashing - 299656

Group policy enforcement of strong passwords - 225230


Cracking GSM phone crypto

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it in to a code book that can be used to decode conversations and any data that gets sent to and from the phone.
Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference. (Credit: Hacking at Random)he hopes that by doing this it will spur cellular providers in to improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users. "We're not generating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday. "Clearly we are making the attack more practical and much cheaper, and of course there's a moral query of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."This weakness in the encryption used on the phones, A5/1, has been known about for years. there's at least one commercial tools that permit for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the program to work, said Nohl, who previously has publicized weaknesses with wireless clever card chips used in transit systems. It will take 80 high-performance computers about one months to do a brute force attack on A5/1 and generate a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago. Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said. Participants download the program and one months later we share the files created with others, by BitTorrent, for instance, Nohl said. "We have no connection to them," he added. Once the look-up table is created it would be available for anyone to use. Distributed computing, which has long been used for research and academic purposes, like SETI@home, and which companies have built businesses around, not only solves the technical hurdle to cracking the A5/1 code, but it could solve the legal ones . A few years ago a similar GSM cracking project was embarked on but was halted before it was completed after researchers were intimidated, possibly by a cellular provider, Nohl said. By distributing the effort among participants and not having it centralized, the new effort will be less vulnerable to outside interference, he said. Nohl wasn't certain of the legal ramifications of the project but said it's likely that using such a look-up table is illegal but possession is legal because of the companies that openly advertise their tables for sale. A T-Mobile spokeswoman said the company had no comment on the matter. AT&T spokesman Mark Siegel said, "We take strange care to protect the privacy of our customers and use a variety of tools, lots of technical and some human approaches. I can't go in to the details for security reasons." he declined to elaborate or comment further. Taking precautionsCarriers should upgrade the encryption or move voice services to 3G, which has much stronger encryption, Nohl said. In the meantime, people can use separate encryption products on the phone, like Cellcrypt, or handsets with their own encryption, Nohl said. Amnesty International and Greenpeace are using phones with stronger encryption, for example, but it only works if both parties to a conversation are using the same technology, he said. For data encryption there is good Privacy (PGP) for e-mail and virtual private network (VPN) program for connecting to a corporate network, he said. The encryption problem is serious for people doing online banking, where banks are using text messages as authentication tokens. Banks should instead offer RSA SecurID tokens or send one-time pass phrases through regular mail, Nohl said. "I reckon, potentially, this could have as much impact as the breaking of WEP (Wired Equivalent Privacy) had a few years ago," said Stan Schatt, security practice director at ABI Research. "That shook up the industry a bit."As a result of breaking that encryption, enterprises were reluctant to rely on wireless LANs so the Wi-Fi Alliance pushed through an interim standard that strengthened the encryption method, he said. "Vendors will jump in with interim solutions, like Cellcrypt," Schatt said. "Mobile operators themselves will have to jump in and offer additional levels of encryption as part of a managed service offering for people who want a higher level of encryption."However, consumers aren't likely to want to pay extra for the boosted encryption strength, he said. To snoop on someone's phone, a would-be spy would want to be within eyesight of the target, Schatt said. Or, spies could point a recording device in the direction of a building and grab whatever conversations were nearby, he said. "If you stand outside a building of a competitor you could get conversations between product managers and about sensitive corporation information, like acquisitions," he said. "Corporations put even more sensitive information over their phones, in general, than we do over their e-mail." The project web page is here and the the talk with slides is here.


