Thanks for your overwhelming appreciation for my blog(analystpal.com), starting 2009 my blog has received over hundred thousand hits and has been nominated for all categories for 2009 Social Security Awards. I am sincerely grateful to all my readers, subscribers, frequent visitors and to all the emails and comments by fellow bloggers of Security Bloggers Network, who inspired my curiosity and hunger for sharing more and more knowledge with the world.

One aspect of the insane world of Information security was that of curious programmers and code breakers divided by guilt and pleasure of ethical and unethical, backed by organizations that were, are and will be above the philosophy of ethics.

Continuing the insanity, we now have entered into a new era. Just few minutes of research on internet will land you to pages that disclose the future of world with Mind control technologies like Psychotronic weapons using light, sound and laser that are capable of making a human being behave like robot, all that is need is just their DNA information. News all over internet, about such technologies been embedded in various satellites by several countries proves that world war 3 can be fought and won without even a trace on planet earth

Another perception that suggest a evolution era is that of Remote viewing (RV) by means of paranormal and extra-sensory perception, that has became so famous that internet is flooded with training centers and institutes offering training on astral traveling, astral sex and remote viewing by activating Pineal gland (discovered in 1990’s also known as third eye as per ancient Indian myths). Recently, millions of dollars have been funded on research of such powers used by ancient Indian seers and astrologers, now proposed for using them in concept of spying and surveillance.

On my career path, I have also evolved !

Lately, I have completed my studies in Business strategies from England (UK) and will be transforming my future career from information security analyst to business strategist and business analyst.

Analystpal.com from now on will no longer be posting information related to IT security topics but rather will be evolving to business analysis and potential businesses in various sectors.

Best Regards,
Analyst Pal
Business strategies and Analyst

You may also like this

• No Related Post

It may sound like a revenge of a bored housewife, but recently there has been huge increase in reports by hundred of thousands of victims of harassment all over the world, various weird complaints about “gang stalking” has started popping up on discussion boards and search engines, it certainly seems that military standard psychological harassment has entered into day to day life of innocent tax payers.

Some of the following website on Internet can be helpful incase you feel like a victim of one such weird harassment labeled as gang stalking, proxy stalking and cause stalking

http://www.gangstalkingworld.com

http://gangstalking.wordpress.com

http://gangstalkingjournal.com

You may also like this

• No Related Post

Recently US Defense Advanced Research Projects Agency (DARPA) announced a budget funding of $4 million for a program called “Silent Talk” that would allow soldiers to communicate via brain waves. The agency’s researchers have recently undertaken a project called “Silent Talk” to “allow user-to-user communication on the battlefield without the use of vocalized speech through analysis of neural signals.” In simple English it means telepathy.

With the help of EEG to read brain waves, DARPA is planning to attempt to analyze “pre-speech” thoughts, and then transmit them to another person. The research involves neuroscience and communications related technology to create a synthetic means of communicating (or intercepting messages) telepathically.

As described in document titled “Department of Defense Fiscal Year (FY) 2010 Budget Estimates”

Silent Talk will allow user-to-user communication on the battlefield without the use of vocalized speech through analysis of neural signals. The brain generates word-specific signals prior to sending electrical impulses to the vocal cords. These signals of “intended speech” will be analyzed and translated into distinct words, allowing covert person-to-person communication. This program has three major goals: a) to attempt to identify electroencephalography patterns unique to individual words, b) ensure that those patterns are generalizable across users in order to prevent extensive device training, and c) construct a fieldable pre-prototype that would decode the signal and transmit over a limited range.

You may also like this

• Glimpses of tomorrow.. A security obsessed world..?

As posted by aircrack-ng.org some of the highlights of Slitaz includes:

• Aircrack-ng 1.0 rc3 r1513 including sqlite airolib-ng support

• madwifi-hal r3901 patched for injection (The new official HAL (0.10.5.6) supports AR5007EG (and AR5006EG) on 32 and 64 bit systems.)

• madwifi-ng r3850 patched for injection

• rt73 (ASPj rt73-k2wrlz-3.0.2) patched for injection

• r8187 (rtl8187_linux_26.1010 for RTL8187L) patched for injection

• mdk3 wireless tool

• Wireshark • NMAP

• Midnight Commander

• General tools / compilers to do software development

The distribution is based on the 2.0 version of Slitaz plus updated packages to May 4/2009. For various downloading option visit Slitaz home http://www.slitaz.org/en/

Aircrack (Aircrack-ng) is a popular tool for auditing and cracking WPA WPA2 network which use pre-shared keys, though There is no difference between cracking WPA or WPA2 networks.

