tag:blogger.com,1999:blog-50147650147551353082024-03-13T06:46:38.475-07:00Basic InstinctTarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-5014765014755135308.post-33204155788574679652011-01-22T08:16:00.000-08:002011-01-22T08:16:15.162-08:00Critical vulnerability found in Opera browser<div dir="ltr" style="text-align: left;" trbidi="on"><img alt="" class="aligncenter" height="350" src="http://www.filecluster.com/reviews/wp-content/uploads/2008/10/opera_browser_logo.png" width="417" /><br />
A critical vulnerability has been found in Opera browser by security researcher Jordi Chancel. The vulnerability can be used by an attacker to execute arbitrary code on vulnerable machines.The bug affects the latest version of Opera running on Windows 7, as well as Windows XP SP3. The vulnerability was confirmed and released by a French Security firm <a href="">VUPEN</a>. The vulnerability exist in the current release of Opera i.e. 11.0 0 as well as in the previous release 10.63 and others.<br />
<a name='more'></a><br />
VUPEN said in its advisory that this issue is caused by an integer truncation error within the Opera Internet Browser module “opera.dll” when handling a HTML “select” element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page.<br />
Jordi Chancel at his <a href="">blog</a>, describes that the bug gives clear evidence of memory corruption despite the fact that its operation could be quite complicated to make.It is also noteworthy that this crash is possible only through means of a minimal interaction from the user (like clicking on the desired item).<br />
<a href="http://blog.secfence.com/2011/01/critical-bug-found-in-opera-browser/opera_corruption/" rel="attachment wp-att-135"><img alt="" class="aligncenter size-full wp-image-135" height="480" src="http://blog.secfence.com/wp-content/uploads/2011/01/opera_corruption.jpg" title="opera_corruption" width="640" /></a><br />
Piece of exploit code for the vulnerability:<br />
<a href="http://blog.secfence.com/2011/01/critical-bug-found-in-opera-browser/capture_d_ecran_2011-01-16_a_11-18-38/" rel="attachment wp-att-136"><img alt="" class="aligncenter size-full wp-image-136" height="443" src="http://blog.secfence.com/wp-content/uploads/2011/01/capture_d_ecran_2011-01-16_a_11.18.38.jpg" title="capture_d_ecran_2011-01-16_a_11.18.38" width="476" /></a><br />
He has also added a crash video at <a href="">youtube</a> . The security community is eagerly waiting for the public release of this vulnerability. It seems that the exploit code will only be release, once opera patches this vulnerability.</div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-26136154559586865152011-01-20T00:58:00.000-08:002011-01-22T08:11:55.306-08:00Beware Goo.gl Fake Antivirus Worm on Twitter<div dir="ltr" style="text-align: left;" trbidi="on"><div class="articleBodyContent">Twitter and Twitter users are being targeted by a malicious worm. The worm sends out tweets with a goo.gl shortened URL link directed to a rogue antivirus application. The attack demonstrates once again how URL shortening can be a Pandora's box as users click on links with no clue where they might lead.<br />
<a name='more'></a><br />
<br />
A <a href="http://nakedsecurity.sophos.com/2011/01/20/fake-anti-virus-attack-twitter-via-goo-gl-links/">post on Naked Security</a> by Sophos' Graham Cluley describes the threat. "Thousands of Twitter users are finding that their accounts have been <a href="http://www.pcworld.com/businesscenter/article/216535/spam_traffic_returns_after_holiday_break.html?tk=hp_new">tweeting out malicious links</a> without their permission, pointing to a fake anti-virus attack," adding, "A quick search on the popular micro-blogging network finds many tweets from users containing no message other than a goo.gl shortened link (Google's equivalent to bit.ly or tinyurl), which itself points to a URL ending with "m28sx.html".<br />
<br />
<span class="image rtsm"><img alt="Follow simple precautions to avoid falling victim to malicious shortened URLs" height="119" src="http://zapp5.staticworld.net/reviews/graphics/191904-securityhomepage_2_original.jpg" width="180" /></span><br />
<br />
Attacks hiding behind shortened URLs are not new, and are also not technically challenging to execute. By their very nature, URL shortening services like goo.gl and bit.ly take cumbersome, long URLs and condense them down to a nice, short alias that can be used in its place. The concept makes it much easier to send some exceptionally long links, and is a necessity for a site like Twitter which caps messages at 140 characters.<br />
Adam Wosotowsky, principal researcher at <a href="http://www.mcafee.com/us/mcafee-labs.aspx">McAfee Labs</a>, explains, "Shortened URL sites are not 100 percent malicious, so blocking the domain completely can cause false positives, which is something researchers try and avoid. Goo.gl is an example of a site associated with Google, so blocking the domain may be frowned upon by Google, allowing the spammer to continually abuse the site."<br />
Wosotowsky elaborates, "As we stated in our <a href="http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2011.pdf?cid=WBB005">2011 Threat Predictions</a>, we currently track and analyze--through multiple social media applications and all URL shortening services--more than 3,000 shortened URLs per minute. We see a growing number of these used for spam, <a href="http://www.pcworld.com/businesscenter/article/217340/mcdonalds_phishing_scam_im_not_lovin_it.html?tk=hp_new">scamming and other malicious purposes</a>, and we expect to see shortened URL abuse invade all other forms of Internet communications."<br />
Shortened URLs provide attackers a simple, and commonly accepted means of obscuring malicious links. McAfee recommends using its proprietary URL shortening service--<a href="http://mcaf.ee/">mcaf.ee</a>. McAfee's shortened URLs are scanned and filtered to weed out malware. Of course, you can't really control what URL shortening service other people use to send links to you.<br />
To avoid falling victim to Trojans, drive-by downloads, and <a href="http://www.pcworld.com/businesscenter/article/216782/you_too_can_be_an_l33t_whitehat_hacker_for_only_250.html?tk=hp_new">other malicious attacks</a> hiding behind innocent-looking shortened URLs, try using a tool like <a href="http://www.tweetdeck.com/">Tweetdeck</a> that offers an option to reveal the full-length link behind the shortened URL before visiting it.</div></div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-88960415433012689142011-01-15T10:18:00.000-08:002011-01-15T10:18:28.061-08:00How do i change my ip address<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_fMrF3L8CTmg/Sq6CaRkXuEI/AAAAAAAAAIA/FlnwWPAsBUI/s1600/ip.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="Trace ip address" border="0" src="http://1.bp.blogspot.com/_fMrF3L8CTmg/Sq6CaRkXuEI/AAAAAAAAAIA/FlnwWPAsBUI/s320/ip.jpg" /></a></div><b><br />
</b><br />
<b>What is an </b><b>ip address</b><b>?</b><br />
Every device connected to the public <span class="IL_AD" id="IL_AD5">Internet is</span> assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 127.0.0.1.<br />
<br />
<a href="" name="more"></a><br />
Since these numbers are usually assigned to internet service providers within region-based blocks, an <span style="font-weight: bold;">IP address</span> can often be used to identify the region or country from which <span class="IL_AD" id="IL_AD8">a computer</span> is <span class="IL_AD" id="IL_AD4">connecting to the Internet</span>. An <span style="font-weight: bold;">IP addres<span style="font-weight: bold;"></span></span>s can sometimes be used to show the user's general location.<br />
<span class="Apple-style-span"><span class="Apple-style-span" style="font-size: 32px;"><b><span class="Apple-style-span" style="font-size: small; font-weight: normal;"><br />
</span></b></span></span><a name='more'></a><br />
<b><span class="Apple-style-span" style="color: #6fa8dc;"><span class="Apple-style-span" style="font-size: large;"><span class="IL_AD" id="IL_AD7">Changing Ip Address</span> - Method:</span></span></b><br />
<span class="fullpost"><br />
<br />
"<span style="font-weight: bold;">How do I <span class="IL_AD" id="IL_AD2">change my IP address</span>?</span>" and "<span style="font-weight: bold;">Can I change my IP address?</span>" are probably the most commonly asked questions<br />
<br />
Here are simple steps to <span style="font-weight: bold;">change your ip-address</span>:<br />
<br />
1. Click on “Start” in the bottom left hand corner of screen<br />
<br />
2. Click on “Run”<br />
<br />
3. Type in “command” and hit ok<br />
<br />
You should now be at an MSDOS prompt screen.<br />