Dangerious Linux Kernel Vulnerability For ALL 2.4 & 2.6 Kernels

>> Thursday, August 20, 2009

This is a serious bug, it effects all Kernel versions released since May 2001! That goes all the way back to the early 2.4 versions.It’s also exploitable according to the report – This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel (which I would assume to be root).At least it only allows local priveledge escalation, if was a remote root exploit in the would be a disaster.Imagine all the Linux boxes out there connected to the net where the admin doesn’t update or read security resources.
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.“Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit,” security researcher Julien Tinnes writes here. “An attacker can just put code in the first page that will get executed with kernel privileges.”A patch has been released, so if you have untrusted local users on your system UPDATE YOUR KERNEL NOW!This is the second time this year there has been a serious exploit in the Linux Kernel, which in a way is good because it means people are looking at it critically.The more bugs that get exposed, the more secure the Kernel and our operating systems become.
Tinnes and fellow researcher Tavis Ormandy released proof-of-concept code that they said took just a few minutes to adapt from a previous exploit they had. They said all 2.4 and 2.6 version since May 2001 are affected.Security researchers not involved in the discovery were still studying the advisory at time of writing, but at least one of them said it appeared at first blush to warrant an immediate action.“This passes my it’s-not-crying-wolf test so far,” said Rodney Thayer, CTO of security research firm Secorix. “If I had some kind of enterprise-class Linux system like a Red Hat Enterprise Linux…I would really go check and see if this looked like it related, and if my vendor was on top of it and did I need to get a kernel patch.”I wonder if any more major bugs will be disclosed before the end of the year? The less Kernel updates that need to be carried out the better in my books.Full technical details of the bug can be found here:
Linux NULL pointer dereference due to incorrect proto_ops initializations


Batch File Programming E-Book Released Online

>> Tuesday, August 18, 2009

am very happy to inform that the E-book on ‘Batch File Programming‘ authored by me is published on the Internet today. More over i have found 39 Reads with in 15 Minutes from the time of uploading in the popular Document uploading site

This book ‘Batch File Programming’ is written after experimenting and testing all the snippets covered in this book. Batch File Programming is a pretty old one, but i have found lot of books that haven’t covered the dark-side of the batch, which still remains untold. The ultimate goal of this book is to make the readers understand how it works, what are the limitations of the batch, what else is possible with a batch, constructing useful programs with various views, Creating a batch virus by mis-using the commands, creating a batch file to an executable and lot more.
This book is aimed at novice to advanced programmer, No matter if you are new to programming, this would be the right drive to start with, since this book contains real time examples along with screenshots that really helps in a better understanding of the concept.
Batch File Programming
Batch File Programming

Due to more number of readers online for this book, scribd has awarded and added this book to its ‘HOT LIST‘, just within the 3 hours from the time of upload.
Even though I have enclosed the scribd link for reading this book online, i am enclsoing the Table of Contents here in this page for your kind review.

  • Introduction
  • Internal & External Commands
  • Run Line Commands
  • Batch Operators
  • Basic Commands
  • Environment Variables
  • Looping Statements
  • Conditional Statements
  • Commands Associated with files and folders
  • Network Troubleshooting commands
  • Code snippets
  • Virus Programming
  • Converting Batch to Executable’s

Each of the category displayed in the table of contents has its own sub-categories along with lot of batch programs bundled with it.
If you want to read the book online, you can check with this Link
or by Clicking Here


Google's new operating system to take on Microsoft

Google is developing a new operating system for laptop computers in its boldest challenge yet to Microsoft's control over people's computing experience.
The new operating system will run through Google's nine-month-old Web browser, Chrome, according to a post late Tuesday night on the Mountain View-based company's Web site.
Google plans to introduce the operating system during the second half of 2010.
The new operating system is being designed for "netbooks," a low-cost, less powerful breed of laptops that is becoming increasingly popular among consumers primarily interested in a having a computer to surf the Web.
The Chrome browser could threaten Microsoft's Windows system, which has been running most personal computers for the past two decades.


how to trasfer the data fasly in windows

File transfers can be tediously slow in Windows and in this guide, we’ll take a look at two file transfer alternatives for Windows. The first program is Teracopy and the second is FastCopy. Each program is designed to significantly cut down the time it takes to copy files between devices and even on the same drive.


TeraCopy has a very clean interface and integrates in with the Windows Shell well. Just select the files you want to copy and let TeraCopy do its thing. TeraCopy is fast and lets you pause transfers whenever you like, which is very useful if you need to transfer some other files quickly or if your CPU is busy and the transfer is slowing it down.

TeraCopy halves the time of average file transfers compared to Windows Explorer’s file transfer method; however, read on: FastCopy is very fast!
TeraCopy works with Windows Vista and XP and is free.