A primary approach for auditing wireless network is to capture the wpa wpa2 authentication handshake and then use aircrack-ng to crack the pre-shared key, using brute force attack or dictionary attack. As I mentioned in my previous post about using GPU can crack WPA 100 times faster then CPU using ElcomSoft’s Distributed Password Recovery tool, Though no GPU bruteforce utility on Linux or any *nix platform has yet been released for WPA crack.

You may also like this

• WPA crack with Backtrack 3
• GPU crack WPA 100 times faster then CPU
• WPA2: The secure way…
• DirBuster application to brute force hidden directories and files

Business of Information security was born with concepts of Computer viruses and network scanner and eventually evolved into human brain reading.Information security has evolved, information and systems are no longer the priority of businesses.

Business interests have now transformed into concepts like neuromarketing , that can predict your shopping patterns based on integrating neuroscience and marketing are already a part of our daily life. Recent psychological researches have achieve success in injecting ideas into a subconscious mind. As reported by various sources brain scanners for profiling humans behaviors are already on verge of implementation.

These are some of the glimpses of tomorrow. Getting inside your skull and reading your mind, are some of technologies that can be used by corporates and governments in near future. But then will it really end there, if technologies like brain reading exists openly, could there be any secret researches going on for reading and writing ideas in our brain. It seems privacy in future will not be intruded, it will be surrendered by default and hence my this month issue on my online security magazine will be focusing on technologies that can invade human subconsciousness.

With a hope that human consciousness may become little more aware about changes happening around their world.

Best Regards,
Prithpal chhabbada
Editor-in-chief
Accessdeny

You may also like this

• US Defense Funds $4 million on telepathy project code “Silent Talk”
• Google Chrome: Beautiful and Vulnerable

The Act also requires every public authority to computerise their records for wide dissemination and to proactively publish certain categories of information so that the citizens need minimum recourse to request for information formally.

Information, under RTI Act, means any material in any form including records, documents, memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks, contracts, reports, papers, samples, models, data material held in any electronic form and information relating to any private body which can be accessed by a public authority under any other law for the time being in force but does not include “file notings”.

More information and resources related to RTI act of INDIA can be found here:

www.rti.gov.in : Official online RTI portal with option to appeal and file RTI online

www.rtiindia.org : The Online Portal for Right to Information in India

www.rtigroup.org: The RTI Group is a voluntary organization of committed citizens of India

www.rtigroupaligarh.blogspot.com : The RTI Group blog

right2information.wordpress.com : Blog and Various Information related to RTI

As per the available information, RTI does not apply to following Indian Government Agency

Central Intelligence and Security agencies specified in the Second Schedule like IB, R&AW, Directorate of Revenue Intelligence, Central Economic Intelligence Bureau, Directorate of Enforcement, Narcotics Control Bureau, Aviation Research Centre, Special Frontier Force, BSF, CRPF, ITBP, CISF, NSG, Assam Rifles, Special Service Bureau, Special Branch (CID), Andaman and Nicobar, The Crime Branch-CID-CB, Dadra and Nagar Haveli and Special Branch, Lakshadweep Police. Agencies specified by the State Governments through a Notification will also be excluded.

The exclusion, however, is not absolute and these organizations have an obligation to provide information pertaining to allegations of corruption and human rights violations.

You may also like this

• No Related Post

Selecting a place to dine, bizarre ideas, modifying likes and dislikes, switching over from your favorite cola drinks, choosing your next password that you are going to change in near future, all of these ideas could be injected in a human mind, unfortunately many of these experiments exist in our day to day life and consciously or unconsciously, knowingly or unknowingly are influencing our day to day life.

Some or all of the following pyscological and brainwashing techniques are already been used by advertisers, corporates, governments & foreign governments to influence subconscious mind

Subliminal message

A subliminal message is a signal or message embedded in another medium, designed to pass below the normal limits of the human mind’s perception. These messages are unrecognizable by the conscious mind, but in certain situations can affect the subconscious mind and can negatively or positively influence subsequent later thoughts, behaviors, actions, attitudes, belief systems and value systems.