<br />
4. Type “ipconfig /release” just like that, and hit “enter”<br />
<br />
5. Type “exit” and leave the prompt<br />
<br />
6. Right-click on “Network Places” or “My Network Places” on your desktop.<br />
<br />
7. Click on “properties”<br />
<br />
You should now be on a screen with something titled “Local Area Connection”, or<br />
something close to that, and, if you have a network <span class="IL_AD" id="IL_AD1">hooked up</span>, all of your other<br />
networks.<br />
<br />
8. Right click on “Local Area Connection” and click “properties”<br />
<br />
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the”General” tab<br />
<br />
10. Click on “Use the following IP address” under the “General” tab<br />
<br />
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2<br />
until i fill the area up).<br />
<br />
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section<br />
with default numbers.<br />
<br />
13. Hit the “Ok” button here<br />
<br />
14. Hit the “Ok” button again<br />
<br />
You should now be back to the “Local Area Connection” screen.<br />
<br />
15. Right-click back on “Local Area Connection” and go <span class="IL_AD" id="IL_AD6">to properties</span> again.<br />
<br />
16. Go back to the “TCP/IP” settings<br />
<br />
17. This time, select “Obtain an IP address automatically”<br />
tongue.gif<br />
<br />
18. Hit “Ok”<br />
<br />
19. Hit “Ok” again<br />
<br />
20. You now have a <span class="IL_AD" id="IL_AD3">new IP address</span><br />
</span><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com1tag:blogger.com,1999:blog-5014765014755135308.post-66124152210668659492011-01-14T11:51:00.000-08:002011-01-14T11:51:36.217-08:00How to create Fake login page for any website<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><div style="margin: 0px;"><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/_fMrF3L8CTmg/ScIH1WpPJMI/AAAAAAAAAAo/xwcxhwn88xY/s1600/fakelogin-300x273.jpg" style="margin-left: 1em; margin-right: 1em;"><span class="Apple-style-span" style="font-size: x-small;"><img alt="Fake login page " border="0" src="http://1.bp.blogspot.com/_fMrF3L8CTmg/ScIH1WpPJMI/AAAAAAAAAAo/xwcxhwn88xY/s320/fakelogin-300x273.jpg" /></span></a></div><span class="Apple-style-span" style="color: #3d85c6;"><b><span class="Apple-style-span" style="font-size: x-small;"> </span></b></span></div></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">A Fake <span class="IL_AD" id="IL_AD2">Login Page</span> is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.</span></span><br />
<a name='more'></a><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><span class="Apple-style-span" style="color: #cc0000;"><b><span class="Apple-style-span" style="font-size: x-small;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS',sans-serif;"> </span></span></b></span></span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><u><span class="Apple-style-span" style="color: #cc0000;"><b><span class="Apple-style-span" style="font-size: x-small;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS',sans-serif;">Procedure</span></span></b></span></u><span class="Apple-style-span" style="color: #cc0000;"><b><span class="Apple-style-span" style="font-size: x-small;"><span class="Apple-style-span" style="font-family: 'Trebuchet MS',sans-serif;"> --></span></span></b></span><br />
<span class="Apple-style-span" style="font-weight: bold;"><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span></span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now it's <span class="IL_AD" id="IL_AD4">easy to build</span> a Fake Login Pages without any knowledge of Programming Languages. One can use </span></span><a href="http://www.jotform.com/"><span style="color: red;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">http://www.jotform.com</span></span></span></a><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> to build the <span class="IL_AD" id="IL_AD3">Sign Up page</span>.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{1}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Open </span></span><b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">www.jotform.com </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><span class="IL_AD" id="IL_AD5">and Sign</span> Up.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{2}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> then Login there with your newly registered account.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{3}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> now click on ‘ Create your first form’.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{4}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now <span class="IL_AD" id="IL_AD6">delete all</span> the pre-defined entries, just leave ‘First Name:’ (To delete entries, select the particular entry and then click on <span class="IL_AD" id="IL_AD7">the cross</span> sign.)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{5}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now Click on ‘First Name:’ (Exactly on First Name). Now the option to Edit the First Name is activated, type there “username:” (for Gmail) or YahooId: (for Yahoo)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{6}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now Click on ‘Power Tool’ Option (In right hand side…)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{7}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Double click on ‘Password Box’. Now Click the newly form password entry to edit it. Rename it as ‘Password:’</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{8} Now Click on ‘Properties’ Option (In right hand side…). These are the form properties.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{9} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">You can give any title to your form. This title is used to distinguish your forms. This Title cannot be seen by the victim.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{10} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now in Thank You URL you must put some link, like http://www.google.com or anything. Actually after entering username & password, user will get redirect to this url.(Don’t <span class="IL_AD" id="IL_AD10">leave it</span> blank…)</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{11}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now Click on ‘Save’. After saving, click on ‘Source’ Option.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{12}</span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> Now you can see two Options, namely ‘Option1′ & ‘Option2′. Copy the full code of ‘Option2′.</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{13} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now open Notepad text editor and write the following code their.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Paste the Option2 code here</span></span><br />
<b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">{14} </span></span></b><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">And <span class="IL_AD" id="IL_AD8">now save</span> this as index.html. And then host it, mean you will have to put it on the internet so that everyone can view it. Now i think that you would be knowing it and if in case you do not know it please leave a comment with your email-id and i will mail you how to do it.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">Now you can view it by typing the url in the address bar.</span></span><br />
<span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span><span class="Apple-style-span" style="font-size: x-small;"> </span><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"> </span></span><br />
<span style="color: #663399;"><b><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">NOTE</span></span></span></b><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">: </span></span></span><b><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;">If u want to send it to the internet, then first you will have to create a <span class="IL_AD" id="IL_AD9">hosting account</span> which you can create on www.110mb.com and there are many other sites which you can find on the internet very easily.<br />
I suppose that you created your account at 110mb.com<br />
now login to your account then click on “File Manager”, then click on “upload files” or just “upload”. Then select the file which you want to send to the internet and click on upload. And you are done.<br />
Now you can access you file on the net by just typing the url of the file.<br />
And you will receive password of the users that login to your site through email-id which you’ve entered while creating the form.</span></span></span></b></span><br />