Download TeraCopy

Burst Copy

Tera Copy 1.22

Copy & Paste this key to register:

LVUWAwRAAAQgJMmiehmdX7yjHnKa9s72AhAV2GtLjiomYWkHwg T1FA2dBKVjNZvM
g8k6osRrc29X4sBPgXn1xj34Si9Aws8VsrJKjQ1k/GvdHRwvPl zh5AA4T8Se7fib
fMjU7ejSToB/LkSoNy0DIsRQZTafx6mQ+pQxdygikYwuddhBHF Z+m3r1LxYJkv6f
Llm6CRvkZdTUSYyzFEGidf0+3W2NtGAax8znrShhHT6wH99km1 2RltylA8Bu2njh
WNbTxJXB90uXMrU91ethvc67iL0+/1DlADeuUj/IdXpZZbWdJO Hw8FB3Qa09nNZv
1fBFdoO57J7BtoG/6hZU0VdPQmlV3tGXbLQ5fSuK7ZO0sLhrOT oI+2GvH3f6nMY3


FastCopy is a program that can be integrated with the Windows shell or run as a portable USB application. Fast copy speeds up file transfers dramatically and helps when shifting lots of data. I recently moved over 2TB between drives and the whole move took just under 4 hours. I estimate Windows Explorer would have taken at least 24 hours to move this data (quite a lot of small files.)
FastCopy also outperformed TeraCopy and at least halved the time it took to perform file transfers. With lots of small files, FastCopy blew TeraCopy out of the water; this program is really quick!
FastCopy works with Windows Vista and XP and is free.

Download FastCopy

The Verdict

FastCopy is definitely faster, but if you prefer better looks and a more usable GUI, then TeraCopy takes the win. If you want to pause transfers for reasons mentioned above, TeraCopy is the program for you. Each program has its own advantages and it will come down to user preference. Give them both a try and you decide.


Is Government Going To Shutdown All underground Hacking Forums ?

| ]

A notice on underground cybercrime forum on Thursday suggested the site had become part of a law enforcement sting operation. However hacker hijinks and mischief making seem equally likely explanations for the incident, at the time of writing.'s home page has been replaced by an jpg image notice stating that the previous cybercrime activity on the site has been logged and will be passed on to appropriate law enforcement agencies. It's unclear who posted the advisory, which was spotted by security researcher Mikko Hypponen of F-Secure, or even whether it is genuine.
No law enforcement agency is identified on the notice.

Roots you, sir.
Chris Boyd, a security researcher at Facetime, and long time nemesis of s'kiddies, cautions that several underground hacking forums were defaced recently and the r00t-y0u incident might be related. Bearing this important caveat in mind, the notice on states


how to port forward the port freely and easly

| ]

Port forwarding has always been a headache for basic computer users. I still remembered that I had quite a tough time trying to understand what is port forwarding and how do I get it to work by configuring port forwarding in my router. If you have a direct connection to your broadband using an ADSL modem, then you don’t need to worry about Port Forwarding.

the simple port forwoding tool which costs 15$ is now free

Simple Port ForwardingWindows 98, ME, 2000, XP, 2003, Vista, 2008 & Requires Internet Explorer 6.0 or higher
Currently the latest Simple Port Forwarding v2.0.2 works on the following routers:

  • (All Routers With Tomato v1 Firmware)
  • 2Wire – 2701HG-D (Qwest Firmware)
  • Actiontec – GT701 v2 (Qwest Firmware)
  • Actiontec – GT701WG v2 (Qwest Firmware)
  • Actiontec – M1000 (Qwest Firmware)
  • Actiontec – MI424WR (Verizon FiOS Firmware)
  • Actiontec – R1520SU (Qwest Firmware)
  • Belkin – F5D7230-4 v9 (Belkin Firmware)
  • Belkin – G Plus MIMO F5D9230-4 v5 (Belkin Firmware)
  • Belkin – G Plus MIMO F5D9231-4 v1 (Belkin Firmware)
  • Buffalo – WZR2-G300N (Buffalo Firmware)
  • D-Link – DI-624 (D-Link Firmware)
  • D-Link – DIR-655 (D-Link Firmware)
  • Edimax – AR-7064 A (Edimax Firmware)
  • Edimax – BR6104K (Edimax Firmware)
  • Gnet – IP0006 (Gnet Firmware)
  • Linksys – BEFSR11 (Linksys Firmware)
  • Linksys – BEFSR41 (Linksys Firmware)
  • Linksys – BEFSR81 (Linksys Firmware)
  • Linksys – BEFSRU31 (Linksys Firmware)
  • Linksys – BEFW11S4 (Linksys Firmware)
  • Linksys – RT31P2 (Linksys Firmware)
  • Linksys – WAG354G (Linksys Firmware)
  • Linksys – WRT110 (Linksys Firmware)
  • Linksys – WRT150N (Linksys Firmware)
  • Linksys – WRT160N v2 (Linksys Firmware)
  • Linksys – WRT300N (Linksys Firmware)
  • Linksys – WRT310N (Linksys Firmware)
  • Linksys – WRT54G (DD-WRT v23 SP3 Firmware)
  • Linksys – WRT54G (Hyperlite Firmware)
  • Linksys – WRT54G (Linksys Firmware)
  • Linksys – WRT54G (Satori-4.0 Firmware By Sveasoft)
  • Linksys – WRT54G2 (Linksys Firmware)
  • Linksys – WRT54GL (Linksys Firmware)
  • Linksys – WRT54GS (Linksys Firmware)
  • Linksys – WRT54GX2 (Linksys Firmware)
  • Linksys – WRT54GX4 (Linksys Firmware)
  • Linksys – WRTP54G (Linksys Firmware)
  • Microsoft – MN-700 (Microsoft Firmware)
  • MSI – RG60G (MSI Firmware)
  • NetGear – DG834 v3 (NetGear Firmware)
  • NetGear – DG834G v2 (NetGear Firmware)
  • NetGear – RP614 v2 (NetGear Firmware)
  • NetGear – RP614 v4 (NetGear Firmware)
  • NetGear – WGR614 v5 (NetGear Firmware)
  • NetGear – WGR614 v6 (NetGear Firmware)
  • NetGear – WGR614 v7 (NetGear Firmware)
  • NetGear – WGR614 v9 (NetGear Firmware)
  • NetGear – WNR834B v2 (NetGear Firmware)
  • NetGear – WPN824 v2 (NetGear Firmware)
  • NetGear – WPN824 v3 (NetGear Firmware)
  • Nexxt Solutions – NW230NXT14 (Nexxt Firmware)
  • Sagem – FST3202 (Livebox Firmware)
  • Trendnet – TEW-632BRP (Trendnet Firmware)
  • if your router is not in the list dont worry just take the screen shot and send the screen shot the author he will add your soon got to this page to add
    [ Download Simple Port Forwarding v2.0.2 ]



    [ Download Simple Port Tester ]


    Happy Computer Security Day

    >> Saturday, August 15, 2009

    Computer Security Day is an annual event that is observed worldwide. It was started in 1988 to help raise awareness of computer related security issues. The goal of Computer Security Day is to remind people to protect their computers and information. Officially, Computer Security Day is November 30th. However, some some organizations choose to have functions on the next business day or week if CSD falls on a weekend.
    Security Day
    Computer Security Day is a great opportunity for information security professionals and their organizations to raise the level of awareness within their users. We can help by providing ideas for CSD activities, posters and other resources.

    For 2008 the theme for CSD will be “A Good Defense ” The poster has yet to be designed but will include an image and text portraying the idea that we must be proactive and active for security to work. Each individual is responsible and plays a part in protecting information assets and resources. These include:

    Computer Security Day
    * Viruses
    * PC security
    * Firewalls
    * Using strong passwords
    * Social engineering
    * Physical security of information resources and assets


    How to Copy Locked Photos from Orkut ?

    here is one easy work to save photo’s you like.
    Just Press “printScrn” key and open your paint then paste it there.
    save the file as … and edit it,,,,,


    Hacking a website or its member section

    First of all,why you want to hack a webpage?Is it a certain webpage or any site at all? There are many reasons to hack a website, or a webmaster.Maybe you want to take a revenge or maybe you want to have fun or just learn how to do it ! You can deface the website which means replace the original index with a new one or you can gain access to the member area of the site which might be easier.



