How Hackers Get Hacked ?

>> Monday, September 28, 2009

npaperWell, not exactly. But that’s the type of stories I have to sort through to get the top interesting stories each week for my newsletter. Well, every week unless something comes up like sleep, laziness or procrastination. So, be grateful that you don’t have to read about how Bob got hacked in the head by his over-reactive girlfriend after he slept with her mother, and just sign up for the newsletter on the ——————>RIGHT———————> and get all of the best hacker news each week. 

If you are clueless to why such stories would come up… I use Google alerts. Great tool. 

Once again, you can sign up by entering your name and email on the right —————–> I’ll be publishing this week’s news shortly.


Secure Your Computer With Norton 2010 Internet Security + Trial Reset


Norton 2010 Internet Security (Eng) + Trial Reset 2010 - 1.4 BE

Norton Internet Security 2010 was designed to be the fastest virus, spyware and internet protection you can buy. The Norton Internet Security main window acts as a security management interface.
Norton Internet Security 2010 will be the fastest and lightest security suite Symantec has ever delivered. It guards your PC, network, online activities and your identity with innovative, intelligent detection technologies optimized to combat today aggressive, rapid-fire attacks. Improved Norton Safe Web technology blocks Internet threats before they can infect your PC.   


Create Graphic Applications With Corel Designer Technical Suite X4


Corel DESIGNER Technical Suite X4 DESIGNER Technical Suite X4 is the trusted choice for businesses that need to effectively communicate the strengths of their products and services through clear, informative technical illustrations or diagrams.


How to send a single post to many forum at a time

Auto Poster is a small program that sends a single post to many forums at the same time in one single click. It does this without the need for a browser or any interaction by the user, and utilises multi-threading technology to send to every forum at the same time!

This program is COMPLETELY FREE! Designed by the Extreme Warez Development team, this program, in true Warez spirit does not make any profit through the sale of this program. The auto-poster does NOT add anything to your post such as a "program signature" that is often added by other programs. Your post will appear exactly as it would normally appear if it had been sent on a forum.


Hacking Tool ! Botnet

robotEver wonder how hackers are able to do all the stuff they do?  Many expert hackers do not just log on to systems using manual processes.  They get help from robots.  Yes, that’s right – robots.  Not your typical idea of a robot though but something that is called as such because they work autonomously and automatically.

Botnet, also known as robotic network,  is a group of computers that run the same computer robotic application controlled or manipulated by human operators.  They are also called as botmasters for the purpose of doing co-related tasks. The system is organized in a simple hierarchical structure comprised of many computers, also called as drones or zombies, and a command center that controls all of the drones or zombies into action. Botnets can be large (composed of ten to twenty thousand drones) or small (composed of five hundred to a thousand drones).  It really depends on the sophistication and complexity of its use.

Botnets are very good tools in the hacking world because of their ability to gain other computers that could be used for any purpose. If you are familiar with the security vulnerabilities of a network, its workstations and servers, you can wrest control all of its computers in a matter of days, hours or even minutes with the aid of a very sophisticated botnet application.  Once control is obtained, the task can be done remotely or autonomously.


Download Smart Install Maker 5.01

>> Thursday, September 10, 2009

Smart Install Maker is a powerful and convenient means for creation of installers. Possesses the simple, convenient and understandable interface. Despite of simplicity of work with the given program, she allows to create professional installers with the minimal size, a high ratio of compression of files and usability the interface. Smart Install Maker contains all features for creating full-scale installation packages. The program works with windows system registry and ini files. It can create shortcuts, display license agreement and information texts, register ActiveX controls, and execute commands. There are
also many other features. Installer engine takes only 60 Kb in install packages created by Small Install Maker.

The program disposes of excellent data compression formats such as RAR and Cabinet. And all this will allow you to create really compact installers that will cause no problems while being spread through the Internet. Main features of Smart Install Maker: # Modern Wizard-style look and feel # Customizable graphics: embed your own artwork to emphasize your application’s identity # Support Cabinet and RAR compression # All functionality is built in - no external files required # Import registry keys from .reg files and system registry # Create ‘nightly builds’ using command-line /s switch # Check the presence of the .NET Framework and download it if needed # Install dynamic folders (with content known only at setup time)


Download Fast Folder Access 1.8.3

Download Fast Folder Access 1.8.3

*Fast access to folders in Open/Save dialogs.