<span style="color: #663399;"><b><span class="Apple-style-span" style="color: #cc0000;"><span class="Apple-style-span" style="color: black; font-weight: normal;"><span class="Apple-style-span" style="font-family: Verdana,sans-serif;"><span class="Apple-style-span" style="font-size: x-small;"><br />
</span> </span></span></span></b></span></span></span><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-55591486808568822752011-01-14T08:57:00.000-08:002011-01-15T01:14:07.373-08:00How To Hack Facebook Chat Application<div class="post-header"></div><div class="post-body entry-content"><style>
@font-face {
font-family: "Cambria Math";
}@font-face {
font-family: "Calibri";
}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 10pt; line-height: 115%; font-size: 11pt; font-family: "Calibri","sans-serif"; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }.MsoChpDefault { }.MsoPapDefault { margin-bottom: 10pt; line-height: 115%; }div.Section1 { page: Section1; }
</style> <br />
<img alt="" class="alignleft" height="202" src="http://thelandofhack.files.wordpress.com/2010/12/images.jpeg?w=303&h=202" width="303" /><br />
In this post I will tell you how you can hack facebook chat application to run it from any windows, Using this hack you will be able to chat with your freinds on other browser pages, So here is the step by step guide to hack facebook chat application.<br />
<br />
<a name='more'></a><br />
<b>Note:This trick to hack facebook chat application works for firefox browser only</b><br />
<a href="http://www.blogger.com/post-create.do" name="more"></a><b>1.</b>First of all log into your Facebook account <br />
<b>2.</b>Next visit the following link:<br />
<b><a href="http://www.facebook.com/presence/popout.php">http://www.facebook.com/presence/popout.php</a></b><br />
<b> </b><span id="more-741"></span><br />
<div><a href="http://thelandofhack.files.wordpress.com/2010/12/title.jpg?w=214"><img alt="" border="0" src="http://thelandofhack.files.wordpress.com/2010/12/title.jpg?w=214" /></a></div><b><br />
</b><br />
<b>3.</b>Next press control D and bookmark the Page<br />
<br />
<br />
<div><a href="http://thelandofhack.files.wordpress.com/2010/12/title2.jpg?w=270"><img alt="" border="0" src="http://thelandofhack.files.wordpress.com/2010/12/title2.jpg?w=270" /></a></div><b>4.</b>Next click on the bookmark option at the top beside history button and right click Facebook chat at the bottom and Check load this bookmark in the sidebar and click on ok.<br />
<br />
<div><a href="http://thelandofhack.files.wordpress.com/2010/12/title3.jpg?w=249"><img alt="" border="0" src="http://thelandofhack.files.wordpress.com/2010/12/title3.jpg?w=249" /></a></div><br />
<div><a href="http://thelandofhack.files.wordpress.com/2010/12/title5.jpg?w=300"><img alt="" border="0" src="http://thelandofhack.files.wordpress.com/2010/12/title5.jpg?w=300" /></a></div>Now you can load Facebook chat application from any browser<br />
<br />
<div class="MsoNormal"><a href="http://www.ritrosoft.co.cc/">© tarundhacker.blogspot.com</a></div><br />
<style>
@font-face {
font-family: "Cambria Math";
}@font-face {
font-family: "Calibri";
}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 10pt; line-height: 115%; font-size: 11pt; font-family: "Calibri","sans-serif"; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }.MsoChpDefault { }.MsoPapDefault { margin-bottom: 10pt; line-height: 115%; }div.Section1 { page: Section1; }
</style> </div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-31503033394909771982011-01-14T08:19:00.000-08:002011-01-14T08:19:02.957-08:00An overview of Intrusion Detection System<a href="http://i51.tinypic.com/sevgwm.jpg" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="130" src="http://i51.tinypic.com/sevgwm.jpg" width="200" /></a>An <span class="IL_AD" id="IL_AD4">intrusion detection system</span> (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network.<br />
An intrusion detection system has a <span class="IL_AD" id="IL_AD3">number of</span> sensors that is used to detect unwanted or unexpected flow of network traffic, the major sensors as follows:<br />
<br />
<br />
<a href="" name="more"></a><br />
<ul><li>A sensor monitor log files</li>
<li>A sensor monitor TCP ingoing or outgoing connections</li>
</ul><b>How Intrusion Detection System Works?</b><br />
<br />
Intrusion detection system works by collecting information and then examining it. IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.<a name='more'></a><br />
<br />
o An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked.<br />
o We can mainly categorize an IDS into two type:<br />
<br />
<b>1.</b> <b>NIDS (Network <span class="IL_AD" id="IL_AD5">Intrusion Detection</span> Systems).</b><br />
<b>2.</b> <b>HIDS (Host Intrusion Detection Systems)</b><br />
<br />
There is still a question, why we use IDS if there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, where as the IDS is deployed to monitor traffic in vital segments in the network, generating <span class="IL_AD" id="IL_AD2">alerts</span> when an intrusion is detected.<br />
<br />
A firewall has got holes to let things through, without it you wouldn't be able to access the Internet or send or receive emails, there are different ways to bypass or cheat a firewall.<br />
Snort is an excellent open source Network Intrusion Detection System, OSSEC is an Open Source Host-based Intrusion Detection System.<div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-66628083798682488622011-01-12T12:23:00.000-08:002011-01-12T13:12:39.412-08:00Restoring lost partitions using Ubuntu live CD<span style="color: #999900;"><span style="font-style: italic;"><span style="font-weight: bold;"><span style="font-size: 130%;"><span style="font-family: georgia;">The below problem is to be solved out under this section....<br />
</span></span></span><span style="color: #333300; font-size: 130%;"><span style="font-family: georgia;"><br />
<span style="font-family: courier new;">" </span></span></span></span></span><b style="color: #999900; font-family: courier new; font-weight: normal;">How do I restore my lost partition table? I accidentally deleted my partition table, how do I recover my data? How to recover deleted partitions and data in them? Recover data from deleted drives."<br />
<a name='more'></a> <br />
<br />
<br />
</b><br />
<div style="color: #999900; text-align: center;"><b style="font-family: courier new; font-weight: normal;"><span style="font-size: 180%;"><span style="font-family: lucida grande;">" SOLUTION "<br />
<br />
<br />
</span></span></b><br />
<div style="text-align: left;">WARNING: If you’ve formatted and/or added new data to the drive, or carried on with an OS installation, chances of recovery are very less.<br />
Most people end up deleting their partition table while they try to install a new OS for the first time, I personally know a couple of them who ended up deleting their partition table while they tried to install Linux for the first time, (more on that later), Now what I am going to introduce to you a tiny tool called <b>“gpart” </b>which will help you restore your deleted partition table.<br />
<b><span style="text-decoration: underline;">Things you’ll need.</span></b><br />
<ol><li>An Ubuntu or similar, live CD (actually any Linux live CD / USB will do, but I am demonstrating here using Ubuntu 9.04 (Jaunty Jackalope)</li>
<li>A working internet connection or this file (35.8 KB)</li>
<li>Patience!</li>
</ol><b><span style="text-decoration: underline;">Here is the step by step procedure for restoring your lost partition table, and hence your lost data</span></b><br />
<ol><li>Boot using your live cd, I am using Ubuntu 9.04, Jackalope here.</li>
<li>You will need this <a href="http://launchpadlibrarian.net/20093740/gpart_0.1h-7_i386.deb">file </a>(35.8 KiB), or if you’re using another version of Ubuntu or a different Linux distro, the name of the package you need is <b>gpart.</b></li>
<li>You can install these packages using <b>apt-get </b>as well, from the terminal, if you have a working internet connection, here is the procedure for that</li>
</ol><ul><blockquote>
<li> Open the repository file by typing the following at the terminal :</li>
<li><b>sudo gedit /etc/apt/sources.list</b></li>
<li> Add the following line to it :</li>
<li><b>deb http://archive.ubuntu.com/ubuntu gutsy main restricted universe</b></li>
<li> Install gpart by typing the following commands in the terminal :</li>
<li><b>sudo apt-get update</b></li>
<li><b>sudo apt-get install gpart</b></li>
</blockquote></ul><br />