    You can deface the site through telnet or your browser by running remote commands on an old or misconfigured server, the hard thing to do is find an old server , maybe a network of a school or university would do,get a CGI BUG searcher.This program will scan ranges of IPs for web-servers and will scan them for known bugs in their cgis or other bugs and holes.You can learn how to exploite a certain hole by adding in yahoo the name of the bug/hole and the word exploit,search for “cmd.exe exploit”.There are more than 700 holes that many servers might have! You can also deface a website by finding the ftp password and just browse through the sites ftp and replace the index.htm.You do that with the :Brute force


    Brute force

    To do that you need a brute forcer or brute force attacker and some word lists,the brute forcer sends multiple user/pass requests of words that picks up from namelists and tries to hack the account untill it does! So lets say imagine a porn site that asks for a password , you go there you copy their address , you add the address in a program called brute forcer and then from the brute forcer you choose a text file with names to be used as usernames and a text with names to be used as passwords,the brute forcer will try untill it finds a correct user/pass This should be easier for the newbies than exploiting cgi bugs , many of the newbies havent even heard of it i hope i didnt confuse you with this tutorial there might be more tuts about web hacking and cgi bugs and such.Till then try to find the way to cgi bugs yourself with the cgi scanners in the Web Hacks section or download a brute forcer to crack accounts.


    Pakistani Hacker hacks Kevin Mitnick

    On 21th August Kevin Mitnick the legendary hacker of the 90’s who got sent to jail for his suspicious social engineering based hacking activities for a five-year prison term in 1995 was at this week at the receiving end of a massive defacement of four of his websites (Defacement) , (Defacement), (Defacement) & (Defacement).

    Hacking has been a part of the Internet practically from its inception back in the 80’s, in my heydays of computer wonders I was fascinated by the simplisticly of hacking Win 95 and 98 systems by simple tools like BO2K and other awesome Trojan stuff. My effort was very limited to a few simple steps but was simply mesmerized at what could have been done had I known a little of Unix and an intricate knowledge of coding. I have always considered hacking as an important factor in the continued development of this infrastructure we have come to live on called the world wide web, to be honest if there were no destructive forces attempting to take down the system who would have bothered to continuously revolutionize this technology which in turn spurns new inventions and creations which have come to impact our daily life. One has to take the good with the bad, and sincerely hope that the good elements continue to over shadow the evil side.

    The sites under question have been hacked by FBH (Federal Bureau of Hackers) (website??) who have been operating since 2002 in their previous defacements they have been supporting the cause of Kashmir and been ridiculing the Indian Prime Minister Vajpayee (Defacement – Sony

    I personally would not be too proud of FBH being a Pakistani as it tends to cast a bad name for my country, especially in this ever-paranoid post 9/11 era where every brown skin Muslim is suspected for being an Al-Qaeda operative. Lets work to keep Pakistan in the good books until the image of a peace loving nation restores confidence in the world, we all have to work hard.


    The First Mobile Botnet?

    >> Wednesday, August 12, 2009

    Assuming the iPhone exploit described above was able to make it into the wild, it could effectively compromise all the unprotected iPhones in the world (which, in theory, would be all of them, if no patch is distributed). The hack would essentially turn the phones into "zombies" - a term usually used to refer to PCs compromised by a hack, virus, or trojan horse in order to do the bidding of a hacker. Along with other compromised PCs like them, this group of computers would form a botnet of "zombie" machines.
    While botnets are common in the PC world - it's estimated that these machines are used to send anywhere from fifty to eighty percent of spam worldwide - botnets consisting of mobile phones are practically unheard of...or are they?
    Earlier this month, Symantec revealed an SMS threat dubbed "Sexy Space" created using malware known as SymbOS.Exy.C, a revision of older variations also used to create similar threats. Using simple social engineering tactics, this hack involves sending SMS spam with names like "Sexy View," "Sexy Girl," and "Sexy Space" to encourage victims to click an included link in the text message.
    This particular exploit, only found on Symbian-powered devices so far, is smart enough to end certain programs on the hijacked phone that would make it possible to manually end the threat. At first, the hack was only being seen in China, but later an English version was discovered in the Middle East.
    What's most frightening about this particular threat is that it's controlled by a central server. That means hackers could control the attacked phones the same way hackers today control zombie PCs. This led the Symantec researchers to wonder if this was, in fact, the first case of a mobile botnet being spotted in the wild.


