r00t@~SecurityVoid

US prepares first-strike cyber-forces

2012-10-13T06:12:00.000-07:00

Cyber-attacks could inflict as much damage on the US as the physical attacks on 11 September 2001, the US defence secretary has warned.

Leon Panetta said the country was preparing to take pre-emptive action if a serious cyber-attack was imminent.
He said US intelligence showed "foreign actors" were targeting control systems for utilities, industry and transport.
Advanced tools were being created to subvert key computer control systems and wreak havoc, said Mr Panetta.
"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," said Mr Panetta in a speech to business leaders held on the USS Intrepid - a former aircraft carrier that is now a museum.
"They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.
"Such a destructive cyber-terrorist attack could paralyse the nation and create a profound new sense of vulnerability," he said.
Smaller scale cyber-attacks were now commonplace, said Mr Panetta.

Cyber-attacks could inflict as much damage as 9/11. warned the US defense secretary

In recent weeks, many large US firms had suffered attacks that had involved them being bombarded with huge amounts of data, he said. In addition, oil companies in Qatar and Saudi Arabia had been hit by the Shamoon attack, which had tried to replace computer data with gibberish. About 30,000 machines were hit by the Shamoon attack.
The US defence department had developed tools to trace attackers, he added, and a cyber-strike force that could conduct operations via computer networks. And it was now finalising changes to its rules of engagement that would define when it could "confront major threats quickly".
"Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.
"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president.

Hackers threaten fresh wave of anti-capitalist web rioting

2012-05-26T06:28:00.001-07:00

Hackers threaten fresh wave of anti-capitalist web rioting

Sticking it to The Man, man, but for lulz too

A new activist group is drumming up recruits for a cyberwar campaign against corporate giants due to launch on Friday, 25 May.
TheWikiBoat intends to hit a high profile list of more than 40 multinationals - including BT, Best Buy, Tesco, McDonald's, Wal-Mart and Apple - with denial of service attacks as well as attempts to raid corporate systems for intelligence.

The precise motivations behind OpNewSon, which was announced around a month ago, remain unclear but the overall flavour is part anti-capitalist and part general devilment, a characteristic found in many Anonymous-style hacktivist protests.

"While attacking the major companies of this planet may seem lulzy, we also wish that this operation make a difference," the group said in a manifesto for OpNewSon. "We are 'sticking it to the man' so to speak."
Would be participants in the campaign, which aims to take out targeted sites for at least two hours, are been encouraged to use the LOIC denial of service tool, a favourite with hacktivists. By default LOIC does nothing to shield the anonymity of its users, a factor that has allowed police to track down and arrest many suspected hacktivists across the world over recent months.
Previous pre-announced activist operations to take down Facebook or launch assaults against the internet's DNS structure have turned out to be damp squibs. Security firms nonetheless argue that corporations targeted as part of Operation NewSon ought to take the threat seriously.
"It remains to be seen if the hacking group live up to their claims, but any organisation which is a target would be unwise to dismiss the threat," said André Stewart, president international at Corero Network Security.
"With prior knowledge of an impending attack, they have the opportunity to pro-actively put in place additional security measures to ensure that they remain secure."
Stewart explained that TheWikiBoat pre-announced its intended as a tactic designed to rally recruits to its cause.
“It’s not uncommon for hacking groups to announce their targets, particularly when they are ahead of a Distributed Denial of Service (DDoS) attack," he explained. "This enables them to ‘recruit’ like-minded individuals who support the ideology of the hacktivist group to join in on the attack. However, the majority of DDoS attacks are often carried out using an army of automated computers, called botnets, which can be controlled by a single user."
"The hacking group is planning a second stage attack, in which they will attempt to infiltrate the organisation’s network and steal sensitive information. DDoS attacks are often used as a smokescreen to hide further, more dangerous attacks, and due to the long list of potential targets, there is a high probability that they will succeed."
Additional commentary from application security firm Radware can be found here.
#OpNewSon is due to begin begin at 4pm PST.

Top 10 Android Mobile Security Apps

2012-05-26T06:27:00.000-07:00

While 2011 was the year of the hacktivist, it looks like 2012 will be the year of mobile malware with Android users in particular facing the reality that their device may not be as secure as they'd like to think.
F-Secure, McAfee, Trend Micro and pretty much every other security vendor under the sun have reported seeing a massive boom in the number of attacks targeting smartphone devices.
Indeed, McAfee reported that Android malware has rocketed by a staggering 1,200 per cent in the last year as the platform continues to attract the attention of cyber criminals.
There's plenty of vendors out there seeking to capitalise on the boom, with hundreds of anti-virus and security services flooding the market claiming to make your device as secure and safe as possible. However, with so much choice knowing which one to pick can be tough.
But fear not as V3's here to help. We've drawn up a list detailing the ins and outs of the 10 best mobile security apps currently available for Android smartphones to keep your beloved device free from the claws of cyber criminals.
10. Super Security: Free

Super Security is a free cloud-based antivirus app that adds a "strongbox" storage area to the device. The strongbox is a storage area on the phone that lets users password protect three different folders: Pictures, Videos and SMS.
As well as the strongbox, the service also boasts the standard virus scan, app manager, task manager and phone finder features seen on most other security apps.
As a free service, though, the features aren't as good as certain other paid for services. It also has a significantly less polished user interface and can at times feel a little clunky to use. Still, it's not a bad place to start.

9. Webroot Security and Antivirus: Free

Webroot Security and Antivirus is another free app that offers users online identity protection as well as defences against malware, phishing and SMS attacks.
Webroot automatically scans apps when they are added to the device. Like some of the other services on the list, Webroot can also help you to locate a lost or stolen device.
The app is perfectly adequate, with the only problem we detected that it can, at points, slow down performance on lower-end handsets.
This only really occurs when you're using the software on an old or underpowered 800MHz processor but is still an annoyance.

8. AVG Antivirus: Free or £6.50 Pro version
Available as a free download, AVG is a cheap, reliable option for any Android user.
The app automatically scans apps as they're downloaded and also checks to see if files added via other connection methods like Wi-Fi or USB are safe.
As well as checking files and apps being added to the device, the free version also lets you find your phone if lost or stolen via Google Maps. It also features lock and wipe your device services.
There is a Pro version available on the Google Play store, which costs £6.50 and adds a few features like a task killer, though for the money, given how good the free version is, we found little incentive to upgrade.
7. Norton Mobile Security: £29.99
Norton Mobile Security offers Android customers all the standard services and tools you'll require to protect your smartphone's data.
The app boasts the usual anti-virus protection backed up by remote locate, lock and wipe, call and text blocker and anti-phishing web protection features.
As an added bonus, the company's recently inked a deal with UK retailer Carphone Warehouse, meaning you can pick it up for half-price at £14.99 instead of £29.99.

6. Trend Micro Mobile Security Personal Edition: Free or £19 a year
Trend Micro's Mobile Security app is available in free and paid for versions, though the paid for option is the only one that offers a full security service.
The free app is available on Google Play and includes a basic malware scanner that scans your phone or SD-card for malicious software.
The paid for premium version is available for £19 per year. For the money you get a host of new features including parental controls, the ability to remotely locate your device and a fraudulent-website blocker that checks sites using Trend Micro's Smart Protection Network.
One annoyance that can seem a little pointless for business users is the addition of parental control features to the app. While control options may be desirable for parents looking to stop their child downloading dangerous apps, they really aren't relevant to business or adult users.
5. F-Secure Mobile Security: £8.08 per six months
F-Secure's Mobile Security app offers a number of mobile security features including firewall and anti-theft protection and costs £8.08 per half year.
The features on it work incredibly well and the app would rank higher if it didn't lack certain key features like an app scanner.
Given the boom in Android Trojans this year, the lack of an app scanning feature is a serious flaw and means you may have to get a second security app to really protect your handset.
The app also has parental control features, though as was the case with Trend Micro's app, they aren't all that useful for adult smartphone users, but nice to know they're there, just in case.

4. McAfee Mobile Security: £29.99 a year
McAfee Mobile Security application offers a desktop anti-virus and protection service on a smartphone.
The service is free for the first seven days but costs £29.99 per year after that. As well as Android, there are also BlackBerry and Symbian versions.
In terms of features Mobile Security 2.0 offers the complete package, boasting anti-virus protection, app screening, anti-theft remote wiping, unlimited backup and call filtering services.
The only reason the app didn't rank higher in our list is its liberal use of alerts. The app will pop up and intrude on your smartphone web and app browsing experience on a regular basis.
One particularly annoying feature is the fact that app actually starts alerting you on a regular basis that your free trial is about to run out a full day before it happens.
3. Bitdefender Mobile Security: Free or $9.99 a year

Bitdefender Mobile Security comes in free and premium versions, the latter retailing for a fairly reasonable $9.99 per year.
The app is a solid choice for most Android users, featuring an intuitive user interface and retailing at an affordable price.
The only downside is that the app doesn't have any SIM-card removal notification features and its Firewall protection only works on Android's native browser. That means Ice Cream Sandwich handset owners surfing the internet using the infinitely superior Chrome browser won't be protected.

2. Kaspersky Mobile Security: Free or £11.95
Kaspersky Mobile Security Lite is a fantastic Android security app that's available in free and paid for versions.