<b style="font-family: courier new; font-weight: normal;"><span style="font-size: 180%;"><span style="font-family: lucida grande;"></span></span></b></div><b style="font-family: courier new; font-weight: normal;"></b></div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-79939274326491948732009-07-28T10:33:00.000-07:002011-01-12T13:14:53.867-08:00--> DDoS Attacks and DDoS Defense Mechanisms<b></b> <br />
Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard to grasp a global view of the problem.<br />
<b><a name='more'></a>DDoS Attack Overview</b><br />
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A distributed denial-of-service attack deploys multiple machines to attain this goal. The service is denied by sending a stream of packets to a victim that either consumes some key resource, thus rendering it unavailable to legitimate clients, or provides the attacker with unlimited access to the victim machine so he can inflict arbitrary damage. This section will answer the following questions:<br />
<span id="more-704"></span><br />
1. What makes DDoS attacks possible?<br />
2. How do these attacks occur?<br />
3. Why do they occur?<br />
<b>Internet Architecture</b><br />
The Internet is managed in a distributed manner; therefore no common policy can be enforced among its participants.Such design opens several security issues that provide opportunities for distributed denial-of-service attacks:<br />
1. Internet security is highly interdependent. DDoS attacks are commonly launched from systems that are subverted through security related compromises. Regardless of how well secured the victim system may be, its susceptibility to DDoS attacks depends on the state of security in the rest of the global Internet.<br />
2. Internet resource is limited. Each Internet host has limited resources that can be consumed by a sufficient number of users.<br />
3. Power of many is greater than power of few. Coordinated and simultaneous malicious actions by some participants can always be detrimental to others, if the resources of the attackers are greater than the resources of the victims.<br />
4. Intelligence and resources are not collocated an end-to-end communication paradigm led to locating most of the intelligence needed for service guarantees with end hosts. At the same time, a desire for large throughput led to the design of high bandwidth pathways in the intermediate network. Thus, malicious clients can misuse the abundant resources of unwitting network for delivery of numerous messages to a victim.<br />
<b>DDoS Attack Strategy</b><br />
In order to perform a distributed denial-of-service attack, the attacker needs to recruit the multiple agent (slave) machines. This process is usually performed automatically through scanning of remote machines, looking for security holes that would enable subversion. Vulnerable machines are then exploited by using the discovered vulnerability to gain access to the machine, and they are infected with the attack code. The exploit/infection phase is also automated, and the infected machines can be used for further recruitment of new agents .Agent machines perform the attack against the victim. Attackers usually hide the identity of the agent machines during the attack through spoofing of the source address field in packets. The agent machines can thus be reused for future attacks.<br />
<b>DDoS Goals</b><br />
The goal of a DDoS attack is to inflict damage on the victim, either for personal reasons (a significant number of DDoS attacks are against home computers, presumably for purposes of revenge), for material gain (damaging competitor’s resources) or for popularity (successful attacks on popular Web servers gain the respect of the hacker community).<br />
<b>Taxonomy of DDoS Attacks</b><br />
In order to devise a taxonomy of distributed denialof- service attacks we observe the means used to prepare and perform the attack, the characteristics of the attack itself and the effect it has on the victim. Various classification criteria are indicated in bold type. Figure 1 summarizes the taxonomy.<br />
<b>Classification by Degree of Automation</b><br />
During the attack preparation, the attacker needs to locate prospective agent machines and infect them with the attack code. Based on the degree of automation of the attack, we differentiate between manual, semi-automatic and automatic DDoS attacks.<br />
<b>Manual Attacks</b><br />
Only the early DDoS attacks belonged to the manual category. The attacker scanned remote machines for vulnerabilities, broke into them and installed the attack code, and then commanded the onset of the attack. All of these actions were soon automated, leading to development of semiautomatic DDoS attacks, the category where most contemporary attacks belong.<br />
<b>Semi-Automatic Attacks</b><br />
In semi-automatic attacks, the DDoS network consists of handler (master) and agent (slave, daemon) machines. The attacker deploys automated scripts for scanning and compromise of those machines and installation of the attack code. He then uses handler machines to specify the attack type and the victim’s address and to command the onset of the attack to agents, who send packets to the victim. Based on the communication mechanism deployed between agent and handler machines we divide semi-automatic attacks into attacks with direct communication and attacks with indirect communication.<br />
<b>Attacks with direct communication</b><br />
During attacks with direct communication, the agent and handler machines need to know each other’s identity in order to communicate. This is achieved by hard-coding the IP address of the handler machines in the attack code that is later installed on the agent. Each agent then reports its readiness to the handlers, who store its IP address in a file for later communication. The obvious drawback of this approach is that discovery of one compromised machine can expose the whole DDoS network. Also, since agents and handlers listen to network connections, they are identifiable by network scanners.<br />
<b>Attacks with indirect communication</b><br />
Attacks with indirect communication deploy a level of indirection to increase the survivability of a DDoS network.Recent attacks provide the example of using IRC channels for agent/handler communication. The use of IRC services replaces the function of a handler, since the IRC channel offers sufficient anonymity to the attacker. Since DDoS agents establish outbound connections to a standard service port used by a legitimate network service, agent communications to the control point may not be easily differentiated from legitimate network traffic. The agents do not incorporate a listening port that is easily detectable with network scanners. An attacker controls the agents using IRC communications channels. Thus, discovery of a single agent may lead no further than the identification of one or more IRC servers and channel names used by the DDoS network. From there, identification of the DDoS network depends on the ability to track agents currently connected to the IRC server. Although the IRC service is the only current example of indirect communication, there is nothing to prevent attackers from subverting other legitimate services for similar purposes.<br />
<b>Automatic Attacks</b><br />
Automatic DDoS attacks additionally automate the attack phase, thus avoiding the need for communication between attacker and agent machines. The time of the onset of the attack,<br />
attack type, duration and victim’s address is preprogrammed in the attack code. It is obvious that such deployment mechanisms offer minimal exposure to the attacker, since he is only involved in issuing a single command – the start of the attack script. The hard coded attack specification suggests a single-purpose use of the DDoS network. However, the propagation mechanisms usually leave the backdoor to the compromised DDoS machine open, enabling easy future access and modification of the attack code. Both semi-automatic and automatic attacks recruit the agent machines by deploying automatic scanning and propagation techniques. Based on the scanning strategy, we differentiate between attacks that deploy random scanning, hit list scanning, topological scanning, permutation scanning and local subnet scanning. Attackers usually combine the scanning and exploitation phases, thus gaining a larger agent population, and my description of scanning techniques relates to this model.<br />
<b>Attacks with Random Scanning</b><br />
During random scanning each compromised host probes random addresses in the IP address space, using a different seed. This potentially creates a high traffic volume since many machines probe the same addresses. Code Red (CRv2) performed random scanning .<br />
<b>Attacks with Hitlist Scanning</b><br />