    The iPhone SMS Hack

    According to Forbes, the SMS exploit being demonstrated at Black Hat today involves sending short, mostly invisible SMS bursts which would allow a potential hacker to entirely take over the phone. The only warning you would have to alert you to the hack would be a text messaging that contained a single square character. If you received something like that, your only recourse would be to turn the phone off immediately.
    The researchers said they alerted Apple to this vulnerability over a month ago, but no patch has been released. Apple isn't returning calls requesting a comment, either


    The Future security mobile botnets take over ipone just with A SMS

    Today at the cybersecurity conference known as Black Hack, researchers Charlie Miller and Collin Mulliner will present an SMS exploit that could take over your iPhone with just one text. Once the phone is compromised, the hacker would have access to all the functions on the phone allowing them to send email, access your contacts, make phone calls, and of course, send text messages that would send the exploit to more devices.
    This serious vulnerability (which apparently Apple sat on for over a month) is probably the first time that most people have heard of mobile phones being used to create botnets. However, this isn't the first sighting of a mobile phone hijacking attempt for the purpose of botnet creation - a similar exploit was discovered earlier this month. Does this mean we're on the verge of a new and dangerous trend: the creation of "zombie" phones?


    Open command prompt from where it is Banned

    >> Saturday, August 01, 2009

    Open up Command Prompt (Start>Run>
    Can't use command prompt at your school?
    Open up Microsoft word..Type:
    Then save it as Somthing.bat.
    Warning: Make sure you delete the file because if the admin finds out your in big trouble.
    --Adding a user to your network--
    Net user Haxxor /ADD
    That will add "Haxxor" onto the school user system.
    Now you added users lets delete them!
    Type: Net user Haxxor /DELETE
    Warning: Be carefull it deletes all their files.
    "Haxxor" will be deleted from the user system.
    Hmmm? It says access denied?
    Thats because your not admin!
    Now lets make your Admin!
    This will make Haxxor an admin. Remember that some schools may not call their admins 'adminstrator' and so you need to find out the name of the local group they belong to.
    Type: net localgroup
    It will show you what they call admin, say at my school they calll it
    adminstrator so then i would
    Type: net localgroup administrator Haxxor /ADD
    Getting past your web filter.
    Easy way: Type whatever you want to go on say i wanted to go on miniclips bug on wire i would go to google and search miniclip bug on wire
    then instead of clicking the link i would click "cached".
    Hard way: I'm hoping you still have command prompt open.
    Type: ping
    And then you should get a IP type that out in your web browser, and don't forget to put "http://" before you type the IP.
    Sending messages throught your school server
    Okay, here's how to send crazy messages to everyone in your school on a computer. In your command prompt, type
    Net Send * "The server is h4x0r3d"
    Note: may not be necessary, depending on how many your school has access too. If it's just one, you can leave it out.
    Where is, replace it with the domain name of your school. For instance, when you log on to the network, you should have a choice of where to log on, either to your school, or to just the local machine. It tends to be called the same as your school, or something like it. So, at my school, I use
    Net Send Haxxor School * "The server is h4x0r3d"
    The asterisk denotes wildcard sending, or sending to every computer in the domain. You can swap this for people's accounts, for example
    NetSend Varndean dan,jimmy,admin "The server is h4x0r3d"
    use commas to divide the names and NO SPACES between them.
    what say??


    Allowing dos and regedit in a restricted Windows

    A very simple tactic I found after accidentally locking myself out of dos and regedit is to open notepad and type the following:


    Save it as something.reg then run it. Simple.


    How to Hack using Keylogger

    The best and easy way to hack in to any email account or spy your friend account is trough keyloggers in this post i will explain