The paid for version costs £11.95 and offers the same features as a number of more expensive premium services.
The app grants access to Kaspersky's cloud-based Security Network, which automatically checks any app you install to make sure its safe.
One feature we particularly like is the educational element included in the app. Kaspersky Mobile Security doesn't take as draconian approach as other apps, with helpful hints explaining the importance of each feature being available as a shortcut on the app's user interface.
The paid for version of the app also houses all the standard device wipe, call and message filter and phone tracking services expected of any security app.
1. Lookout for Android: Free or $29.99 a year
Lookout is one of a select number of security companies purely dedicated to developing mobile security services and we have to say its Android app offers the most complete protection service currently on market.
Its Android app comes in free and paid for versions, with the paid for version costing a fairly hefty $29.99 per year.
The reason we'd really recommend the app is its intuitive user interface (UI). While the device features the same anti-virus protection, remote wipe controls, data backup, firewall defences and an app auditor services seen on other apps, Lookout is much more streamlined.
This could be because of Lookout's specific mobile focus, with the UI being far easier to navigate and understand than a number of its competitors. This streamlined feel is enhanced by the apps nonintrusive nature, with its protection features remaining nicely out of sight.

US Mayor And Son Charged With Hacking Into Opposition Site

2012-05-26T06:23:00.000-07:00

US mayor and son charged with hacking into opposition site

We'd rather be fending off global cyberwar, sniff Feds

Dr Felix Roque, 55, the mayor of West New York, New Jersey, and Joseph Roque, 22, of Passaic County, allegedly hacked into recallroque.com and illegally accessed e-mails in February. Joseph Roque is accused of gaining control of the administrative email account associated with the dot-com before interacting with its web host, Go Daddy, to shut the site down, The New York Times reports.

The father and son team also "sought to identify, intimidate and harass" those who operated the website and other critics of Roque's administration, the Department of Justice alleged:

By the late afternoon of February 8, 2012, Joseph Roque had successfully hacked into various online accounts used in connection with the recall website. Joseph Roque then used that access to disable the website. Mayor Roque harassed and attempted to intimidate several individuals whom he had learned were associated with the recall website.

The pair face conspiracy and computer hacking charges over the alleged political dirty tricks. Both charges carry possible fines on conviction of up to $250,000 and the risk of a substantial spell behind bars. The alleged abuse of public trust involved in the case means the charges are being treated especially seriously.
FBI Special Agent in Charge Michael B. Ward commented: "In this instance, an elected official conspired to hack into a website and email account.
"It's incredibly disappointing that resources have to be diverted from protecting the US against cyber intrusions targeting critical infrastructure, federally funded research and military technology, to address a public official intruding into computer systems to further a political agenda."
US Attorney Paul Fishman added: "The elected leader of West New York and his son allegedly hacked into computers to intimidate constituents who were simply using the internet to exercise their Constitutional rights to criticise the government."
Mayor Roque only gained office last year after leading a successful recall against the previous mayor, Sal Vega, and beating him in the subsequent election. West New York has a population of 50,000 and is located around seven miles from Manhattan. It's unclear whether or not Roque, who describes himself as an "independent conservative democrat", intends to resign as a result of the charges, The Jersey Journal reports

Comcast phishing site contains valid TRUSTe seal

2012-05-25T01:01:00.002-07:00

Summary: Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.

Security researchers from Sophos are reporting on an intercepted Comcast-themed phishing email, which contains a valid TRUSTe seal.
More on the phishing email:

Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.

Cybercriminals often take advantage of visual social engineering elements, by embedding logos of reputable and trusted brands in order to improve of authenticity of their bogus content.
Users are advised to keep in mind the fact that these security and privacy seals often have limited applicability in real-life situations, in particular in the process of ensuring a web site’s CIA (Confidentiality, Integrity and Availability).

35,000 Passwords Reset After BigPond GameArena Hacked

2012-05-25T00:51:00.000-07:00

BigPond GameArena hacked, 35,000 passwords reset

Quick disclosure from Telstra

Telstra has taken the unusual – in Australia – step of proactively announcing that a service has been compromised.
The carrier has announced that it’s reset the passwords of 35,000 users of its GameArena and Games Shop services, stating that “the sites, operated by a third party company, were victims of a hacking attack.”

The carrier states that “no financial or credit card details were kept on the sites”.

“Information that might have been obtained was limited to BigPond Games usernames, the email address used to join the site and the encrypted GameArena and Games Shop passwords of up to 35,000 customers,” the statement said.
Users’ BigPond Broadband passwords were not affected. Telstra will be contacting affected customers with their new passwords.
Last year, a third-party customer-service provider used by BigPond was taken offline after an exposure that resulted in around 60,000 password resets, while in January, customer data was posted to a cloud-based spreadsheet. In both cases, the data breach was the result of process failures rather than external attacks.
Perhaps because of the criticism it suffered in those two incidents, the carrier has taken the commendable decision both to disclose and to act quickly

Yahoo! leaks! private! key! in! Axis! Chrome! debut!

2012-05-25T00:48:00.000-07:00

Extension launch scuppered by certificate blunder

Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.
Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook's tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.

Cubrilovic peeked into the extension’s source code and found the private certificate, which Yahoo! uses to sign the application to prove it is genuine and unaltered. The result, he says, is that a miscreant could forge a malicious extension that would be verified by Google's web browser as coming from Yahoo!

There are all sorts of attacks that could be executed with a spoofed extension; the most obvious of these, as Cubrilovic notes, would be to create and sign a traffic logger to capture a victim’s web activity. He wrote:

The certificate file is used by Yahoo! to sign the extension package, which is used by Chrome and the webstore to authenticate that the package comes from Yahoo! With access to the private certificate file a malicious attacker is able to create a forged extension that Chrome will authenticate as being from Yahoo! The clearest implication is that with the private certificate file and a fake extension you can create a spoofed package that captures all web traffic, including passwords, session cookies, etc. The easiest way to get this installed onto a victim's machine would be to DNS spoof the update URL. The next time the extension attempts to update it will silently install and run the spoofed extension.

He’s also produced a proof-of-concept of a spoofing attack and written up instructions on how to remove the extension.
Yahoo! has since apologised and posted a replacement web search extension that doesn’t include the private half of the security certificate. The new plugin, billed as a search browser, is also available for Firefox, Internet Explorer, Safari, and iPhones and iPads.

New SpyEye plugin takes control of crimeware victims!

2012-05-25T00:45:00.000-07:00

Summary: Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll which takes control of the victim’s webcam and microphone.

Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll.
What does it do? Basically, it modifies an infected host’s Flash permissions, allowing cybercriminals the opportunity to control and webcam and the microphone of the infected victims.
More details:

If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin (which runs in a browser context) detects that request and replaces it with an address from the second column – an address controlled by the intruders. As a result, the browser will load a malicious document from the intruder’s server (statistiktop.com) instead of a flash document from the bank site.

It turned out that both flash documents merely create a window with a picture from the webcam. One of them sends a video stream to the intruder’s server.

It appears that someone is experimenting, with long-term ambitions on their mind. Face recognition for online banking as a concept has been around for years, however, financial institutions globally have failed to implement the solution on a large scale. Personally, I believe that facial recognition as a value-added protection mechanism is a futile attempt to prevent a successful crimeware attack on the infected host.
Taking into consideration the fact that on the majority of occasions users don’t know that they’re infected with crimeware, a visual representation of the fact that a particular end user is indeed in front of the computer wouldn’t change this. And now cybercriminals have developed an efficient way to undermine the facial recognition process with ease.
This latest development once again proves that cybercriminals are steps ahead of the security industry, and will continue to innovate in an attempt to increase their fraudulently obtained revenues.

Hacking ebooks collection!