*Fast access to folders in Windows Explorer.

*Fast access to folders on the desktop and the Start button.

*Easy to add folder to the list of "Fast Folders".

*Right-click on an image file in Windows Explorer to preview image and image file information.

*Add any file as shortcut to Quick Launch or create new folder to manage.

*Runs automatically as part of the Windows Explorer context menu.

Download Fast Folder Access 1.8.3


Microsoft confirms IIS zero-day flaw; Exploit code published

>> Tuesday, September 08, 2009

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
A security advisory from Redmond warned that the vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet.

“While we have seen detailed exploit code published on the Internet for this vulnerability, we are not currently aware of active attacks that use this exploit code,” a Microsoft spokesman said in an e-mail.
From Microsoft’s advisory:

An attacker with write access in the FTP service could use this vulnerability to cause a stack-based overrun and execute arbitrary code in the context of the local system.In configurations of IIS where the anonymous user has write access, the attacker need not be authenticated.
The Microsoft Security Research & Defense blog offers more details:

The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name. To be vulnerable, an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory. If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs.
Configurations at risk
The vulnerable code is in IIS 5.0 (Windows 2000), IIS 5.1 (Windows XP) and IIS 6.0 (Windows Server 2003). IIS 7.0 (Windows Vista, Windows Server 2008) is not vulnerable. IIS 6 is at reduced risk because it was built with /GS which help protect the service from exploits by deliberately terminating itself when the overflow is detected before attacker’s code runs. We have not seen exploit code for this vulnerability that is able to bypass the /GS protection.
Also, remember that only servers that allow untrusted users to log on and create arbitrary directories are vulnerable.
In the absence of a patch, Microsoft recommends that administrators prevent untrusted users from having write access to the FTP service. The advisory contains instructions to:

Turn off the FTP service if you do not need it
Prevent creation of new directories using NTFS ACLs
Prevent anonymous users from writing via IIS settings


Download IP Shifter

>> Sunday, September 06, 2009

IP Shifter 2.2.6 description
If you work dynamically at several locations in the network (due to business), or you need to use your computer in more than one network, you have to switch your IP address parameters (e.g. IP address, Subnet mask, Gateway, DNS) frequently, so IP Shifter is a product for you! It can help you to finish this activity.

Key Feature include:

Save multiple TCP/IP profiles by meaningful names.
View current IP address easily and switch IP address quickly.
Switch TCP/IP profile by one-click without reboot computer.
Support multiple network adapters including fixed and wireless.
Integrate "Ping" command to check connectivity.
Check IP address validity before activating.
Integrate "LAN Scanner" to find out all connected computers.

Download IP Shifter 


1337 speak

1337While there are sophisticated encrypting programs, there are also those that are used by almost anyone provided that the users know what symbols are being used.  Geeks and even non-geeks can hide messages using substitutes for the English alphabet.  This symbolic writing is known in technical communities as leet speak or 1337.

1337 is a cryptic writing language used to shorten the typed messages or as a form of encryption to hide the nature or meaning of the message sent.  The term “leet” refers to those with elite status in message boards in the 1980s.  It actually originated from 31330 “eleet,” which is the UDP port that the hacker group Dead Cow Cult used to hack Windows 95. The language really is not owned by any specific group.  Anyone can use and write “leet” and anyone can have or use its own ciphers to decode it.

The way to use it is by substituting alphanumeric characters or symbols to each character or words from any common communication language such as English.  The language can also be developed to include intentional phonetic spelling, new words or even misspellings. Traditionally, the primary strategy is using homoglyphs – symbols that closely resemble the letter for which they stand or an Argot also referred to as a “secret language” for obscurity. It is ever changing but it really has no borders, rules or barriers on what encoding you could use, only that there should be an agreement or a set of protocols for the group to use.

In the past, gamers used leet speak as a communications tool.  Currently, anyone could be using leet speak.  Chatting teens and young adults who often logon to the Internet are  often using this method.