    A step-by-step guide to successfully creating a deployment package, sending it, and receiving information using Ardamax Keylogger. Now, in this guide, I only use one method of recieving information, and that’s an FTP. I also do not protect the files. Any suggestions and comments are appreciated. Let’s begin.
    some of the keyloggers are detected by the anti virus if u want to make a undetectable keylogger simple using c just check the method 2
    Method 1 :setting up the pre-made keyloggers
    Head on over to:
    And scroll to the bottom. Download the free trial.
    After downloading, open the program and install it. Simple enough, right? After installing, go to wherever you installed it at, and open it. It should open at the bottom right corner of your screen, down by the time. If not, press ctrl+shift+alt+h. Now, leave that alone.
    Next, go to:
    Download the appropriate serial.
    Now, open it, and it should give you a name and a jumble of letters and numbers.
    Go back to the Ardamax icon at the bottom right, and right-click it.
    Click the “Enter Registration Key” button.
    Use your serial/crack to unlock the full version. Congratulations, you are now ready to make your first deployment package.
    If you want to attach the keylogger to an existing file, go ahead and place that on your desktop.
    Again, right click the icon at the bottom-right.
    Click “Remote Installation”.
    Click next.
    Now, if you want to attach your keylogger to an existing file, tick the box that says “Append keylogger engine to..” etc etc.
    If you tick it, click Browse, and select the file.
    If not, continue down. The installation folder on target computer needs to remain Windows System Folder for added security, so leave it be.
    Add any additional components you would like. I just leave mine as “log viewer” since all I grab are passwords from games.
    From this point, click next.
    Now, this part is self explanatory. I tick all of the boxes, as to hide it from everything visible, otherwise they can just see it and be like “Wtf”, uninstall, etc.
    Can’t have that, now can we?
    Click next.
    For Security, do what you want. I leave all of it as-is and click next again.
    Now, uncheck the “Check for updates” box, else it will check for updates on their computer and they will know that they are bugged.
    Click next.
    Tick the “Start in hidden mode” box, and leave the “Run on windows start up” as-is.
    You may pick a date to self destruct, if you like. Sounds noisy, right? It simply removes itself on selected date. If not, leave it alone, and it will never self destruct.
    Click next.
    Tick the “Send logs every..” box, and choose how frequently you would like to recieve information that has been sent.
    Select ‘FTP’ and de-select everything else as a delivery method.
    You may choose what you want to see. I take out screenshots. Causes lag for me.
    Leave log format alone.
    You may choose to send logs if it exceeds a certain size, or if you want it to send no matter what, untick the box, which is what I do.
    Continue on! (next.)
    Now the fun part. -_-.
    Head on over to:
    Make an account, etc etc.
    Save your FTP Account name and password. You’ll need it in a moment.
    This site will be the site that holds all information recieved by the keylogger.
    When you’re done, scroll down a bit.
    Under “FTP Accounts”, click “File Manager”.
    Near the top, click the “New Dir” button, and create a directory by any name you want. My favorite is “lolbeans”.
    Now, hold that thought. Bring the keylogger back.
    In Ftp Host, put in:
    In “Remote Folder”, put in the new directory’s name you made. So, in this scenario, “lolbeans” without the “’s.
    Fill in your Username and Password.
    I leave Passive Mode checked because I’m not sure what it does, rofl. :[
    Leave port alone as well. It’s default.
    Now to make sure everything is correctly done, click test. It should tell you it all went through. And to double check, you can refresh your open window. Click your “lolbeans” directory and there should be a test file in it.
    Click next, if you’re still alive.
    Tick anything and everything you want.
    If you selected screen shots to be enabled, pick how you want them delivered. Click next. If not, ignore this step.
    Browse where you want the keylogger to be placed. You can also change the icon, which is nifty. If you’re apologizing to a bitch ex girlfriend/boyfriend of yours, you can change the icon to a notepad and name it “Apology”, and they fall for it.
    This screen will go over with you everything that you have chosen. Make sure it’s all correct.
    Click Finish.
    Now, if you appended the keylogger to something, you’re going to need to put the “install” (feel free to rename it so it’s not so obvious) and appended file into a .zip or .rar file.
    If not, you have the simple “Install” on your desktop. Also, feel free to rename it to something like “Apology” or “OMFGFunnypicture!!!.jpg”
    Upload the file or .rar/.zip somewhere, and let your target download it. They will double click it, and on their end, nothing will happen, but secretly, they have been keylogged.
    Check your FTP Directory that you made as frequently as you told it to send logs, and you’ll have everything you need.
    Feel free to test it out on yourself.
    Method 2: how to code your own keylogger
    check this post its very use full some of the keyloggers wont work they are detected by the anti virus so its best to code your own keyloggers


    Black Hat Hackers

    black-hat is a term in computing for someone who compromises the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. The term white hat is used for a person who is ethically opposed to the abuse of computer systems. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning. The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country’s laws is actually software cracking.
    (Source)(In No Particular Order)


    Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.”
    James’ major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive e-mails and capture employee usernames and passwords.
    James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, “The software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, “The code itself was crappy . . .certainly not worth $1.7 million like they claimed.”
    Given the extent of his intrusions, if James, also known as “c0mrade,” had been an adult he likely would have served at least ten years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he’s learned his lesson and might start a computer security company.