2012-05-22T04:57:00.003-07:00

(Ebook - Computer) Hacking The Windows Registry.pdf 0 MB
(eBook - PDF) Hugo Cornwall - The Hacker's Handbook .pdf 0 MB
(eBook pdf) Hacking into computer systems - a beginners guide.pdf 1 MB
(ebook_-_pdf)_Hacking_IIS_Servers.pdf 0 MB
0321108957.Addison-Wesley Professional.Honeypots- Tracking Hackers.pdf 2 MB
0764578014.Wiley.The Database Hacker's Handbook- Defending Database Servers.chm 1 MB
076459611X.John Wiley &_ Sons.Hacking GMail (ExtremeTech).pdf 0 MB
076459611X.John Wiley &amp_ Sons.Hacking GMail (ExtremeTech).pdf 5 MB
1246523-Hacking.Guide.V3.1.pdf 1 MB
1931769508.A-List Publishing.Hacker Linux Uncovered.chm 4 MB
2212948-Hacker'S.Delight.chm 2 MB
285063-Hacker.Bibel.[278.kB_www.netz.ru].pdf 0 MB
3077366-HackerHighSchool.pdf 3 MB
731986-Hacker's Desk Reference.pdf 1 MB
A Beginners Guide To Hacking Computer Systems.pdf 1 MB
Addison Wesley - Hackers Delight 2002.pdf 6 MB
Addison Wesley, The Outlook Answer Book Useful Tips Tricks And Hacks (2005) Bbl Lotb.chm 14 MB
Anti-Hacker ToolKit - McGraw Hill 2E 2004.chm 29 MB
Attacking the DNS Protocol.pdf 0 MB
Auerbach.Practical.Hacking.Techniques.and.Countermeasures.Nov.2006.pdf 144 MB
Auerbach.Pub.The.Hackers.Handbook.The.Strategy.Behind.Breaking.into.and.Defending.Networks.Nov.20.pdf 18 MB
Certified Ethical Hacker (CEH) v3.0 Official Course.pdf 26 MB
Computer - Hackers Secrets - e-book.pdf 0 MB
Crc Press - The Hacker'S Handbook.pdf 18 MB
Credit.Card.Visa.Hack.Ucam.Cl.Tr.560.[223.kB_www.netz.ru].pdf 0 MB
DangerousGoogle-SearchingForSecrets.pdf 2 MB
Dummies - Hack How To Create Keygens (1).pdf 0 MB
For.Dummies.Hacking.Wireless.Networks.For.Dummies.Sep.2005.eBook-DDU.pdf 11 MB
For.Dummies.Hacking.for.Dummies.Apr.2004.eBook-DDU.pdf 9 MB
Hack IT Security Through Penetration Testing.pdf 12 MB
Hack Proofing - Your Network - Internet Tradecraft.pdf 3 MB
Hack Proofing Linux A Guide to Open Source Security - Stangler, Lane - Syngress - ISBN 1-928994-34-2.pdf 12 MB
Hack Proofing Sun Solaris 8.pdf 7 MB
Hack Proofing Your E-Commerce Site.pdf 7 MB
Hack Proofing Your Identity In The Information Age.pdf 9 MB
Hack Proofing Your Network Second Edition.pdf 9 MB
Hack Proofing Your Network_First Edition.pdf 3 MB
Hack Proofing Your Web Applications.pdf 9 MB
Hack_Attacks_Revealed_A_Complete_Reference_With_Custom_Security_Hacking_Toolkit.chm 6 MB
Hack_IT_Security_Through_Penetration_Testing.chm 5 MB
Hacker Disassembling Uncovered.chm 5 MB
Hacker Linux Uncovered.chm 4 MB
Hacker Web Exploitation Uncovered.chm 1 MB
Hacker'S.Delight.chm 2 MB
Hacker_s_Guide.pdf 4 MB
Hackers Beware.pdf 5 MB
Hackers Secrets Revealed.pdf 0 MB
Hackers Secrets.pdf 0 MB
Hackers, Heroes Of The Computer Revolution.pdf 0 MB
Hackers_Secrets.pdf 0 MB
Hacking - Firewalls And Networks How To Hack Into Remote Computers.pdf 3 MB
Hacking - The Art of Exploitation.chm 1 MB
Hacking Cisco Routers.pdf 0 MB
Hacking Exposed - Network Security Secrets & Solutions, 2nd Edition.pdf 10 MB
Hacking Exposed Network Security Secrets & Solutions, Third Edition ch1.pdf 2 MB
Hacking For Dummies 1.pdf 0 MB
Hacking For Dummies 2.pdf 0 MB
Hacking For Dummies.pdf 0 MB
Hacking GMail.pdf 5 MB
Hacking IIS Servers.pdf 0 MB
Hacking Windows XP.pdf 10 MB
Hacking into computer systems - a beginners guide.pdf 1 MB
Hacking the Code - ASP.NET Web Application Security Cookbook (2004) .chm 5 MB
Hacking-Hacker's Guide.pdf 4 MB
Hacking-Hackers Secrets Revealed.pdf 0 MB
Hacking-Hugo Cornwall-The Hacker's Handbook .pdf 0 MB
Hacking-The Hacker Crackdown.pdf 1 MB
Hacking-ebook - CIA-Book-of-Dirty-Tricks1.pdf 0 MB
Hacking.For.Dummies.Access.To.Other.People's.System.Made.Simple.pdf 1 MB
Hacking.Guide.V3.1.pdf 1 MB
Hackproofing Oracle Application Server.pdf 0 MB
Halting.The.Hacker.A.Practical.Guide.To.Computer.Security.chm 1 MB
How to Crack CD Protections.pdf 0 MB
John Wiley & Sons - Hacking For Dummies.pdf 9 MB
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook-DDU.pdf 10 MB
John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eBook.pdf 10 MB
John.Wiley.and.Sons.The.Art.of.Intrusion.The.Real.Stories.Behind.the.Exploits.of.Hackers.Intruders.and.Deceivers.Feb.2005.ISBN0764569597.pdf 3 MB
Jon.Erickson.Hacking.The.Art.Of.Exploitation.No.Starch.Press.2003.chm 1 MB
Linux-Server.Hacks-OReilly.pdf 34 MB
McGraw Hill - Web Applications (Hacking Exposed).pdf 8 MB
McGraw-Hill - Hacking Exposed, 3rd Ed - Hacking Exposed Win2.pdf 6 MB
McGraw.Hacking.Exposed.Cisco.Networks.chm 10 MB
McGraw.Hill.HackNotes.Linux.and.Unix.Security.Portable.Reference.eBook-DDU.pdf 3 MB
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eB.pdf 4 MB
McGraw.Hill.HackNotes.Network.Security.Portable.Reference.eBook-DDU.pdf 4 MB
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-.pdf 3 MB
McGraw.Hill.HackNotes.Web.Security.Portable.Reference.eBook-DDU.pdf 3 MB
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eB.pdf 5 MB
McGraw.Hill.HackNotes.Windows.Security.Portable.Reference.eBook-DDU.pdf 5 MB
Mind Hacks - Tips & Tricks for Using Your Brain.chm 3 MB
No.Starch.Press.Hacking.The.Art.Of.Exploitation.chm 1 MB
O'Reilly - Online Investing Hacks.chm 5 MB
O'Reilly.-.Network.Security.Hacks.chm 2 MB
O'Reilly.Windows.Server.Hack.chm 2 MB
O'Reilly.Windows.Server.Hack.rar 2 MB
OReilly Google Hacks, 1st Edition2003.pdf 3 MB
OReilly - Flickr Hacks Tips and Tools for Sharing Photos Online (Feb 2006).chm 5 MB
OReilly - Google Hacks.pdf 3 MB
OReilly,.Digital.Video.Hacks.(2005).DDU.LotB.chm 3 MB
OReilly,.IRC.Hacks.(2004).DDU.chm 3 MB
OReilly.Google.Hacks.2nd.Edition.Dec.2004.ISBN0596008570.chm 5 MB
OReilly.Google.Maps.Hacks.Jan.2006.chm 9 MB
OReilly.Linux.Server.Hacks.Volume.Two.Dec.2005.chm 2 MB
OReilly.Network.Security.Hacks.chm 2 MB
OReilly.PC.Hacks.Oct.2004.eBook-DDU.chm 6 MB
OReilly.PayPal.Hacks.Sep.2004.eBook-DDU.chm 2 MB
OReilly.Perl.Hacks.Tips.and.Tools.for.Programming.Debugging.and.Surviving.May.2006.chm 1 MB
OReilly.SQL.Hacks.Nov.2006.chm 2 MB
OReilly.Skype.Hacks.Tips.and.Tools.for.Cheap.Fun.Innovative.Phone.Service.Dec.2005.chm 4 MB
OReilly.Statistics.Hacks.May.2006.chm 1 MB
OReilly.Ubuntu.Hacks.Tips.and.Tools.for.Exploring.Using.and.Tuning.Linux.Jun.2006.chm 4 MB
OReilly.VoIP.Hacks.Tips.and.Tools.for.Internet.Telephony.Dec.2005.chm 3 MB
OReilly.Word.Hacks.Oct.2004.eBook-DDU.chm 3 MB
OSB.Ethical.Hacking.and.Countermeasures.EC.Council.Exam.312.50.Student.Courseware.eBook-LiB.chm 14 MB
O_Reilly_-_Windows_XP_Hacks.chm 5 MB
Oreilly Access Hacks Apr 2005.chm 18 MB
Oreilly, Paypal Hacks (2004) Ddu.chm 2 MB
Oreilly.Amazon.Hacks.eBook.LiB.chm 3 MB
Oreilly.Linux.Desktop.Hacks.Mar.2005.eBook-LiB.chm 0 MB
PC Games - How to Crack CD Protection.pdf 0 MB
Que - UNIX Hints Hacks.chm 1 MB
Que.Certified.Ethical.Hacker.Exam.Prep.Apr.2006.chm 8 MB
SQL Hacks.chm 2 MB
SQLInjectionWhitePaper.pdf 1 MB
Security and Hacking - Anti-Hacker Tool Kit Second Edition.chm 29 MB
SoTayHacker1.0.chm 76 MB
Syngress - Hack Proofing Linux (2001).pdf 12 MB
Syngress - Hack Proofing Your Identity in the Information Age - 2002.pdf 9 MB
Syngress - Hacking a Terror Network. The Silent Threat of Covert Channels.pdf 9 MB
Syngress -- Hack Proofing Your Wireless Network.pdf 7 MB
Syngress Hack Proofing Your Identity in the Information Age.pdf 9 MB
Syngress.Buffer.Overflow.Attacks.Dec.2004.eBook-DDU.pdf 5 MB
Syngress.Hack.the.Stack.Oct.2006.pdf 7 MB
Syngress.Hacking.a.Terror.Network.Nov.2004.ISBN1928994989.pdf 8 MB
The Little Black Book Of Computer Virus.pdf 1 MB
The_20Little_20Black_20Book_20of_20Computer_20Viruses.pdf 1 MB
Websters.New.World.Websters.New.World.Hacker.Dictionary.Sep.2006.pdf 5 MB
Wiley.Hacking.Firefox.More.Than.150.Hacks.Mods.and.Customizations.Jul.2005.eBook-DDU.pdf 14 MB
Wiley.Hacking.GPS.Mar.2005.ISBN0764598805.pdf 10 MB
Wiley.Hacking.Google.Maps.and.Google.Earth.Jul.2006.pdf 11 MB
Wiley.Lifehacker.Dec.2006.pdf 7 MB
Wiley.The.Database.Hackers.Handbook.Defending.Database.Servers.chm 1 MB
Win XP Hacks oreilly 2003.chm 5 MB
WinXP SP1 Hack.pdf 0 MB
Windows Server Hacks.chm 2 MB
Xbox-hack - AIM-2002-008.pdf 1 MB
Yahoo.Hacks.Oct.2005.chm 7 MB
[0735710090]Hackers Beware Defending Your Network From The Wiley Hacker.pdf 5 MB
addison wesley - web hacking - attacks and defense.chm 6 MB
amazon-hacks.chm 3 MB
bsd-hacks.pdf 2 MB
ceh-official-certified-ethical-hacker-review-guide-exam-312-50.9780782144376.27422.pdf 5 MB
cracking-sql-passwords.pdf 0 MB
database hacker handbook.chm 1 MB
eBooks.OReilly.-.Wireless.Hacks.100.Industrial.-.Strength.Tips.and.Tools.chm 4 MB
ebay-hacks-100-industrial-strength-tips-and-tools.pdf 4 MB
ebook.oreilly.-.windows.xp.hacks.sharereactor.chm 5 MB
ethical hacking, student guide.pdf 7 MB
excel-hacks.chm 3 MB
google-hacks.pdf 3 MB
hacker ethic.pdf 13 MB
hacker-disassembling-uncovered.9781931769228.20035.chm 5 MB
hacking the windows registry .pdf 0 MB
hacks.sfv 0 MB
linux-server-hacks.pdf 33 MB
little_black_book_oc_computer_viruses.pdf 1 MB
mac-os-hacks.chm 9 MB
network-security-hacks.chm 2 MB
online-investing-hacks.chm 5 MB
oreilly,.visual.studio.hacks.(2005).ddu.lotb.chm 6 MB
oreilly.firefox.hacks.ebook-lib.chm 3 MB
oreilly.windows.xp.hacks.2nd.edition.feb.2005.lib.chm 13 MB
prentice hall - pipkin - halting the hacker- a practical guide to computer security, 2nd edition.chm 1 MB
spidering-hacks.chm 1 MB
the-database-hackers-handbook-defending-database-servers.9780764578014.25524.chm 1 MB
tivo-hacks.100-industrial-strength-tips-and-tools.pdf 9 MB
u23_Wiley - Hacking GPS - 2005 - (By Laxxuss).pdf