Generally for starters, you could actually use the example below for a quick and simple “leet” letter substitution.  It is the most common and traditional cipher used for “leet speak.” You can also find some advanced ones in the Internet, or just make up one for your group.
  • A = 4, /-\, @, ^, /\ , //-\\, ci
  • B = 8, ]3, ]8, |3, |8, ]]3, 13
  • C = (, { , [[, <, €
  • D = ), [}, |), |}, |>, [>, ]]), Ð
  • E = 3, ii, €
  • F = |=,(=, ]]=, ph
  • G = 6, 9, (_>, [[6, &
  • H = #, |-|, (-), )-(, }{, }-{, {-}, /-/, \-\, |~|, []-[], ]]-[[
  • I = 1, !, |, ][, []
  • J = _|, u|, ;_[], ;_[[
  • K = |<, |{, ][<, ]]<, []<
  • L = |,1, |_, []_, ][_, £
  • M = /\/\, |\/|, [\/], (\/), /V\, []V[], \\\, (T), ^^, .\\, //., ][\\//][,
  • N = /\/, |\|, (\), /|/, [\], {\}, ][\][, []\[], ~
  • O = 0, (), [], <>, *, [[]]
  • P = |D, |*, |>, []D, ][D
  • Q = commas are necessary: (,) or 0, or O, or O\ or []\
  • R = |2, |?, |-, ]]2 []2 ][2
  • S = 5, $
  • T = 7, +, ']‘, 7`, ~|~, -|-, ‘][', "|", †
  • U = (_), |_|, \_\, /_/, \_/, []_[], ]_[, µ
  • V = \/ , \\//
  • W = \/\/, |/\|, [/\], (/\), VV, ///, \^/, \\/\//, 1/\/, \/1/, 1/1/
  • X = ><, }{, )(, }[
  • Y = ‘/, %, `/, \j , “//, ¥, j, \|/, -/
  • Z = 2, z, 7_,`/_

This can explain how “leet” or “elite” came to be written as “1337” (1=L, 3=E and 7=T).

Some simple vocabularies:

n00b – Short for noobie, misspelling of newbie.

0wn3d you ! – Short for I’ve beaten you, probably the most common leet in gaming.

Where did it come from?

In the early 1980’s a group of chatters/gamers devised a way that will not allow their newsgroups from being indexed by the “Bulletin Board System” Chat operators.  Others are also using this method to prevent their websites from being picked up by a simple keyword search by replacing certain characters with number on their domain names.

The purpose of leet was to prevent others from discovering coordinated battle strategies or banning or discouraging them from discussing forbidden topics such as cracking, hacking and other forms of pornography.
It became popular as a communications lingo when Id software in 1994 began adding Internet connectivity to a game called Doom 1 and 2.

How does it relate to hacking?

It cannot be considered as one of the primary tools for hacking but it can be useful for ciphering your electronic communications, most especially if you are planning a coordinated hack group strike in an area or facility. However, there are traditional ciphering tools in the market that can be used to encrypt and decrypt sent messages to prevent eavesdropping.  The leet speaks serves as a second wave of encryption to keep the message from being decoded.

How is it looked upon in the hacking world today?

Real hackers would look at leet as amateurish in nature.  When those wannabe-hackers caught on the language, they started using it thinking that they would become real hackers just by doing so.  They forgot that hacking requires real knowledge and skills.  Right now, hackers openly mock kids who use 1337 just to appear (,00£.


USB flash drive portable browsers

flashdriveHave you ever been some place other than your home on your computer? If your answer is anything other then yes, you need to stop being a computer hugging hippy and go outside, get a whif of some fresh air, step on some dog crap and accidently run over a cat. It’ll do you some good. Anyways, have you visited someone somewhere and while using his/her/its computer, you realized you didn’t know a password because it was saved on your browser, or you wanted to show your friend that one cool website with the non-Asian ninjas, but it was in your bookmarks, or you wanted to use an extension you had installed on your browser that got rid of homosexual ads? Well you can. It’s called portable browsers, a.k.a a browser on your USB drive.

If you use Mozilla Firefox, which I highly recommend, you can download the portable browser hiya: I’m a link.

If you’re an apple fanboy or just like safari, you can download it’s portable version hiya: I’m a link too.

If you use Internet Explorer, you must have some sort of brain blockage and need to fall off a cliff.