    Adrian Lamo: Lamo’s claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the “homeless hacker,” he used Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. In a profile article, “He Hacks by Day, Squats by Night,” Lamo reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional.”
    Lamo’s intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it’s legal. What Lamo did is not.
    When he broke into The New York Times’ intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times’ LexisNexis account to research high-profile subject matter.
    For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

    Kevin Mitnick: A self-proclaimed “hacker poster boy,” Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as “the most wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown.
    Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation’s computer network and stealing software.
    Mitnick’s mischief got serious when he went on a two and a half year “coast-to-coast hacking spree.” The CNN article, “Legendary computer hacker released from prison,” explains that “he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system.” He then hacked into computer expert and fellow hacker Tsutomu Shimomura’s home computer, which led to his undoing.
    Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.

    Kevin Poulsen: Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”
    Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
    His hacking specialty, however, revolved around telephones. Poulsen’s most famous hack, KIIS-FM, was accomplished by taking over all of the station’s phone lines. In a related feat, Poulsen also “reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency.” Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
    Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.

    Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
    Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years’ probation, 400 hours of community service and a fined $10,500.
    Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
    Mass media claimed at the time he was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology.
    According to the coverage, in 1994 Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the United States, the Netherlands, Germany and Israel.
    In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular website dedicated to telecom market.[1] According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.
    ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved. ArkanoiD’s group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank’s USA-based networks remotely. Members of the group played around with systems’ tools (e.g. were installing and running games) and were unnoticed by the bank’s staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. Someone of them later handed over the crucial access data to Levin (reportedly for the stated $100).

    In human terms, it’s a case of a trusted, 11-year employee gone bad. Lloyd built the Novell NetWare computer network at Omega South and then blew it up with a software time bomb after he fell from corporate grace and was ultimately fired for performance and behavioral problems. Today, he faces a sentence of up to five years in prison.
    In a business sense, the loss of its key manufacturing programs cost Omega, which builds measurement and instrumentation devices for customers like NASA and the U.S. Navy, more than $10 million, dislodged its footing in the industry and eventually led to 80 layoffs.
    The 1996 incident set off an intense investigation that brought together the U.S. Secret Service and one of the world’s top data recovery and forensics experts to piece together the evidence that would ultimately lead to Lloyd’s arrest and conviction
    David Smith, the author of the Melissa virus, was facing nearly 40 years in jail when he decided to cooperate with the FBI.
    Facing jail time, public wrath and a fortune in potential fines, the 30-year-old sender of the fast-spreading Melissa computer virus did what hundreds of criminals have done before. He agreed to go undercover.
    Federal court documents unsealed at the request of the Associated Press show that for almost two years, Smith – then out on bail – worked mostly full time cruising the dark recesses of the Internet while the FBI paid his tab.
    What did the FBI get? A windfall of information about malicious code senders, leading directly to two major international arrests and pre-empting other attacks, according to federal prosecutors.
    What did Smith get? Just 20 months in federal prison, which was about two years less than the minimum sentencing requirement, and about 38 years less than he faced when initially charged.
    Sometimes it takes a thief to catch a thief, said former federal prosecutor Elliot Turrini, who handled Smith’s case and agreed to the reduced sentence.
    About 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage, but Smith is the only person to go to federal prison in the United States for sending one.
    The computer hacker known as “Mafiaboy,” who crippled several major Internet sites including CNN, arrives in court Thursday, Jan. 18, 2001 in Montreal, Canada. He pleaded guilty on Thursday to 55 charges of mischief. The trial of the 16-year-old Montrealer, who can not be identified under Canadian law, was set to begin Thursday on 66 charges relating to attacks last year on several major Web sites, as well as security breaches of other sites at institutions such as Yale and Harvard.
    Mark Abene (born 1972), better known by his pseudonym Phiber Optik, is a computer security hacker from New York City. Phiber Optik was once a member of the Hacker Groups Legion of Doom and Masters of Deception. In 1994, he served a one-year prison sentence for conspiracy and unauthorized access to computer and telephone systems.
    Phiber Optik was a high-profile hacker in the early 1990s, appearing in The New York Times, Harper’s, Esquire, in debates and on television. Phiber Optik is an important figure in the 1995 non-fiction book Masters of Deception — The Gang that Ruled Cyberspace
    Sources: News

    Related Posts with Thumbnails

      © Blogger template Webnolia by 2009

    Back to TOP