Torrent Link - Click!

Backdoor sniffed in ZTE's US Android smartphones

2012-05-22T04:03:00.000-07:00

Chinese handset manufacturer ZTE has confirmed the presence of a backdoor in one of its Android smartphones.
ZTE's Score M ships with an application featuring a hardcoded password that gives the user, or software running on the device, administrator-level access. Running the program with the password spawns a root shell prompt on the Linux-powered mobes, allowing the phone to be completely taken over.

News of the ZTE Score M smartphone backdoor first surfaced last week in posts on the code-sharing website pastebin.com. The password needed to access the backdoor, located in the /system/bin/sync_agent file, is readily available online.

The world's fourth largest mobe-maker acknowledged a problem, but said it was restricted to the Score M, which runs Android 2.3.4 and is distributed through MetroPCS in the US. ZTE is working on an "over the air" patch to close the security hole, and the handset manufacturer insists that the issue does not affect Skate smartphones - contrary to internet rumours.
Mobile security firm Lookout advises users of the model to be particularly careful about apps they download and websites they visit until they get the security patch from ZTE. The poorly protected setuid executable on the smartphones allows an application to grant itself superuser privileges and run as the root user, Lookout explains.
"This type of access allows an attacker full control over a target device – which includes the ability to install or uninstall applications without notice and access to any sensitive personal information on a device," Lookout warns.
"While this issue does not expose a remotely accessible vulnerability on affected phones, it is an issue that could be exploited by targeted, malicious applications installed to the phone. In addition, affected users should download and install patches provided by ZTE and/or Metro PCS as soon as they are rolled out to their device," it adds.
The sync_agent tool might have been put there to manage preloaded applications, such as MetroPCS Visual Voicemail or MetroStudio, according to Lookout.
Dmitri Alperovitch, co-founder of security startup CrowdStrike, said ZTE was using the backdoor to update the smartphone's software, suggesting that the feature was placed there deliberately. However he said that it was unclear to him if the application was planted with malicious intent or left available as the result of some careless oversight, Reuters reports.
"There are rumours about backdoors in Chinese equipment floating around," Alperovitch said. "That's why it's so shocking to see it blatantly on a device."
The circumstances of the problem, especially the fact that the problem was restricted to smartphones supplied to the US, is bound to provide plenty of fodder for conspiracy theorists. China is repeatedly accused of using technology to spy on the West's high-tech biz, defence contractors, human right activists and energy firms. Allegations of backdoors in devices supplied by Chinese network equipment manufacturers have been a hot topic among Western politicians.

Anonymous Hacks Bureau Of Justice, Leaks 1.7GB Of Data

2012-05-22T04:00:00.000-07:00

Summary: Anonymous has apparently hacked the United States Bureau of Justice Statistics and posted 1.7GB of data belonging to the agency on The Pirate Bay. This is a Monday Mail Mayhem release.

The hacktivist group Anonymous claims to have leaked 1.7GB of data belonging to the United States Bureau of Justice Statistics (BJS). The file, which has been uploaded as a torrent and posted on The Pirate Bay, reportedly contains internal e-mails as well as the website’s “entire database dump.”
It remains to be seen if there’s anything incriminating in this leak. After all, the BJS is simply a federal government agency belonging to the U.S. Department of Justice (DOJ) that collects, analyzes, and publishes data relating to crime in the U.S. (including hacker attacks).
As you can see in the video above, the group also claims the BJS took down its website in response to the attack. By then it was supposedly too late. Here’s the video’s transcript of the English part:

Greetings world,
We are Anonymous.
Today we are releasing 1.7GB of data that used to belong to the United States Bureau of Justice, until now.
Within the booty you may find lots of shiny things such as internal emails, and the entire database dump.
We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened.
We do not stand for any government or parties; we stand for freedom of people, freedom of speech and freedom of information.
We are releasing data to spread information, to allow the people to be heard and to know the corruption in their government. We are releasing it to end the corruption that exists, and truly make those who are being oppressed free.
The price we pay very often is our own freedom. The price governments pay is the exposure of their corruption and the truth being revealed, for the truth will set us free in the end.
So once more we call on you. Hackers, activists, and freedom fighters; join us in our struggle against these corporate

Curiously, an unmasked gentleman is shown at the end of the video. He says the following:

What’s next? What’s next is… all they can do is shut down the Internet itself. And we see, how that went for them, in Egypt. And we the people know, that when the government shuts down the Internet, that’s when it’s time to shut down the government.

He then puts on the Guy Fawkes mask and repeats the well-known Anonymous slogan:

We are Anonymous
We do not forgive
We do not forget
Expect us

To keep things more interesting, he throws in a little something extra: “And now, expect a whole lot more.”
I have contacted the United States Bureau of Justice Statistics and will update you if I hear back.

Call Of Duty Hacker Jailed After Meatspace Burglary

2012-05-21T01:19:00.000-07:00

A Brit who distributed a Trojan horse that posed as a patch for popular shoot-em-up game Call of Duty has been jailed for 18 months.
Lewys Martin, 20, of Deal in Kent, used the malware to harvest bank login credentials, credit card details and internet passwords from the compromised Windows PCs of his victims. Martin then apparently laundered the credentials via underground cybercrime forums, earning $5 or less for every credential, directing proceeds of his criminal activity towards an offshore account in Costa Rica, funds which remain beyond the reach of UK police.

Martin's activities might have gone undiscovered if not for his arrest during what police described as a drunken attempt to break into a local college and steal computer equipment. Police who raided his home discovered printouts of stolen credit card numbers and papers relating to a fraudulent bank loan, obtained under a false name.