A machine performing hitlist scanning probes all addresses from an externally supplied list. When it detects the vulnerable machine, it sends one half of the initial hitlist to the recipient and keeps the other half. This technique allows for great propagation speed (due to exponential spread) and no collisions during the scanning phase. An attack deploying hitlist scanning could obtain the list from netscan.org of domains that still support directed IP broadcast and can thus be used for a Smurf attack.<br />
<b>Attacks with Topological Scanning</b><br />
Topological scanning uses the information on the compromised host to select new targets. All mail worms use topological scanning, exploiting the information from address books for their spread.<br />
<b>Attacks with Permutation Scanning</b><br />
During permutation scanning, all compromised machines share a common pseudo-random permutation of the IP address space; each IP address is mapped to an index in this permutation. A machine begins scanning by using the index computed from its IP address as a starting point. Whenever it sees an already infected machine, it chooses a new random start point. This has the effect of providing a semi coordinated, comprehensive scan while maintaining the benefits of random probing. This technique is described in as not yet deployed.<br />
<b>Attacks with Local Subnet Scanning</b><br />
Local subnet scanning can be added to any of the previously described techniques to preferentially scan for targets that reside on the same subnet as the compromised host. Using this technique, a single copy of the scanning program can compromise many vulnerable machines behind a firewall. Code Red II and Nimda Worm used local subnet scanning. Based on the attack code propagation mechanism, we differentiate between attacks that deploy central source propagation, back-chaining propagation and autonomous propagation .<br />
<b>Attacks with Central Source Propagation</b><br />
During central source propagation, the attack code resides on a central server or set of servers.<br />
After compromise of the agent machine, the code is downloaded from the central source through a file transfer mechanism. The 1i0n worm operated in this manner.<br />
<b>Attacks with Back-chaining Propagation</b><br />
During back-chaining propagation, the attack code is downloaded from the machine that was used to exploit the system.The infected machine then becomes the source for the next propagation step. Back-chaining propagation is more survivable than central-source propagation since it avoids a single point of failure. The Ramen worm and Morris Worm used backchaining propagation.<br />
<b>Attacks with Autonomous Propagation</b><br />
Autonomous propagation avoids the file retrieval step by injecting attack instructions directly into the target host during the exploitation phase. Code Red, Warhol Worm and numerous E-mail worms use autonomous propagation.<br />
<b>Classification by Exploited Vulnerability</b><br />
Distributed denial-of-service attacks exploit different strategies to deny the service of the victim to its clients. Based on the vulnerability that is targeted during an attack, we differentiate between protocol attacks and brute-force attacks.<br />
<b>Protocol Attacks</b><br />
Protocol attacks exploit a specific feature or implementation bug of some protocol installed at the victim in order to consume excess amounts of its resources. Examples include the TCP SYN attack, the CGI request attack and the authentication server attack. In the TCP SYN attack, the exploited feature is the allocation of substantial space in a connection queue immediately upon receipt of a TCP SYN request. The attacker initiates multiple connections<br />
that are never completed, thus filling up the connection queue indefinitely. In the CGI request attack, the attacker consumes the CPU time of the victim by issuing multiple CGI requests. In the authentication server attack, the attacker exploits the fact that the signature verification process consumes significantly more resources than bogus signature generation. He sends numerous bogus authentication requests to the server, tying up its resources.<br />
<b>Brute-force Attacks</b><br />
Brute-force attacks are performed by initiating a vast amount of seemingly legitimate transactions. Since an upstream network can usually deliver higher traffic volume than the victim network can handle, this exhausts the victim’s resources. We further divide brute-force attacks based on the relation of packet contents with victim services into filterable and non-filterable attacks.<br />
<b>Filterable Attacks</b><br />
Filterable attacks use bogus packets or packets for non-critical services of the victim’s operation, and thus can be filtered by a firewall. Examples of such attacks are a UDP flood attack or an<br />
ICMP request flood attack on a Web server.<br />
<b>Non-filterable Attacks</b><br />
Non-filterable attacks use packets that request legitimate services from the victim. Thus, filtering all packets that match the attack signature would lead to an immediate denial of the specified service to both attackers and the legitimate clients. Examples are a HTTP request flood targeting a Web server or a DNS request flood targeting a name server. The line between protocol and brute force attacks is thin. Protocol attacks also overwhelm a victim’s resources with excess traffic, and badly designed protocol features at remote hosts are frequently used to perform “reflector” brute-force attacks, such as the DNS request attack or the Smurf attack. The difference is that a victim can mitigate the effect of protocol attacks by modifying the deployed protocols at its site, while it is helpless against brute-force attacks due to their misuse of legitimate services (non-filterable attacks) or due to its own limited resources (a victim can do nothing about an attack that swamps its network bandwidth). Countering protocol attacks by modifying the deployed protocol pushes the corresponding attack mechanism into the brute-force category. For example, if the victim deploys TCP SYN cookies to combat TCP SYN attacks, it will still be vulnerable to TCP SYN attacks that generate more requests than its network can accommodate. However, the brute-force attacks need to generate a much higher volume of attack packets than protocol attacks, to inflict damage at the victim. So by modifying the deployed protocols the victim pushes the vulnerability limit higher. Evidently, classification of the specific attack needs to take into account both the attack mechanisms used and the victim’s configuration. It is interesting to note that the variability of attack packet contents is determined by the exploited vulnerability. Packets comprising protocol and non-filterable brute force attacks must specify some valid header fields and possibly some valid contents. For example TCP SYN attack packets cannot vary the protocol or flag field, and HTTP flood packets must belong to an established TCP connection and therefore cannot spoof source addresses, unless they hijack connections from legitimate clients.<br />
<b>Classification by Attack Rate Dynamics</b><br />
Depending on the attack rate dynamics we differentiate between continuous rate and variable rate attacks.<br />
<b>Continuous Rate Attacks</b><br />
The majority of known attacks deploy a continuous rate mechanism. After the onset is commanded, agent machines generate the attack packets with full force. This sudden packet flood disrupts the victim’s services quickly, and thus leads to attack detection.<br />
<b>Variable Rate Attacks</b><br />
Variable rate attacks are more cautious in their engagement, and they vary the attack rate to avoid detection and response. Based on the rate change mechanism we differentiate between attacks with increasing rate and fluctuating rate<br />
.<br />
<b>Increasing Rate Attacks</b><br />
Attacks that have a gradually increasing rate lead to a slow exhaustion of victim’s resources. A state change of the victim could be so gradual that its services degrade slowly over a long time period, thus delaying detection of the attack.<br />
<b>Fluctuating Rate Attacks</b><br />
Attacks that have a fluctuating rate adjust the attack rate based on the victim’s behavior, occasionally relieving the effect to avoid detection. At the extreme end, there is the example of pulsing attacks. During pulsing attacks, agent hosts periodically abort the attack and resume it at a later time. If this behavior is simultaneous for all agents, the victim experiences periodic service disruptions. If, however, agents are divided into groups who coordinate so that one group is always active, then the victim experiences continuous denial of service.<br />