More info and Source on subliminal message: wikipedia

Parts of the following Brainwashing Techniques can be used in Psycho injection to influence subconscious mind

In the late 1950s, psychologist Robert Jay Lifton experimented with former prisoners of Korean War and Chinese war camps. Lifton ultimately defined a set of steps involved in the brainwashing cases he studied:

Assault on identity

This is a systematic attack on a target’s sense of self (also called his identity or ego) and his core belief system. The agent denies everything that makes the target who he is: “You are not happy.” “You are not a man.” “You don’t belong here .” The target is under constant attack for days, weeks or months, to the point that he becomes exhausted, confused and disoriented. In this state, his beliefs seem less solid.

Guilt — You are bad. You are always wrong

While the identity crisis is setting in, the agent is simultaneously creating an overwhelming sense of guilt in the target. He repeatedly and mercilessly attacks the subject for any “sin” the target has committed, large or small. He may criticize the target for everything from the “evilness” of his beliefs to his habits of drinks or eat. The target begins to feel a general sense of shame, that everything he does is wrong

Breaking point: Who am I, where am I and what am I supposed to do?

With his identity in crisis, experiencing deep shame and having betrayed what he has always believed in, the target may undergo what in the lay community is referred to as a “nervous breakdown.” In psychology, “nervous breakdown” is really just a collection of severe symptoms that can indicate any number of psychological disturbances. It may involve uncontrollable sobbing, deep depression and general disorientation. The target may have lost his grip on reality and have the feeling of being completely lost and alone.
When the target reaches his breaking point, his sense of self is pretty much up for grabs — he has no clear understanding of who he is or what is happening to him.

At this point, the agent sets up the temptation to convert to another belief system that will save the target from his misery.

Leniency: I can help you.

With ­the target in a state of crisis, the agent offers some small kindness or reprieve from the abuse. He may offer the target a drink of water, or take a moment to ask the target what he misses about home. In a state of breakdown resulting from an endless psychological attack, the small kindness seems huge, and the target may experience a sense of relief and gratitude completely out of proportion to the offering, as if the agent has saved his life.

Compulsion to confession: You can help yourself.

For the first time in the brainwashing process, the target is faced with the contrast between the guilt and pain of identity assault and the sudden relief of leniency. The target may feel a desire to reciprocate the kindness offered to him, and at this point, the agent may present the possibility of confession as a means to relieving guilt and pain.

Channeling of guilt: This is why you’re in pain.

After weeks or months of assault, confusion, breakdown and moments of leniency, the target’s guilt has lost all meaning — he’s not sure what he has done wrong, he just knows he is wrong. This creates something of a blank slate that lets the agent fill in the blanks: He can attach that guilt, that sense of “wrongness,” to whatever he wants. The agent attaches the target’s guilt to the belief system the agent is trying to replace. The target comes to believe it is his belief system that is the cause of his shame. The contrast between old and new has been established: The old belief system is associated with psychological (and usually physical) agony; and the new belief system is associated with the possibility of escaping that agony.

more information and Source on brain washing

Psycho Drama

Though the original idea about Psycho drama’ was a method for human development which explores, through dramatic action the problems, issues, concerns, dreams and highest aspirations of people, groups, systems and organizations.

It was mostly used as a group work method, in which each person in the group can become a agent for each other in the group.

more information and source on Psycho Drama

Do leave your feed backs and comments for this post.

Cheers .

You may also like this

• No Related Post

ZoneMinder has a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual ‘zones’ of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

ZoneMinder supports capture, analysis, recording, and monitoring of video data coming from one or more video or network cameras attached to a Linux system. ZoneMinder also support web and semi-automatic control of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use as a DIY home video security system and for commercial or professional video security and surveillance. It can also be integrated into a home automation system via X.10 or other protocols.

ZoneMinder is an open source application and can be downloaded from here..

You may also like this

• No Related Post

Police articulate the move as a crucial process tracking cyber-criminals and is used sparingly, Computer hacking has to be approved by a chief constable, who must be satisfied the action is proportionate to the crime being investigated but civil liberties groups fear it is about to be vastly expanded. As per Shami Chakrabarti, of human rights group Liberty “These powers are as intrusive as someone busting down your door and coming into your home.”

News sources claims, human rights organizations are preparing to challenge the legal basis of the move. The move will fuel claims that the Government is presiding over a steady extension of the “surveillance society” threatening personal privacy.

You may also like this

• No Related Post

Further the report says “Suppose there were a fixed number of dollars available to be phished each year; that fixed Pool would be divided among more and more people and each phisher’s take would decrease…”

The report : “ A Profitless Endeavor: Phishing as Tragedy of the Commons” estimate the total annual losses associated with phishing much lower than the $3.2 billion estimated by Gartner Inc. and various other research firms.