The student was convicted last November but sentence was deferred to allow him to complete a university computer course. However, bail was revoked after Martin was caught with several other individuals trying to break into Walmer Science College in Deal.
He caused hundreds of pounds of damages in criminal damages during the bungled burglary, according to local reports.
Martin was prosecuted and subsequently convicted for three burglary and fraud charges, leading up to a sentence hearing this week when he was jailed for 18 months.
A court clerk at Canterbury Crown Court confirmed the terms of the sentencing this week, which following earlier guilty pleas on the specimen charges. Further fraud charges were taken into consideration in sentencing Martin to a substantial spell behind bars.
Gamers are a popular target for malware distributors. Much of this malign activity is directed at gamers in the Far East but Western shoot-em-up and role-playing fans are also at risk and ought to be wary of malware posing as gaming cracks and other common tricks, as explained in a blog post by Sophos here

Website Source Code Grabber

2012-05-19T03:54:00.006-07:00

it will create source.txt in the same directory

import urllib
import httplib
import socket

print "\n\nFast Webpage Saver"
print "input URL and run it. It will Save Webpage Within Seconds"

print "\n\n\t|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||"
print "\t|||||                                                       |||||"
print "\t|||||                                                       |||||"
print "\t|||||        Coded By Ajith KP                              |||||"
print "\t|||||                                                       |||||"
print "\t|||||                                                       |||||"
print "\t|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||"

try:
    url = raw_input("URL:")
    url =url.replace("http://","")
    txt = open('source.txt','w')
    cobra = urllib.urlopen('http://'+url)
    for source in cobra.readlines():
        print source.rstrip()
        txt.write(source.rstrip())
    txt.close()
    cobra.close()
    raw_input('Complete: Open source.txt')
except (httplib.HTTPResponse, socket.error):
    print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
except (KeyboardInterrupt, SystemExit):
    print "\t[x] Session cancelled"

Website Response Checker

2012-05-19T03:52:00.000-07:00

import httplib
print "Coded by Ajith KP"
print "This code can capture the response from website"
print "Eg. Website for Check: www.facebook.com"
print "Eg. Page for check: index.php"
site=raw_input("\t\nWebsite for Check:")
pages=raw_input("\t\nPage for Check:")
pages = "/" + pages
conn = httplib.HTTPConnection(site)
conn.request("GET", pages)
capture = conn.getresponse()
print capture.status, capture.reason

I dont want my readers to become lazy since its a small program write the code on your own :P

Area Calculator in .py

2012-05-19T03:47:00.000-07:00

print "Select shape:"
print "1 rectangle"
print "2 Circle"
print "3 Triangle"
shape=input("> ")
if shape==1:
    l=input("Length:")
    b=input("breadth:")
    area=l*b
    print "The area of rectangle is", area
if shape==2:
    r=input("radius:")
    area=3.14*r*r
    print "The area of circle is", area
if shape==3:
    b=input("b:")
    h=input("h:")
    area=0.5*b*h
    print "The area of Triangle is", area

Paste Link - Click

Admin Page Finder in .py

2012-05-19T03:45:00.000-07:00

#Created for coded32 and his teamopenfire Eliminated Some bugs from my last code shared here as Guest.
#Greets To T.O.F and Indishell
#Thanks friends for find bugs and give suggetions

#cd direcory/to/code
#direcory/to/code>python code.py

#improved Error Handling
#Find out usefull stuffs from www.teamopenfire.com
#"wE aRe gREat inDIans"

import httplib
import socket
import sys

try:
    print "\t################################################################"
    print "\t#                                        www.teamopenfire.com #"
    print "\t#       ###############      ########       ############       #"
    print "\t#       #             #     ##      ##      #          #       #"
    print "\t#       ######   ######     ##      ##      #   ########       #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #####          #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #   #          ##      ##      #   #              #"
    print "\t#            #####    [#]    ########   [#] ##### AdminFinder #"
    print "\t#                                                              #"
    print "\t#                                            coded by Ajith KP #"
    print "\t#                          Greets to Coded32 and T.O.F members #"
    print "\t################################################################"
    var1=0
    var2=0

    php = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php',
'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php',
'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php',
'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php',
'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php',
'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php',
'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php']

    asp = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
'administrator/account.asp','administrator.asp','acceso.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html']

    cfm = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm','admin/account.cfm',
'admin_area/admin.cfm','admin_area/login.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm','admin/home.cfm','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.cfm','admin.cfm','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.cfm','cp.cfm','administrator/index.cfm','administrator/login.cfm','nsw/admin/login.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm',
'administrator/account.cfm','administrator.cfm','admin_area/admin.html','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm',
'moderator/admin.cfm','account.cfm','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cfm','admincontrol.cfm',
'admin/adminLogin.html','acceso.cfm','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cfm','adminarea/index.html','adminarea/admin.html',
'webadmin.cfm','webadmin/index.cfm','webadmin/admin.cfm','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cfm','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cfm','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.cfm','wp-login.cfm','adminLogin.cfm','admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm',
'adminarea/admin.cfm','adminarea/login.cfm','panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm',
'modelsearch/admin.cfm','admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','usuarios/login.cfm',
'adm/index.cfm','adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm']

    js = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.js','admin/index.js','admin/login.js','admin/admin.js','admin/account.js',
'admin_area/admin.js','admin_area/login.js','siteadmin/login.js','siteadmin/index.js','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.js','bb-admin/index.js','bb-admin/login.js','bb-admin/admin.js','admin/home.js','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.js','admin.js','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.js','cp.js','administrator/index.js','administrator/login.js','nsw/admin/login.js','webadmin/login.js','admin/admin_login.js','admin_login.js',
'administrator/account.js','administrator.js','admin_area/admin.html','pages/admin/admin-login.js','admin/admin-login.js','admin-login.js',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.js','modelsearch/login.js','moderator.js','moderator/login.js',
'moderator/admin.js','account.js','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.js','admincontrol.js',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.js','adminarea/index.html','adminarea/admin.html',
'webadmin.js','webadmin/index.js','acceso.js','webadmin/admin.js','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.js','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.js','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.js','wp-login.js','adminLogin.js','admin/adminLogin.js','home.js','admin.js','adminarea/index.js',
'adminarea/admin.js','adminarea/login.js','panel-administracion/index.js','panel-administracion/admin.js','modelsearch/index.js',
'modelsearch/admin.js','admincontrol/login.js','adm/admloginuser.js','admloginuser.js','admin2.js','admin2/login.js','admin2/index.js','usuarios/login.js',
'adm/index.js','adm.js','affiliate.js','adm_auth.js','memberadmin.js','administratorlogin.js']

    cgi = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.cgi','admin/index.cgi','admin/login.cgi','admin/admin.cgi','admin/account.cgi',
'admin_area/admin.cgi','admin_area/login.cgi','siteadmin/login.cgi','siteadmin/index.cgi','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.cgi','bb-admin/index.cgi','bb-admin/login.cgi','bb-admin/admin.cgi','admin/home.cgi','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.cgi','admin.cgi','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.cgi','cp.cgi','administrator/index.cgi','administrator/login.cgi','nsw/admin/login.cgi','webadmin/login.cgi','admin/admin_login.cgi','admin_login.cgi',
'administrator/account.cgi','administrator.cgi','admin_area/admin.html','pages/admin/admin-login.cgi','admin/admin-login.cgi','admin-login.cgi',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cgi','modelsearch/login.cgi','moderator.cgi','moderator/login.cgi',
'moderator/admin.cgi','account.cgi','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cgi','admincontrol.cgi',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cgi','adminarea/index.html','adminarea/admin.html',
'webadmin.cgi','webadmin/index.cgi','acceso.cgi','webadmin/admin.cgi','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cgi','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cgi','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.cgi','wp-login.cgi','adminLogin.cgi','admin/adminLogin.cgi','home.cgi','admin.cgi','adminarea/index.cgi',
'adminarea/admin.cgi','adminarea/login.cgi','panel-administracion/index.cgi','panel-administracion/admin.cgi','modelsearch/index.cgi',
'modelsearch/admin.cgi','admincontrol/login.cgi','adm/admloginuser.cgi','admloginuser.cgi','admin2.cgi','admin2/login.cgi','admin2/index.cgi','usuarios/login.cgi',
'adm/index.cgi','adm.cgi','affiliate.cgi','adm_auth.cgi','memberadmin.cgi','administratorlogin.cgi']

    brf = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.brf','admin/index.brf','admin/login.brf','admin/admin.brf','admin/account.brf',
'admin_area/admin.brf','admin_area/login.brf','siteadmin/login.brf','siteadmin/index.brf','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.brf','bb-admin/index.brf','bb-admin/login.brf','bb-admin/admin.brf','admin/home.brf','admin_area/login.html','admin_area/index.html',
'admin/controlpanel.brf','admin.brf','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html',
'admin/cp.brf','cp.brf','administrator/index.brf','administrator/login.brf','nsw/admin/login.brf','webadmin/login.brfbrf','admin/admin_login.brf','admin_login.brf',
'administrator/account.brf','administrator.brf','acceso.brf','admin_area/admin.html','pages/admin/admin-login.brf','admin/admin-login.brf','admin-login.brf',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.brf','modelsearch/login.brf','moderator.brf','moderator/login.brf',
'moderator/admin.brf','account.brf','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.brf','admincontrol.brf',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.brf','adminarea/index.html','adminarea/admin.html',
'webadmin.brf','webadmin/index.brf','webadmin/admin.brf','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.brf','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.brf','account.html','controlpanel.html','admincontrol.html',
'panel-administracion/login.brf','wp-login.brf','adminLogin.brf','admin/adminLogin.brf','home.brf','admin.brf','adminarea/index.brf',
'adminarea/admin.brf','adminarea/login.brf','panel-administracion/index.brf','panel-administracion/admin.brf','modelsearch/index.brf',
'modelsearch/admin.brf','admincontrol/login.brf','adm/admloginuser.brf','admloginuser.brf','admin2.brf','admin2/login.brf','admin2/index.brf','usuarios/login.brf',
'adm/index.brf','adm.brf','affiliate.brf','adm_auth.brf','memberadmin.brf','administratorlogin.brf']