<b>Classification by Impact</b><br />
Depending on the impact of a DDoS attack on the victim we differentiate between disruptive and degrading attacks.<br />
<b>Disruptive Attacks</b><br />
The goal of disruptive attacks is to completely deny the victim’s service to its clients. All currently known attacks belong to this category.<br />
<b>Degrading Attacks</b><br />
The goal of degrading attacks would be to consume some (presumably constant) portion of a victim’s resources. Since these attacks do not lead to total service disruption, they could remain undetected for a significant time period. On the other hand, damage inflicted on the victim could be immense. For example, an attack that effectively ties up 30% of the victim’s resources would lead to denial of service to some percentage of customers during high load periods, and possibly slower average service. Some customers, dissatisfied with the quality, would consequently change their service provider and victim would thus lose income. Alternately, the false load could result in a victim spending money to upgrade its servers and networks.<br />
<b>Taxonomy of DDoS Defense Mechanisms</b><br />
The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Some of these mechanisms address a specific kind of DDoS attack such as attacks on Web servers or authentication servers. Other approaches attempt to solve the entire generic DDoS problem. Most of the proposed approaches require certain features to achieve their peak performance, and will perform quite differently if deployed in an environment where these requirements are not met.<br />
As is frequently pointed out, there is no “ram ban (means the weapon which never misses the target in hindi)” against DDoS attacks. Therefore we need to understand not only each existing DDoS defense approach, but also how those approaches might be combined together to effectively and completely solve the problem.<br />
<b>Classification by Activity Level</b><br />
Based on the activity level of DDoS defense mechanisms, we differentiate between preventive and reactive mechanisms.<br />
<b>Preventive Mechanisms</b><br />
The goal of preventive mechanisms is either to eliminate the possibility of DDoS attacks altogether or to enable potential victims to endure the attack without denying services to legitimate clients. According to these goals we further divide preventive mechanisms into attack prevention and denial-of-service prevention mechanisms.<br />
<b>Attack Prevention Mechanisms</b><br />
Attack prevention mechanisms modify the system configuration to eliminate the possibility of a DDoS attack. Based on the target they secure, we further divide them into system security and protocol security mechanisms.<br />
<b>System Security Mechanisms</b><br />
System security mechanisms increase the overall security of the system, guarding against illegitimate accesses to the machine, removing application bugs and updating protocol installations to prevent intrusions and misuse of the system. DDoS attacks owe their power to large numbers of subverted machines that cooperatively generate the attack streams. If these machines were secured, the attackers would lose their army and the DDoS threat would then disappear. On the other hand, systems vulnerable to intrusions can themselves become victims of DDoS attacks in which the attacker, having gained unlimited access to the machine, deletes or alters its contents. Potential victims of DDoS attacks can be easily overwhelmed if they deploy vulnerable protocols. Examples of system security mechanisms include monitored access to the machine, applications that download and install security patches, firewall systems, virus scanners, intrusion detection systems, access lists for critical resources, capability-based systems and client-legitimacy-based systems. The history of computer security suggests that this approach can never be 100% effective, but doing a good job here will certainly decrease the frequency and strength of DDoS attacks.<br />
<b>Protocol Security Mechanisms</b><br />
Protocol security mechanisms address the problem of bad protocol design. Many protocols contain operations that are cheap for the client but expensive for the server. Such protocols can be misused to exhaust the resources of a server by initiating large numbers of simultaneous transactions. Classic misuse examples are the TCP SYN attack, the authentication server attack, and the fragmented packet attack, in which the attacker bombards the victim with malformed packet fragments forcing it to waste its resources on reassembling attempts. Examples of protocol security mechanisms include guidelines for a safe protocol design in which resources are committed to the client only after sufficient authentication is done , or the client has paid a sufficient price , deployment of powerful proxy server that completes TCP connections , etc. Deploying comprehensive protocol and system security mechanisms can make the victim completely resilient to protocol attacks. Also, these approaches are inherently compatible with and complementary to all other approaches.<br />
Denial-of-service prevention mechanisms enable the victim to endure attack attempts without denying service to legitimate clients. This is done either by enforcing policies for resource consumption or by ensuring that abundant resources exist so that legitimate clients will not be affected by the attack. Consequently, based on the prevention method, we differentiate between resource accounting and resource multiplication mechanisms.<br />
<b>Resource Accounting Mechanisms</b><br />
Resource accounting mechanisms police the access of each user to resources based on the privileges of the user and his behavior. Such mechanisms guarantee fair service to legitimate well-behaving users. In order to avoid user identity theft, they are usually coupled with legitimacy-based access mechanisms that verify the user’s identity. Approaches proposed in illustrate resource accounting mechanisms.<br />
<b>Resource Multiplication Mechanisms</b><br />
Resource multiplication mechanisms provide an abundance of resources to counter DDoS threats. The straightforward example is a system that deploys a pool of servers with a load balancer and installs high bandwidth links between itself and upstream routers. This approach essentially raises the bar on how many machines must participate in an attack to be effective. While not providing perfect protection, for those who can afford the costs, this approach has often proven sufficient. For example, Microsoft has used it to weather large DDoS attacks.<br />
<b>Reactive Mechanisms</b><br />
Reactive mechanisms strive to alleviate the impact of an attack on the victim. In order to attain this goal they need to detect the attack and respond to it. The goal of attack detection is to detect every attempted DDoS attack as early as possible and to have a low degree of false positives. Upon attack detection, steps can be taken to characterize the packets belonging to the attack stream and provide this characterization to the response mechanism. We classify reactive mechanisms based on the attack detection strategy into mechanisms that deploy pattern detection, anomaly detection, hybrid detection, and third-party detection.<br />
<b>Mechanisms with Pattern Attack Detection</b><br />
Mechanisms that deploy pattern detection store the signatures of known attacks in a database. Each communication is monitored and compared with database entries to discover occurrences of DDoS attacks. Occasionally, the database is updated with new attack signatures. The obvious drawback of this detection mechanism is that it can only detect known attacks, and it is usually helpless against new attacks or even slight variations of old attacks that cannot be matched to the stored signature. On the other hand, known attacks are easily and reliably detected, and no false positives are encountered<br />
<b>Mechanisms with Anomaly Attack Detection</b><br />
Mechanisms that deploy anomaly detection have a model of normal system behavior, such as a model of normal traffic dynamics or expected system performance. The current state of the system is periodically compared with the models to detect anomalies. Approaches presented in provide examples of mechanisms that use anomaly detection. The advantage of anomaly detection over pattern detection is that unknown attacks can be discovered. However, anomaly-based detection has to address two issues:<br />
1. Threshold setting. Anomalies are detected when the current system state differs from the model by a certain threshold. The setting of a low threshold leads to many false positives, while a high threshold reduces the sensitivity of the detection mechanism.<br />