You may also like this

• No Related Post

• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, …;
• Port Independent Protocol Identification (PIPI) for each application protocol;
• Multithreading;
• Output data and information in SQLite database or Mysql database and/or files;
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-);
• TCP reassembly with ACK verification for any packet or soft ACK verification;
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
• No size limit on data entry or the number of files entrance (the only limit is HD size);

Xplico can be downloaded from here..

You may also like this

• Open Source Vulnerability Database Mysql Dump
• Grendel Scan @ Defcon

The new release of Backtrack 4 maybe released as a complete distribution compared to LiveCDs as of its previous version;

BT4 team is looking for contributors with these skills:

* Wallpaper
* KDE Splash screen
* Framebuffer image
* Various Icons
* Website Design
* Vbulletin Forum Design

You may also like this

• WPA crack with Backtrack 3

John Todd, the company’s Asterisk open-source community director, believes that it was probably the March bug, which FBI is referring to in its advisory, On March 18, 2008 researchers at Mu Security reported a bug that could allow an attacker to take control of an Asterisk system, by taking over the account of one individual. In a recent interview with PC world, Todd indicates that the attack described by the FBI would be extremely hard to pull off.

About Vishing attack

Vishing is the illegal practice of using social engineering over the telephone system, most often using features facilitated by voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “voice” and phishing and hence the word “VISHING”.

Vishing exploits the public’s trust in landline telephone services, which have traditionally been terminated in physical locations and were known to the telephone company, and associated with a bill-payer.

Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals, advance vishing attacks can however be used for corporate espionage.

Asterisk software website

You may also like this

• No Related Post

A GPU is an ASIC type processor. ASIC processors are much faster than CPU’s because they are geared towards doing one specific type of task.

Though Elcomsoft’s EDPR is still a brute-force crack, but only a few packets needed to be sniffed, and the GPU accelerates the algorithm used to generate keys significantly, even laptop-grade 8800M and 9800M GPUs speed things up 10 to 15 times, though without dictionary words being involved, cracking WPA2 is still quite intensive, perhaps three months to crack a lowercase-only random eight-character password using a PC with two NVIDIA GTX 280 video cards. There are around 200 billion passphrases possibilities in this format, and some substantial hashing overhead to turn a passphrase into the WPA/WPA2 key material.

Demo version of Elcomsoft Distributed Password Recovery is available here

You may also like this

• WPA crack with Slitaz Aircrack-ng Distribution
• WPA crack with Backtrack 3
• WPA2: The secure way…

There are three methods an attacker can use to spoof the source IP of the scanning machine and/or to disturb the attention of system and security administrators. These techniques are: Normal Spoofing Scan, Decoy Scan, and Distributed Scan.

While other methods may still be seen commonly around, Distributed scan works by dividing the scanning scope among multiple attack platforms. In such case, each attack platform performs a normal scan for a small range of port numbers. Although this is not 100% spoofing mechanism, it increases the overhead of the system administrator on the other side to trace back the attacker [e.g. there could be hundreds of originating IPs.] Furthermore, those originating IPs could be of compromised hosts.

Dps Project homepage

You may also like this

• No Related Post

To successfully inject an entry into a remote DNS cache, there are pre-requisites elements the auditor needs to know:

The auditor needs to know if the target DNS server processes recursive queries or not. If not, then the server is not susceptible to cache poisoning. If the target DNS server processes recursive queries, the auditor needs to know if the server forwards the DNS request to a farwarder server or performs the request directly. If “forwarder” is configured, the auditor needs the IP address of the forwarder system.

The auditor needs to know the static source port number used by the target DNS server only in case of unpatched systems. For patched systems, this is not needed.

DNS Multiple Race Exploiter project homepage

You may also like this

• No Related Post

‘Google is by far the largest user of Internet bandwidth, Google’s share of bandwidth usage is rising rapidly, and that Google’s bandwidth use is orders of magnitude greater than its payment for its cost’. The study claims.

Precursor LLC released a first-ever research study of U.S. consumer Internet bandwidth usage and costs with the objective of estimating how much bandwidth Google uses and pays for. The data confirm the study’s core hypotheses, that: Google is by far the largest user of Internet bandwidth, Google’s share of bandwidth usage is rising rapidly, and that Google’s bandwidth use is orders of magnitude greater than its payment for its cost.