    try:
        site = raw_input("Web Site for Scan?: ")
        site = site.replace("http://","")
        print ("\tChecking website " + site + "...")
        conn = httplib.HTTPConnection(site)
        conn.connect()
        print "\t[$] Yes... Server is Online."
    except (httplib.HTTPResponse, socket.error) as Exit:
        raw_input("\t [!] Oops Error occured, Server offline or invalid URL")
        exit()
    print "Enter site source code:"
    print "1 PHP"
    print "2 ASP"
    print "3 CFM"
    print "4 JS"
    print "5 CGI"
    print "6 BRF"
    print "\nPress 1 and 'Enter key' for Select PHP\n"
    code=input("> ")

    if code==1:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in php:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("[/] The Game Over; Press Enter to Exit")

    if code==2:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in asp:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==3:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in cfm:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==4:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in js:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==5:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in cgi:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")

    if code==6:
        print("\t [+] Scanning " + site + "...\n\n")
        for admin in brf:
            admin = admin.replace("\n","")
            admin = "/" + admin
            host = site + admin
            print ("\t [#] Checking " + host + "...")
            connection = httplib.HTTPConnection(site)
            connection.request("GET",admin)
            response = connection.getresponse()
            var2 = var2 + 1
            if response.status == 200:
                var1 = var1 + 1
                print "%s %s" % ( "\n\n>>>" + host, "Admin page found!")
                raw_input("Press enter to continue scanning.\n")
            elif response.status == 404:
                var2 = var2
            elif response.status == 302:
                print "%s %s" % ("\n>>>" + host, "Possible admin page (302 - Redirect)")
            else:
                print "%s %s %s" % (host, " Interesting response:", response.status)
            connection.close()
        print("\n\nCompleted \n")
        print var1, " Admin pages found"
        print var2, " total pages scanned"
        raw_input("The Game Over; Press Enter to Exit")
except (httplib.HTTPResponse, socket.error):
    print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
except (KeyboardInterrupt, SystemExit):
    print "\n\t[!] Session cancelled"

Paste link - Click

Fast Wepage Saver In Python

2012-05-19T03:41:00.000-07:00

#it will create source.txt in the same directory

import urllib
import httplib
import socket

print "\n\nFast Webpage Saver"
print "input URL and run it. It will Save Webpage Within Seconds"

print "\n\n\t|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||"
print "\t|||||                                          |||||"
print "\t|||||                                          |||||"
print "\t|||||Coded By Ajith KP         |||||"
print "\t|||||                                          |||||"
print "\t|||||    |||||"
print "\t|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||"

try:
    url = raw_input("URL:")
    txt = open('savedpage.html','w')
    cobra = urllib.urlopen('http://'+url)
    for source in cobra.readlines():
        print source.rstrip()
        txt.write(source.rstrip())
    txt.close()
    cobra.close()
    raw_input('Complete: Open savedpage.html')
except (httplib.HTTPResponse, socket.error):
    print "\n\t[!] Session Cancelled; Error occured. Check internet settings"
except (KeyboardInterrupt, SystemExit):
    print "\t[x] Session cancelled"

Paste link - Click Here

FBI 'looking at' law making Web sites wiretap-ready, director says

2012-05-19T01:40:00.000-07:00

Director Robert Mueller says FBI needs to be able to "capture communications" of people under surveillance, but declines to elaborate on renewed lobbying effort reported by CNET two weeks ago.

FBI Director Robert Mueller confirmed that the bureau has renewed its push for a new Internet wiretapping law, which CNET reported two weeks ago.
In an appearance this week on Capitol Hill, Mueller downplayed privacy concerns, saying the FBI's wiretap proposals -- social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail are the primary targets -- would still require a court to be involved.
We want to "be able to obtain those communications," Mueller said on Wednesday. "What we're looking at is some form of legislation that will assure that when we get the appropriate court order that those individuals -- individual companies are served with that order do have the capability and the capacity to respond to that order."

'Going Dark' timeline

June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."
June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark" briefing for Senate appropriations subcommittee and offers a "classified version of this briefing" at Quantico.
September 2008: FBI completes a "high-level explanation" of CALEA amendment package.
May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence committee and Mikulsi staffers on how bureau is "dealing with the 'Going Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door hearing the following week.
November 2008: FBI Assistant Director Marcus Thomas, who oversees the Quantico-based Operational Technology Division, prepares briefing for President-Elect Obama's transition team.
December 2008: FBI intelligence analyst in Communications Analysis Unit begins analysis of VoIP surveillance.
February 2009: FBI memo to all field offices asks for anecdotal information about cases where "investigations have been negatively impacted" by lack of data retention or Internet interception.
March 2009: Mueller's advisory board meets for a full-day briefing on Going Dark.
April 2009: FBI distributes presentation for White House meeting on Going Dark.
April 2009: FBI warns that the Going Dark project is "yellow," meaning limited progress, because of "new administration personnel not being in place for briefings."
April 2009: FBI general counsel's office reports that the bureau's Data Interception Technology Unit has "compiled a list of FISA dockets... that the FBI has been unable to fully implement." That's a reference to telecom companies that are already covered by the FCC's expansion of CALEA.
May 2009: FBI e-mail boasts that the bureau's plan has "gotten attention" from industry, but "we need to strengthen the business case on this."
July 2010: FBI e-mail says the "Going Dark Working Group (GDWG) continues to ask for examples from Cvber investigations where investigators have had problems" because of new technologies.
September 2010: FBI staff operations specialist in its Counterterrorism Division sends e-mail on difficulties in "obtaining information from Internet Service Providers and social-networking sites."

The FBI believes that the historic shift in communication from telephones to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, which it refers to as the "Going Dark" problem. Its solution: a proposed law that would require Internet companies including Apple, Microsoft, Facebook, Yahoo, and Google, to build in back doors for government surveillance.
Mueller's remarks came in response to prodding from two senators, Chuck Grassley (R-Iowa) and Patrick Leahy (D-Vt.), who wanted him to elaborate on the new lobbying push reported by CNET.
"We have been waiting patiently for the administration to put forth a proposal with necessary fixes to ensure the 'Going Dark' problem is addressed," Grassley said. "I want the director to give us the status on this proposal (and) when the administration plans to send something up to the Hill."
"Should I be expecting a specific legislative proposal from the FBI or the administration in the near future?" Leahy asked. He said he has not yet seen the draft bill, saying the "administration is not sending it up here."
Mueller didn't answer their question directly about timing, instead saying that the goal of the legislation is "to capture communications of a particular individual" under surveillance. An FBI spokesman said, in response to questions this afternoon, that "we cannot comment on pending legislation."
The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results.
Mueller is not asking companies to support the bureau's CALEA expansion, but instead is asking them not to oppose it. The bureau is also "asking what can go in it to minimize impacts," one participant in the closed-door discussions says. That included a scheduled trip this month to the West Coast -- which was subsequently postponed -- to meet with Internet companies' CEOs and top lawyers.
In February 2011, CNET was the first to report that then-FBI general counsel Valerie Caproni was planning to warn Congress of the "Going Dark" problem. Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past.
A further expansion of CALEA is unlikely to be applauded by tech companies, their customers, or privacy groups. Apple (which distributes iChat and FaceTime) is currently lobbying on the topic, according to disclosure documents filed with Congress last month. Microsoft (which owns Skype and Hotmail) says its lobbyists are following the topic because it's "an area of ongoing interest to us."
Representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC nearly a decade ago to force broadband providers to provide more-efficient, standardized surveillance facilities, which CNET reported at the time. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.
But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed" -- meaning peer-to-peer programs like Apple's FaceTime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that use the Internet, not the public telephone network.

Seeing Ads On Wikipedia? Then You're Infected

2012-05-19T00:53:00.000-07:00

Click fraudsters are milking you for cash

Surfers who see ads when they visit Wikipedia are likely infected with malware, the online encyclopedia warns.
Wikipedia relies on donations to fund its work, resisting the temptation to put ads on its pages. So internet users who see commercial ads when they visit the encyclopedia are been served content via cybercrime affiliates, a blog post by Wikipedia explains.

We never run ads on Wikipedia. Wikipedia is funded by more than a million donors, who give an average donation of less than 30 dollars. We run fundraising appeals, usually at the end of the year. If you're seeing advertisements for a for-profit industry (see screenshot for an example) or anything but our fundraiser, then your web browser has likely been infected with malware.