Some great features of these portable browsers are:
  • you can take your bookmarks with you
  • although probably not a good idea, for those of you that happen to always kill the braincells holding your passwords, you can take the saved one’s with you
  • take all your extensions with you
  • keeps your information stored on the flash drive instead of the computer you are using


The Government has Z4CK!

z4ckAfter completing the hacker fiction book titled Z4CK by Kevin Milne, I began to wonder if a program like Z4CK would ever come to existence. I knew it was possible, but it would require a very talented programmer and a team to keep it updated with all types of exploits.

In the book, Duncan creates a script kiddies dream, a one click hack all program. With this program, Duncan could point it at any computer or network and within a short period of time extract all of its sensitive data and take over, then destroy it’s hardware if he wanted to. When word got out about his program, he got his marbles kicked in but managed to escape. The man-hunt began. Blah Blah.. read the book (good read):

Anyways, after finishing the book I found a news article that said the Government was in the process of finishing a program just like it! Here’s a quote from the article:
As the US military strives to boost its ability to wage cyber warfare, it’s looking for ways to make it easier for non-expert soldiers on the front lines to wreak havoc on enemy networks.

Enter a new generation of attack devices that is packaged to be brought into the battlefield and used by non-specialists to penetrate satellites, voice over internet networks, and supervisory control and data acquisition systems. Aviation Week recently got a peek at one device and provided a rich description of its features.

The device is designed to allow US forces to test enemy networks for a wide range of vulnerabilities and then synthesize the results so they can be acted on quickly. It offers touch-screen dashboards and sliders to make enumeration and penetration more intuitive. One display shows a schematic of an enemy network and identifies its nodes. A sliding lever can be moved to increase an attack or dial it down to reduce collateral damage.
Imagine having that kind of power. That’s some crazy shit!
A sliding lever can be moved to increase an attack or dial it down to reduce collateral damage.

I’m assuming they are talking about a DDOS attack in the above quote. With the amount of computers and bandwidth the government has access to, they could take down literally any network their little heart desires.

Cyber warfare is the future. Now instead of sending a bomb to the enemy, we’ll just take out its means of communication, take control of its major resources and blame it on North Korea. All from the comfort of the Governments air conditioned offices.

What do you think about all of this? Let’s hear your opinion below:

Source: The Register


Hacking / Security Podcasts

podcast_logoAs a hacker, you are constantly learning new things and staying up to date in the scene. But sometimes you can’t due to your daily responsibilities like driving places, mowing the lawn, shoveling, cleaning around the house and sitting on the toilet. Well now you still CAN with podcasts. Pump ‘em into your iPod, Zune or phone, plug in your earphones and you have a constant stream of knowledge being pumped into your head while you do your daily chores/responsibilities. Multitasking ftw! Below I have put together a list of the some of the best and a couple decent security/hacking podcasts out there today.
  1. Security Now – This is by far one of my favorite ones. Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of Spinrite and ShieldsUP, discusses the hot topics in security today with Leo Laporte. Published every Thursday.
  2. PaulDotCom – PaulDotCom Security weekly’s mission is to provide free content within the subject matter of IT security news, vulnerabilities, hacking, and research. We strive to use new technologies to reach a wider audience across the globe to teach people how to grow, learn, and be security ninjas.
  3. 2600 Podcasts -  2600 hosts two hacking related radio shows, Off The Wall and Off The Hook, on Tuesdays and Wednesdays.
  4. SploitCast -  the podcast for hackers, geeks, and the security paranoid.  By a group of students and IT professionals that have decided to start a downloadable talk show.
  5. The Command Line Podcast – Technology/hacking related podcast by Thomas Gideon.
  6. Blue Box Podcast – discuss the latest VoIP security news, offer commentary on topical issues and play and respond to listener comments.
  7. Data Security Podcast – a professionally-produced news program on the security issues of the moment. Co-hosted by noted security expert Ira Victor, the program is fast-moving and fun with top notch interview segments.
  8. Crypto-Gram Security Podcast – Audio version of Bruce Schneier’s monthly Crypto-Gram Security Newsletter.
  9. Security Wire Weekly – Information security news and interviews with information security experts and professionals.
  10. OWASP Podcast – Jim interviews OWASP volunteers, industry experts and leaders within the field of web application security.
  11. ISC StormCasts -  Stormcasts are daily 5-10 minute threat updates.
  12. Network Security Podcast – Each week, Martin McKeay talks about computer security issues that are relevent today.
  13. ITradio – IT journalist Patrick Gray set up this site to provide radio-quality news and current affairs audio programming to busy IT professionals.
  14. SearchSecurity Podcasts – has a variety of information security podcasts you can download.
  15. Security Bites – Feeling vulnerable? Keep up with the experts on botnets, phishing, rootkits and other computer malware.
  16. Symnatec Security Response – Providing information to help consumers and organizations confidently secure and manage their information-driven world.
  17. ESET Podcast – Randy effortlessly navigates his listeners through today’s dangers by offering security tips and tricks to avoid becoming a casualty.