The study estimated Google used 16.5% of all U.S. consumer Internet traffic in 2008, and that share is estimated to grow to 25% in 2009 and 37% in 2010. What drives this conspicuous bandwidth consumption is Google’s search bots regularly copy every page on the Internet, some as frequently as every few seconds, and Google’s YouTube streams almost half of all video streamed on the Internet.

The study estimated Google’s payment to fund just the U.S. consumer broadband Internet segment to be approximately $344 million in 2008 or 0.8% of U.S. consumer’s flat-rate monthly Internet access costs of $44.0 billion. Thus Google’s 16.5% share of all 2008 U.S. consumer bandwidth usage, is ~21 times greater than Google’s 0.8% share of U.S. consumer bandwidth costs – or an implicit ~$6.9 billion subsidy of Google by U.S. consumers.

Study available here..

You may also like this

• No Related Post

For those who are not familiar with metasploit, let me introduce you to Metasploit.

Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. It stores tested and known stable exploits that successfully works against specific targets: various releases of Windows, Linux, BSD, generic UNIX, and Mac OS. It also runs on many of those same platforms, and has even been seen on a Nokia N800 handheld.

The project was initiated to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. Metasploit is also seen as application integration with various security applications such as SQL ninja. Exploits can be tested either on target host, or via a chain of proxies, additionally, various browser hijacking routines will let you load malicious ActiveX controls (3rd party or developed by you or some that are bundled with Metasploit) to vulnerable Internet Explorer versions. One way or another, you will be able to gain a foothold in a vulnerable system.

The success of exploit depends on the payload chosen. For instance, if you select to bind a shell, Metasploit will open a console session and connect back to the host via the specified port number. Even if you don’t possess the deep programming knowledge to make full use of its exploit development capabilities, you’ll benefit from the work of others and stay current as new exploits come online and old ones are addressed by patches.

Metasploit can be downloaded from here

You may also like this

• No Related Post

It works by scanning a pcap file (as generated by the common tcpdump tool) for VNC challenge/response exchanges, then checks against a preexisting wordlist (reading from stdin is also supported, allowing the use of John the Ripper, see the documentation in the tarball for further information). It is quite fast and can check well over a million passwords a second on a 2.4 GHz Core2 processor

VNCcrack can be found here..

You may also like this

• No Related Post

The sniffy project consist of
- kernel module able to connect/hook on pseudo terminal
- program able to display content of any pseudo terminal on fly
- daemon process tracing the pseudo terminal content into the file
- replay program allowing to replay any stored pseudo terminal session

The usage of pseudo terminals in applications like ssh/telnet/X terminals,
makes the sniffy project quite attractive. It could be obviously used for
various purposes. One of the most sane usage could be ssh access session
monitoring of some guarded server. Any action on such a server through
the ssh is then documented and could be replayed.

The sniffy project can be reached here.

You may also like this

• No Related Post

Sqlmap project site..

You may also like this

• No Related Post

A Proof of concept (POC) is also been release by Security expert Aviv Raff, who first discovered this flaw. (Kindly Note: This Proof of concept page will automatically download a Java file onto your desktop). You can safely click on the download, as it only opens up a notepad application written in Java.

As per the POC, after a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user’s machine.

About Google Chrome:

Google Chrome, The name is derived from the graphical user interface frame, or “chrome”, of web browsers. The open source project behind Google Chrome is known as Chromium.

Google Chrome was originally scheduled to be released on 3 September 2008, A comic designed by Scott McCloud was supposed to be sent to journalists and bloggers explaining the features and motivations for the new browser, copies intended for Europe were shipped early and a German blogger made a scanned copy available on his website after receiving it on 1 September 2008. Google subsequently made the comic available on Google Books and their site and referenced it on its official blog along with an explanation for the early release.

Built-in Security Features of Google Chrome

Blacklists
Chrome periodically downloads updates of two blacklists (one for phishing and one for malware) and warns users when they attempt to visit a harmful site. This service is also made available for use by others via a free public API called “Google Safe Browsing API”. In the process of maintaining these blacklists, Google also notifies the owners of listed sites who may not be aware of the presence of the harmful software.

Sandboxing
Each tab in Chrome is sandboxed to “prevent malware from installing itself” or “using what happens in one tab to affect what happens in another”. Following the principle of least privilege, each process is stripped of its rights and can compute but can not write files or read from sensitive areas (e.g. documents, desktop)—this is similar to “Protected Mode” that is used by Internet Explorer 7 on Windows Vista. The Sandbox Team is said to have “taken this existing process boundary and made it into a jail”[11]; for example malicious software running in one tab is unable to sniff credit card numbers, interact with the mouse or tell “Windows to run an executable on start-up” and will be terminated when the tab is closed. This enforces a simple computer security model whereby there are two levels of multilevel security (user and sandbox) and the sandbox can only respond to communication requests initiated by the user.