Wikipedia doesn't warn over any specific malware but rather about the symptoms of click fraud, one of they more common ways that virus writers turn an illicit profit. The approach was used as the business model behind the infamous Flashback Trojan, which notoriously created a huge botnet on Mac machines until Apple belatedly patched the Java vulnerability that the malware had exploited. Cupertino released a clean-up tool earlier this week.
An updated analysis by Symantec, published on Wednesday, reveals that over a three-week period in April, the botnet displayed over 10 million ads on compromised computers. "Approximately 400,000 of those ads were clicked on, which would have netted the attackers $14,000 if they were able to collect it," an anonymous Symantec researcher explains. "Many PPC providers employ anti-fraud measures and affiliate-verification processes before paying. Fortunately, the attackers in this instance appear to have been unable to complete the necessary steps to be paid.
"It is estimated the actual ad-clicking component of Flashback was only installed on about 10,000 of the more than 600,000 infected machines. In other words, utilising less than 2 per cent of the entire botnet the attackers were able to generate $14,000 in three weeks, meaning that if the attackers were able to use the entire botnet, they could potentially have earned millions of dollars a year," Symantec adds.

IDM Autocracker script

2012-05-18T22:09:00.000-07:00

-> Code by Subir aKa Whiskey

-> This a automated python script from which you can crack IDM and make it to full version

->Click Here To Download

Android hackers hone skills in Russia

2012-05-18T07:55:00.000-07:00

Sophos says they're starting in Russia, but will expand with success

CSO - The malware business growing around Google Android -- now the leading smartphone operating system -- is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.

Sophos and Symantec on Wednesday released their latest Android malware discoveries written in Russian. While the language narrows the number of potential victims, the social-engineering tactics used to get Android users to install the malware is universal. The gang tracked by Sophos is using fake antivirus scanners, while Symantec is tracking cybercriminals using mobile websites to offer bogus versions of popular games.
[See also: Companies slow to react to mobile security threat]
Sophos says the criminals are like other entrepreneurs launching startups. They're starting in Russia, but have far greater ambitions.
"I don't think we can say that they're necessarily using it as a testing ground -- think of it more as a local business that as it grows may gain multinational ambitions," Graham Cluley, senior technology consultant at Sophos, said in an email interview on Wednesday.
While criminals today are writing consumer-focused apps, it's only a matter of time before the hackers go after corporate data, particularly if the number of people accessing employers' networks with personal devices continue to grow, experts say. Android is the leading smartphone OS.
In the first quarter, 56% of the smartphones sold ran Android, compared with 23% with Apple iOS, according to the latest figures from Gartner.
The cyber scam tracked by Sophos was reported this week by GFI Lab, which discovered links to the bogus antivirus software on Twitter. Sophos dug deeper and found that the .ru domains pointed to the same Internet protocol address hosted in Ukraine.
When visited, the Web pages serve an Android .apk file that offers an AV scan. If activated, the scan installs an app that uses an icon to trick the victim in to believing it is from Russian security vendor Kaspersky Lab.
Instead of virus protection, the app sends expensive text messages to premium services that charge the Android user through their wireless providers. The malicious code also has the ability to download and install code from the internet.
Symantec's discovery involves the latest version of the Android.Opfake malware the vendor has been following for a while. In the past, the malware masqueraded as an installer for the Opera Web browser or a pornographic movie, and charged the user when either was downloaded.
The latest version is disguised as popular games made available through dummy sites that link back to a central back-end site that acts as a file generator or repository. Bogus versions of Fruit Ninja, SIMS 3, TempleRun and Angry Birds are used to disguise the malware.
Cluley expects these criminal enterprises to expand, once the founders are confident they can scam people in other countries. "What makes money in Russia today, could be used in attacks against American users tomorrow," he said.

Scan a Windows PC for Viruses from a Ubuntu Live CD

2012-05-18T03:20:00.000-07:00

Getting a virus is bad. Getting a virus that causes your computer to crash when you reboot is even worse. We’ll show you how to clean viruses from your computer even if you can’t boot into Windows by using a virus scanner in a Ubuntu Live CD.
There are a number of virus scanners available for Ubuntu, but we’ve found that avast! is the best choice, with great detection rates and usability.
Unfortunately, avast! does not have a proper 64-bit version, and forcing the install does not work properly. If you want to use avast! to scan for viruses, then ensure that you have a 32-bit Ubuntu Live CD.
If you currently have a 64-bit Ubuntu Live CD on a bootable flash drive, it does not take long to wipe your flash drive and go through our guide again and select normal (32-bit) Ubuntu 9.10 instead of the x64 edition. For the purposes of fixing your Windows installation, the 64-bit Live CD will not provide any benefits.
Once Ubuntu 9.10 boots up, open up Firefox by clicking on its icon in the top panel.

Navigate to http://www.avast.com/linux-home-edition.

Click on the Download tab, and then click on the link to download the DEB package.

Save it to the default location.

While avast! is downloading, click on the link to the registration form on the download page. Fill in the registration form if you do not already have a trial license for avast!.

By the time you’ve filled out the registration form, avast! will hopefully be finished downloading.
Open a terminal window by clicking on Applications in the top-left corner of the screen, then expanding the Accessories menu and clicking on Terminal.

In the terminal window, type in the following commands, pressing enter after each line.

cd Downloads
sudo dpkg –i avast*

This will install avast! on the live Ubuntu environment.
To ensure that you can use the latest virus database, while still in the terminal window, type in the following command:

sudo sysctl –w kernel.shmmax=128000000

Now we’re ready to open avast!. Click on Applications on the top-left corner of the screen, expand the Accessories folder, and click on the new avast! Antivirus item.

You will first be greeted with a window that asks for your license key. Hopefully you’ve received it in your email by now; open the email that avast! sends you, copy the license key, and paste it in the Registration window.

avast! Antivirus will open. You’ll notice that the virus database is outdated.

Click on the Update database button and avast! will start downloading the latest virus database.

To scan your Windows hard drive, you will need to “mount” it. While the virus database is downloading, click on Places on the top-left of your screen, and click on your Windows hard drive, if you can tell which one it is by its size.

If you can’t tell which is the correct hard drive, then click on Computer and check out each hard drive until you find the right one. When you find it, make a note of the drive’s label, which appears in the menu bar of the file browser.

Also note that your hard drive will now appear on your desktop.

By now, your virus database should be updated. At the time this article was written, the most recent version was 100404-0.

In the main avast! window, click on the radio button next to Selected folders and then click on the “+” button to the right of the list box. It will open up a dialog box to browse to a location.

To find your Windows hard drive, click on the “>” next to the computer icon. In the expanded list, find the folder labelled “media” and click on the “>” next to it to expand it. In this list, you should be able to find the label that corresponds to your Windows hard drive.

If you want to scan a certain folder, then you can go further into this hierarchy and select that folder. However, we will scan the entire hard drive, so we’ll just press OK.

Click on Start scan and avast! will start scanning your hard drive.

If a virus is found, you’ll be prompted to select an action. If you know that the file is a virus, then you can Delete it, but there is the possibility of false positives, so you can also choose Move to chest to quarantine it.

When avast! is done scanning, it will summarize what it found on your hard drive. You can take different actions on those files at this time by right-clicking on them and selecting the appropriate action. When you’re done, click Close.

Your Windows PC is now free of viruses, in the eyes of avast!. Reboot your computer and with any luck it will now boot up!

Credits - how to geek

iPhone 4S Jailbreak: Why Not to Jailbreak

2012-05-17T09:31:00.000-07:00

So, you may have heard. The untethered jailbreak for the iPhone 4S (and the iPad 2), called Absinthe, has finally arrived courtesy of a “dream team” of hackers/developers. And if you own an iPhone 4S, you might be thinking about taking the plunge. We don’t blame you, but there are definitely some reasons why you might want to think about holding off from doing so.
Read: Ultimate iPhone 4S Jailbreak Guide
If you’re not familiar with the term jailbreak, we’ll break it down for you real quick. We know for a lot of you, the iPhone 4S represents your first iPhone, so there is no reason to be ashamed.
Jailbreaking means exactly what you’re probably thinking it means.

It unlocks parts of your phone that Apple has locked down with its software which in turn allows you to customize your phone and install applications that you can’t find through the official iOS App Store.
For a lot of you, this will be a dream come true. Others may end up wishing that they didn’t jailbreak.
We’re here to help make that decision as easy as possible and so we wanted to point out a couple of pitfalls that come with jailbreaking your iPhone 4S.
Keep in mind (trolls, I am looking at you), not all of these will happen in every use case. But just because something didn’t happen to you, doesn’t mean it won’t happen to someone else.
So, with that, let’s take a look at some reasons why you may not want to jailbreak your iPhone 4S.

Your iPhone 4S May Lose Stability

While the developers of Absinthe have gone to great lengths to provide as seamless of an experience as possible, jailbreaking is still a hack and there are unexpected things that could happen because of that. It’s possible, after jailbreaking your iPhone and installing applications via Cydia – the unofficial App Store, your iPhone 4S may become buggy and slow.
It may even crash.
Now, for power users and those willing to troubleshoot, this probably won’t be too much of an issue. However, for the average person, it can and probably will become a headache.
For many of you, having a stable iPhone 4S will be more of a priority then having a customized one.

Updating Is a Pain

While the stability issue might not be one that affects everyone that jailbreaks, the pain in the rear end known as updating your jailbroken phone does. If you’re the kind of person that wants the latest and greatest software right off the bat, jailbreaking might not be fore you.
When Apple releases an update, you will have to wait for the devs to either release a patch or a new jailbreak for your iPhone. When it comes to smaller iOS updates, it’s usually a fast process.