2. Model update. Systems and communication patterns evolve with time, and models need to be updated to reflect this change. Anomaly based systems usually perform automatic model update using statistics gathered at a time when no attack was detected. This approach makes the detection mechanism vulnerable to increasing rate attacks that can mistrial models and delay or even avoid attack detection.<br />
<b>Mechanisms with Hybrid Attack Detection</b><br />
Mechanisms that deploy hybrid detection combine the pattern-based and anomaly-based detection, using data about attacks discovered through an anomaly detection mechanism to devise new attack signatures and update the database. Many intrusion detection systems use hybrid detection. If these systems are fully automated, properly extracting a signature from a detected attack can be challenging. The system must be careful not to permit attackers to fool it into detecting normal behavior as an attack signature, or the system itself becomes a denial-of-service tool.<br />
<b>Mechanisms with Third-Party Attack Detection</b><br />
Mechanisms that deploy third-party detection do not handle the detection process themselves, but rely on an external message that signals the occurrence of the attack and provides attack characterization. Examples of mechanisms that use third-party detection are easily found among trace back mechanisms The goal of the attack response is to relieve the impact of the attack on the victim, while imposing minimal collateral damage to legitimate clients of the victim. I classify reactive mechanisms based on the response strategy into mechanisms that deploy agent identification, rate-limiting, filtering and reconfiguration approaches.<br />
<b>Agent Identification Mechanisms</b><br />
Agent identification mechanisms provide the victim with information about the identity of the machines that are performing the attack. This information can then be combined with other response approaches to alleviate the impact of the attack. Agent identification examples include numerous trace back techniques and approaches that eliminate spoofing thus enabling use of the source address field for agent identification.<br />
<b>Rate-Limiting Mechanisms</b><br />
Rate-limiting mechanisms impose a rate limit on a stream that has been characterized as malicious by the detection mechanism. Examples of rate limiting mechanisms are found in Rate limiting is a lenient response technique that is usually deployed when the detection mechanism has a high level of false positives or cannot precisely characterize the attack stream. The disadvantage is that they allow some attack traffic through, so extremely high scale attacks might still be effective even if all traffic streams are rate-limited.<br />
<b>Filtering Mechanisms</b><br />
Filtering mechanisms use the characterization provided by a detection mechanism to filter out the attack stream completely. Examples include dynamically deployed firewalls , and also a commercial system Traffic Master . Unless detection strategy is very reliable, filtering mechanisms run the risk of accidentally denying service to legitimate traffic. Worse, clever attackers might leverage them as denial-of service tools.<br />
<b>Reconfiguration Mechanisms</b><br />
Reconfiguration mechanisms change the topology of the victim or the intermediate network to either add more resources to the victim or to isolate the attack machines. Examples include reconfigurable overlay networks, resource replication services, attack isolation strategies etc. Reactive DDoS defense mechanisms can perform detection and response either alone or in cooperation with other entities in the Internet. Based on the cooperation degree we differentiate between autonomous, cooperative and interdependent mechanisms.<br />
<b>Autonomous Mechanisms</b><br />
Autonomous mechanisms perform independent attack detection and response. They are usually deployed at a single point in the Internet and act locally. Firewalls and intrusion detection systems provide an easy example of autonomous mechanisms.<br />
<b>Cooperative Mechanisms</b><br />
Cooperative mechanisms are capable of autonomous detection and response, but can achieve significantly better performance through cooperation with other entities. Mechanisms deploying pushback provide examples of cooperative mechanisms. They detect the occurrence of a DDoS attack by observing congestion in a router’s buffer, characterize the traffic that creates the congestion, and act locally to impose a rate limit on that traffic. However, they achieve significantly better performance if the rate limit requests can be propagated to upstream routers who otherwise may be unaware of the attack.<br />
<b>Interdependent Mechanisms</b><br />
Interdependent mechanisms cannot operate autonomously; they rely on other entities either for attack detection or for efficient response. Traceback mechanisms provide examples of interdependent mechanisms. A traceback mechanism deployed on a single router would provide almost no benefit.<br />
<b>Classification by Deployment Location</b><br />
With regard to a deployment location, we differentiate between DDoS mechanisms deployed at the victim, intermediate, or source network.<br />
<b>Victim-Network Mechanisms</b><br />
DDoS defense mechanisms deployed at the victim network protect this network from DDoS attacks and respond to detected attacks by alleviating the impact on the victim. Historically, most defense systems were located at the victim since it suffered the greatest impact of the attack and was therefore the most motivated to sacrifice some resources for increased security. Resource accounting and protocol security mechanisms provide examples of these systems.<br />
<b>Intermediate-Network Mechanisms</b><br />
DDoS defense mechanisms deployed at the intermediate network provide infrastructural service to a large number of Internet hosts. Victims of DDoS attacks can contact the infrastructure and request the service, possibly providing adequate compensation. Pushback and traceback techniques are examples of intermediate-network mechanisms.<br />
<b>Source-Network Mechanisms</b><br />
The goal of DDoS defense mechanisms deployed at the source network is to prevent customers using this network from generating DDoS attacks. Such mechanisms are necessary and desirable, but motivation for their deployment is low since it is unclear who would pay the expenses associated with this service. Mechanisms proposed in provide examples of source-network mechanisms.<br />
<br />
<br />
<br />
<br />
<div style="text-align: center;"><span style="font-size: 180%;"><span style="font-family: webdings;"><span style="color: red;"><span style="font-style: italic;"><span style="color: #000099;">Try the attacks you can do it....</span></span></span></span></span></div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-7524348423104229752009-06-21T11:14:00.000-07:002011-01-12T13:25:14.318-08:00Unable To See Hidden Files...???<div style="color: orange;">We must have usually faced a problem that we cannot ‘view the hidden files’, even after selecting the option from the Folder Options Menu, and when we go back to check, we see that it has been mysteriously restored to ‘Do Not Show Hidden Files & Folders’.</div><div style="color: orange;"><br />
</div><div style="color: orange;">It happens due to a small bug/virus which edits the Registry to create trouble for us.</div><div style="color: orange;"><br />
</div><div style="color: orange;">Here is how we can solve it :</div><div style="color: orange;"><br />
</div><a name='more'></a><div style="color: orange;"><br />
</div><div style="color: orange;"><br />
</div><div style="color: orange;"><br />
</div><div style="color: orange;"> ☻ [Theoretical Way]</div><div style="color: orange;"><br />
</div><div style="color: orange;">Go to Registry Edit</div><div style="color: orange;"><br />
</div><div style="color: orange;">[Start -> Run -> type "regedit"]</div><div style="color: orange;"><br />
</div><div style="color: orange;">Browse to :</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\Folder</div><div style="color: orange;">\Hidden\SHOWALL”</div><div style="color: orange;"><br />
</div><div style="color: orange;">and set the value of the key “Checked Value” as 1</div><div style="color: orange;"><br />
</div><div style="color: orange;"> ☻ [Practical Way]</div><div style="color: orange;"><br />
</div><div style="color: orange;">Open notepad,</div><div style="color: orange;"><br />
</div><div style="color: orange;">copy paste the following [between start and stop]:</div><div style="color: orange;">// START</div><div style="color: orange;">Windows Registry Editor Version 5.00</div><div style="color: orange;"><br />