Plugins
Plugins such as Adobe Flash Player are typically not standardised and as such cannot be sandboxed like tabs. These often need to run at or above the security level of the browser itself. To reduce exposure to attack, plugins are run in separate processes that communicate with the renderer, itself operating at “very low privileges” in dedicated per-tab processes. Plugins will need to be modified to operate within this software architecture while following the principle of least privilege.

You may also like this

• Glimpses of tomorrow.. A security obsessed world..?

Even after frequent reminders about implication of WEP vulnerabilities, many administrators are still implementing WEP or Dictionary based passwords in case of WPA. My recent post about WPA Crack demonstrates the flaw of a weak password in WPA implementation.

The point I am making here is even though manufacturers for various wifi devices are aware of this facts why are they still shipping their products with weak authentication protocols, I am sure it wont take another round of a VC funding for updating firmware. As for today’s scenario all it takes is to make WPA2 the only available authentication available in those devices, with option of numerical and character based password to avoid a dictionary based attacks.

But then if there are no viruses there won’t be any anti virus in market, likewise many alternative devices and solutions have pop up lately for wifi security.

I Guess It should be mandatory for manufactures of wifi devices to comply with a strict policy of updating their products and firmware specially incase of products concern with first line of defense of a network.

You may also like this

• WPA crack with Slitaz Aircrack-ng Distribution
• GPU crack WPA 100 times faster then CPU

Backtrack is a security penetration testing live open source Linux distro, Backtrack took two of the best, Whax and Auditor and merged them to make one meaningful distro that emerged as an ethical hackers best choice for security auditing. It comes loaded with tools including network mapping, Info gathering, vulnerability Identification tools, and even some for Bluetooth hacking.

Commands Used in video (Step by Step):

1)airmon-ng stop wlan0

2)ifconfig wlan0 down

3)macchanger –mac 00:11:22:33:44:55 wlan0

4)airmon-ng start wlan0

5)airodump-ng wlan0

6)airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0

7)aireplay-ng -0 5 -a (bssid)wlan0

8)aircrack-ng (filename-01.cap)-w (dictionary location)

Click here to view the embedded video.

Backtrack can be downloaded from here

You may also like this

• WPA crack with Slitaz Aircrack-ng Distribution
• GPU crack WPA 100 times faster then CPU
• BackTrack 4 Artwork Contest
• DirBuster application to brute force hidden directories and files

WordPress promotes Browse Happy link on its homepage.

Till August 2008 google has been promoting FIREFOX by AdSense Referrals

savethedevelopers.org campaign focuses on assisting users in upgrading their Internet Explorer 6web browser

You may also like this

• No Related Post

You may also like this

• Xplico: Open source Network Forensic Analysis Tool
• Grendel Scan @ Defcon

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide.

Download and more information on project is available here.

You may also like this

• WPA crack with Slitaz Aircrack-ng Distribution
• WPA crack with Backtrack 3

Though the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only), as a precautionary measure, Red Hat has release an updated version of compromised packages and have published a list of the tampered packages and how to detect them.

Networks with critical Red Hat Servers are advised to verify their server packages.

You may also like this

• No Related Post

As per the interview with Indiatimes, jai menon claims “Even if a hacker figures out a way to make voice calls from an iPhone procured from our stores using a non-Airtel SIM, he will not be able to access any of the ‘Airtel Live’ or ‘Airtel Apps’ features built into all the iPhones sold by Airtel.

We’ve built in suitable levels of security to ensure both applications remain out of bounds for hackers. All iPhones distributed by Airtel will run on OSX (Version 2) OS which also powers Apple notebooks worldwide.”

Loaded with sensitive applications like mobile payment (m-Check) and to prove Mr. Menon wrong, the new Airtel Iphone would surely be drawing a lot of attention from those hackers.

You may also like this

• No Related Post

You may also like this

• No Related Post

Grendel-Scan has an built in automated testing modules for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. Grendel-Scan system requirement is Java 5; Windows, Linux and Macintosh builds are available.

Grendel-Scan is compatible with 32 Bit java only.

PowerPoint Slides available here.

You may also like this

• Xplico: Open source Network Forensic Analysis Tool
• Open Source Vulnerability Database Mysql Dump