However, when it comes to larger updates like iOS 5.1, it takes awhile. So, if you’re the impatient type, keep this in mind.
And once you get the update, your headache might remain as you’ll need to re-install the jailbreak and all of the apps that you downloaded from Cydia. There are definitely tools out there that can help you restore, but it’s still going to take some time.
In other words, it’s not the seamless process you might expect from an official update.

Factory Resets Aren’t Fun

Loss of Genius Bar Support
If you run into a problem with your iPhone 4S, you might decide to take it to the Genius Bar in an Apple retail location. Well, if you’ve jailbroken your phone, chances are, the Genius will refuse to help you.
Suggestion: Don’t mention that your phone is jailbroken.
You can also un-jailbreak your phone but if you find yourself bringing it in on a semi-regular basis, you’re going to start getting annoyed with doing that over and over again.
A factory reset will work as well but that will wipe everything from your phone.
Fun.
Loss of Warranty
Back in 2012, jailbreaking your iPhone became a legal thing to do. Seriously, this was illegal at one point. But just because it’s not legal doesn’t change the fact that it will void your iPhone 4S warranty with Apple.
So if your phone starts acting up, even it has nothing to do with the jailbreak, you more than likely won’t get the support that you need to get the issue fixed.
That means that you’ll have to factory reset.
Again, lots of fun.
So yes, it’s possible to avoid both of these, but for many of you it won’t be worth the hassle.
–
Now that you know some of the risks involved with jailbreaking, you can make an informed decision. And if interested in going through with it and freeing your iPhone 4S from Apple’s chains, you’ll want to read our How to Jailbreak the iPhone 4S to find out exactly how to do it.

18 Reasons to Jailbreak the iPhone 4S

2012-05-17T09:29:00.002-07:00

The iPhone 4S has been available for a month, and we are still waiting for a proper jailbreak. You might want to know why so many of us are excited for an iPhone 4S jailbreak, so I have rounded up 18 reasons to jailbreak the iPhone 4S.
I’ve already shared 5 reasons I am excited, and you’ll notice a little overlap. This is a companion to our 5 reasons not to jailbreak the iPhone 4S. You’ll be quick to notice that there are more reasons for most users to jailbreak their iPhone than there are reasons not to.
Update: How to Jailbreak the iPhone 4S
The iPhone 4S jailbreak ~~is still a ways off~~, but the iPhone jailbreaking community has successfully jailbroken the iPhone 4S. That’s the good news. The bad news is that you will need to wait until it is ready for the public release, which could be as early as December, but may not come along until 2012.
When the iPhone 4S jailbreak is available to the public, it won’t cost you anything, and there are a number of reasons I think you’ll want to join me in jailbreaking your new iPhone.

18 Reasons to Jailbreak the iPhone 4S

Cydia Apps

Cydia is an alternate app store that makes it easy to find and install apps that Apple wouldn’t approve. Many of the reasons to jailbreak will require a trip to this new app store, only available on jailbroken iPhones. This is the place to go for all the cool apps and features you want on your iPhone, but that Apple won’t deliver until iOS 6.

BrowserChanger

If you want to use an alternate iPhone browsers like Opera or Dolphin, you don’t need to jailbreak, but then all of your apps will use the open in safari behavior and skip right past your favorite browser. Not anymore. Install BrowserChanger and you can choose which browser you want to open when you grab a link from Facebook or Twitter.

Real Google Voice

Google Voice Extension - iPhone 4S Jailbreak

As I mentioned, this is one of my biggest reasons for wanting an iPhone 4S Jailbreak. The PhoneGV Extension and SMS GV Extension will allow your phone to handle all the nasty tapping and routing, that you must use the Google Voice app for, in the background. Once you install these apps, all the hard work is done behind the scenes, just use Messages and your Dialer like you normally would.

3G Facetime

Once you jailbreak your iPhone, you can trick your phone into thinking you are connected to WiFi so that you can make FaceTime calls over WiFi. I don’t make many FaceTime calls, but I am more likely to want to do a video call when I am far from my home WiFi network.

SB Settings

SB Settings gives you fast access to your WiFi, Bluetooth and brightness settings. Of all the things Apple makes simple, it sucks at giving you fast access to these essential controls. SB Settings puts them right in your notification pull down so that you can quickly change brightness, turn on Bluetooth and more.

Customized Looks

If you wan to change the whole look of your iPhone, to something like OS X Lion or your favorite color combination, you can do this when you Jailbreak your iPhone 4S. There are a number fo WinterBoard themes available to change how your iPhone looks. From minor tweaks to massive changes, you get to customize your iPhone 4S.

MyWi – 3G Hotspot

If you want to use your iPhone 4S as a hotspot without signing up for a plan from your carrier, you can use MyWi. This could end up getting you in trouble with certain carriers, and if you use a lot of data you may be better off paying for a hotspot from your carrier. A cool tool, but definitely one to use at your own risk.

Mario on Your iPhone

Another awesome addition when you jailbreak is the ability to load up your favorite emulators like nes4iPhone, snes4iPhone and others. These tools will let you play Roms from your favorite old-time game systems. ROMS are a grey area, so if you don’t own the actual game, you are probably breaking the law. Another fun hack, but one to do at your own risk. You can see the this in action, using the Wiimote as a controller.

Five Icon Dock

If you want to add another favorite program to your dock, Five Icon Dock will do that for you by packing in icons tighter. A small tweak, but we all have one more program we want on the home screen at all times. right?

Five Icon Switcher

If you’re going to put 5 icons in your home dock, you’ll want the same five icon look in the multitasking switcher, which is exactly what this app does for you.

Overboard

Even after you add an extra icon to your dock, you’ll want to have Overboard installed. You can pull up a a listing of all of your iPhone screens for easy jumping and navigation. This one is $2 in the Cydia app store and essential if you have page after page of apps. You can see how Overboard works in the video shown above.

BiteSMS

Forget about going into the Message app to reply to texts and iMessages, Bite SMS allows you to reply directly from the notification. This is fully compatible with iOS 5 and works with iMessaging. Check out the BiteSMS features in the demo above.

IntelliscreenX

If you want to do even more in the Notification Center, IntelliscreenX looks like the best solution. You can access more than just notifications with this jailbreak only app. Check out the video above for all the details.

Add More Gestures

Activator will add more gestures to your iPhone 4S. You can swipe left ont he status bar to launch a specific app or double tap to start a new text message in Bite SMS. You’ll be amazed by how much time you save using this app. Ignore the horrible music, and look at Activator in action in the video shown above.

Arrange Icons As You Want

Instead of filling up from the upper left to the lower right, Gridlock allows you to place your iPhone apps wherever you want them, leaving open places if you want to keep space around your favorite app for easy tapping. Check out Gridlock in action in the video above.

Never Enter Your App Store Password Again

With PasswordPilot, you don’t need to enter your password every time you download an app or download updates. This isn’t good if you are sharing your iPhone, but if you keep a passcode on your iPhone and are sick of typing in your password with every purchase and download it is awesome.

Add Pictures To Your Contacts

With Copic, you can add pictures to your iPhone contacts, phone call log and SMS message screens. A nice touch for browsing through your messages quickly. You can see a demo of Copic in the video above.

No More Lockscreen

If you want to skip the slide to unlock feature, you can turn on this app and it will automatically unlock your phone to the home screen when you press the power button. Unfortunately, you still see the unlock screen for a second, but it beats sliding to unlock for some users.
–
When you can Jailbreak the iPhone 4S, you will be able to search for these apps and hacks in Cydia. If you have a jailbroken iPhone 4, you can get to using them right now.

iPhone 4S Jailbreak Finally Released

2012-05-17T09:28:00.000-07:00

Rejoice iPhone 4S and iPad 2 owners. Today you can finally jailbreak the iPhone 4S and iPad 2 thanks to the A5 Jailbreak Dream Team.
The new Absinthe Jailbreak tool allows you to perform a untethered jailbreak on the iPhone 4S and iPad 2. This covers all models of Apple’s latest phone and tablet, and works on the newest iOS 5.0.1 software release.
READ: How to Jailbreak the iPhone 4S and iPad 2.
By joining forces, pod2G, The Chronic Dev Team and the iPhone Dev Team were able to get around a number of Apple walls and locks to free your iPhone 4S and iPad 2.
The new tool is called Absinthe, and is only available for the Mac, but Windows and Linux versions are coming.

Jailbreak the iPhone 4S with Absinthe.

You can download the Absinthe iPhone 4S and iPad 2 jailbreak tool from greenpois0n.com, but be warned that you may have trouble getting to the page due to high demand. Keep trying and you will eventually get in.
I am in the process of jailbreaking my iPhone 4S as I share this news, and will soon walk you through the iPhone 4S jailbreak process. This will take place on a Mac, but should be very similar on Windows.
Before you jailbreak, be sure to read these 5 concerns, and know that we aren’t responsible if you break your iPhone or iPad.
If you are OK with these cautions, go ahead and jailbreak your device. I look forward to hearing about your favorite jailbreak apps and jailbreak tweaks.
If you wish to thank the dream team of iPhone hackers, you can donate to a joint fund that will be split between the members.