Yah, that’s IS a lot. Everyone has different preferences, so go through and choose the ones you like the best and stay up to date.


The Spread of Malware

**This is a guest article by an author who wishes to remain anon. Unlike you, this person got off his ass and earned some $$ writing about what he loves. He has accomplished something with his life, he has written for . What have you done? Click Here to start.**

urlAnyone who owns a computer has probably heard what a virus is.  Most with personal computers may even have their own units infected with one type of virus at one point or another.  If you haven’t, it’s time you learn about it because this can destroy your data.  Viruses are programs created to become a nuisance.  The term encompasses all sorts of malicious software there is in the market.  While some are totally destructive, most are annoying and can cause minor errors in the computer system.

Currently, the human population in this planet is now 6.9 billion.  About one billion of its inhabitants, or 16.7 percent, owns or use a computer. Analysts project that by the end of this year it will double.  With these figures in mind, let’s find out how many computers do viruses infect and what are the most prevalent or common viruses.  As of June 2009, there are about 1.9 million computers which are infected with some type of adware or malware.  This estimate is quite conservative considering the number of unreported cases in many parts of the world.
Number of infected computers
1414   Net-Worm.Win32.Kido.ix

Spreading Malware

Malware is short for malicious software.  Why malicious?  Because it infiltrates a computer system.  What is the goal of malware? The general goal of a malware is to harvest DATA. It can be user login, passwords, credit card information, bank accounts or transactions or databases that are stored on your PC or web.

A few years ago, e-mail spam with promotional or news-related items were the most popular ways of introducing a malware.  However, individuals and companies have strengthen their e-mail security, which made it e-mailing become less popular among hackers.  Also, spam mails are not read anymore.  They automatically go to the trash folder.

Security experts believe that malware developers have changed their ways or strategies in delivering their attacks.  This time, they are spreading them through websites, using search links with bogus websites or click on icons of popular product advertisements like AV (anti-virus software), and also using events like the death of a popular artist or a popular movie that users would likely to download.

Below is the June 2009 stats for websites infected with malwares (source:
Number of infected websites

From the table, it can be seen that thousands of websites have or are being infected by one form of malware or another. This is an indication that their delivery has gone to harboring or posting websites to delivering the malicious software.
How do hackers spread malware from websites?

1. Using search engines and posing as legitimate products. All of us go to search engines to find out about something. Malware users and developer are now using tools that legitimate web administrators use in order to promote and get a good ranking for their websites in search engines like Google, Yahoo, MSN and AOL.

SEO (Search engine Optimization) – A technique used by website administrators to improve the volume of traffic for their websites has also been used by malware propagators in the form of Spamdexinglink farmsand keyword stuffing.

Paid Web Advertising – Criminals also pay to advertise their bogus websites that are packed with malwares.  The advertisement could be a form of product to download or help the poor program.

2. Getting in to social networking websites and other popular websites.

One of the hottest trends in the Internet is the social networking websites like Facebook, Friendster, and Multiply. alone garnered 1,191,373,339 monthly visits this year. Plus, it is believed that most of the users are not security conscious. Very tempting for malware propagators to exploit.  Their methods of attack:

-  Post as a social networking website user and post malwares in the form of products or downloads.

-  Post as a Facebook user who is known by a group and send message to see a Youtube link, which has been engineered to make users think that they need to update their flash application to view it. By the time the user clicks the update button, malware kicks-in and install a botnet, which not only infects the account but the entire server as well.

-  Exploiting vulnerabilities of a CMS (Content Management System) website and others and then inserting malicious iframes. Inserting iframes is like loading one web page inside another. To conceal its presence, it is often a very small piece of code that is not visible from the browser.  What most iframes do is redirect unwary users to malware sites.

Related Posts with Thumbnails

  © Blogger template Webnolia by 2009

Back to TOP