</div><div style="color: orange;">[HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\</div><div style="color: orange;">Folder\Hidden]</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Text”=”@shell32.dll,-30499″</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Type”=”group”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Bitmap”=hex(2):25,00,53,00,79,00,73,00, 74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\</div><div style="color: orange;"><br />
</div><div style="color: orange;">00,25,00,5c,00,73,00,79,00,73,00,74,00, 65,00,6d,00,33,00,32,00,5c,00,53,00,\</div><div style="color: orange;"><br />
</div><div style="color: orange;">48,00,45,00,4c,00,4c,00,33,00,32,00,2e, 00,64,00,6c,00,6c,00,2c,00,34,00,00,\</div><div style="color: orange;"><br />
</div><div style="color: orange;">00</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HelpID”=”shell.hlp#51131″</div><div style="color: orange;"><br />
</div><div style="color: orange;">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder</div><div style="color: orange;">\Hidden\NOHIDDEN]</div><div style="color: orange;"><br />
</div><div style="color: orange;">“RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Text”=”@shell32.dll,-30501″</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Type”=”radio”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“CheckedValue”=dword:00000002</div><div style="color: orange;"><br />
</div><div style="color: orange;">“ValueName”=”Hidden”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“DefaultValue”=dword:00000002</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HKeyRoot”=dword:80000001</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HelpID”=”shell.hlp#51104″</div><div style="color: orange;"><br />
</div><div style="color: orange;">[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder</div><div style="color: orange;">\Hidden\SHOWALL]</div><div style="color: orange;"><br />
</div><div style="color: orange;">“RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Text”=”@shell32.dll,-30500″</div><div style="color: orange;"><br />
</div><div style="color: orange;">“Type”=”radio”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“CheckedValue”=dword:00000001</div><div style="color: orange;"><br />
</div><div style="color: orange;">“ValueName”=”Hidden”</div><div style="color: orange;"><br />
</div><div style="color: orange;">“DefaultValue”=dword:00000002</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HKeyRoot”=dword:80000001</div><div style="color: orange;"><br />
</div><div style="color: orange;">“HelpID”=”shell.hlp#51105″</div><div style="color: orange;"><br />
</div><div style="color: orange;">// STOP</div><div style="color: orange;"><br />
</div><div style="color: orange;">Save it as whatever_u_want.reg</div><div style="color: orange;"><br />
</div><div style="color: orange;">Double Click on that file to solve the problem,</div><div style="color: orange;"><br />
</div><div style="color: orange;">it can be carried, mailed or kept as back-up too.</div><div style="color: orange;"><br />
</div><div style="color: orange;"><span style="font-size: 130%;">NOTE --></span> Please remove the space in between registry entries...<br />
<br />
</div><div style="color: orange; text-align: center;"><span style="font-weight: bold;"><span style="font-size: 180%;"></span></span></div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-20513340254412589452009-06-20T09:34:00.000-07:002011-01-12T13:19:03.475-08:00Firefox v/s Chrome...!!!<div style="text-align: center;"><img alt="" class="size-full wp-image-256 aligncenter" height="140" src="http://www.thehackerslibrary.com/wp-content/uploads/2008/09/browsertestsed8.jpg" width="347" /></div>Google Chrome’s release makes a big dust in the internet world. Mozilla is feeling big pressure about that. However, Mozilla has not hit the panic button yet, because they released a number of benchmarks showing Firefox 3.1 will be faster than anything Google can muster with Chrome.<br />
Google claims that V8, an open source Javascript engine, which is heart of Chrome, is faster than anything currently offered on the Web.<br />
<a name='more'></a><br />
But in the upcoming release of Firefox 3.1, which should be available by the end of the year, Mozilla will employ <b>TraceMonkey</b>, a new engine that according to <a href="http://weblogs.mozillazine.org/roadmap/archives/2008/09/tracemonkey_update.html" modo="false" target="_blank">Brendan Eich</a> who is one of the coders of <b>TraceMonkey</b>: <i><b>”it will easily eclipse even the fastest instance of Chrome”</b></i>.<br />
<span id="more-242"></span><br />
As proof, Mozilla offers to public tests with Firefox running on TraceMonkey and compared it to Google’s Chrome beta using its own benchmarking solution called <b>SunSpider.</b> According to Mozilla, “Chrome was 28% slower on Windows XP and 16% slower on Windows Vista.”<br />
<img alt="" class="alignnone" height="246" src="http://img337.imageshack.us/img337/8329/chromevsfirefoxyl3.jpg" width="378" /><br />
Mozilla also said that TraceMonkey is still a young engine. It has been in development only for 2 months and will only get better before it is rolled out later this year on the other hand Google Chrome’s V8 was in development for over 2 years. Mozilla also believes that the new engine will put Firefox at the top of all benchmark speed tests at the end of this year. So, once Firefox 3.1 hits the Web, we’ll soon find out if Chrome has what it takes to stay on top after TraceMonkey becomes Mozilla’s engine of choice.<br />
Now here’s what second alpha of FireFox 3.1 has to offer<br />
<ul><li>Ability to drag and drop tabs in and out of the browser windows(Chrome also has this feature). </li>
<li>It adds support for the <a href="http://www.w3schools.com/tags/html5_video.asp">HTML 5 Video tag .</a> </li>
</ul><ul><li>It has added support for Web Workers which is a system that lets multiple scripts run as background processes. </li>
</ul>Here’s what Chrome has to offer<br />
<ul><li>Chrome offers an “Incognito” mode which removes all your traces which means removing your footprints from the sites you have visited. </li>
<li>Simplicity of Chrome is its plus point, it doesn’t waste any screen space. </li>
<li>The Omnibox lets you search terms or URLs into a single spot and figures out what you want. </li>
<li>Chrome’s multiprocess architecture makes a bad Web page less likely to take down the whole browser. </li>
</ul>We have received many comments stating that Chrome is unable to block ads, it’s 100% correct. But there’s a way to block ads in Chrome given by a user in <a href="http://www.geekzone.co.nz/forums.asp?forumid=50&topicid=25916" modo="false">Geekzone </a>forums.<br />
<blockquote><ol><li>Download and <a href="http://www.privoxy.org/">install Privoxy</a>. </li>
<li>Click on the Wrench icon in Chrome in the upper right corner. </li>
<li>Choose options>Under The Hood>Change proxy settings. </li>
<li>In the Internet Properties dialog’s Connections tab, click on the LAN settings button. </li>
<li>Check off “Proxy settings” and in the address setting add <b>127.0.0.1</b> and in the port <b>8118</b>. </li>
<li>If you have the option, you can also check off “Bypass proxy for local settings”. </li>
<li>Click “OK,” close Chrome and restart it. </li>
</ol>That’s it, now all the unwanted sites will be blocked in Chrome without the use of any extension.</blockquote>So all in all its good for us, because the more they compete more the options we get to choose from.<br />
<br />
<br />
<div style="text-align: center;"><span style="color: #00cccc;"><span style="font-size: 180%;">njoy surfing...!!!</span></span><br />
</div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-74243791997545220542009-06-18T11:25:00.000-07:002011-01-12T13:20:14.358-08:00How does Computer Worms work ???<div style="text-align: center;"><img alt="" height="141" src="http://img151.imageshack.us/img151/4958/wormsho3.jpg" width="141" /></div>People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.<br />
Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.<br />
<span style="font-size: 180%;"><b>So what exactly is a computer worm???<a name='more'></a></b></span><br />
A computer worm is different from its other infamous sibling – the virus. A worm does not infect or manipulate files, it makes clones of itself. Therefore a worm is a standalone working program. It can use the system transmission capabilities to travel from machine to machine merrily riding around like a happy-go-lucky vagabond. A worm, after lodging itself on one machine can spawn several clones of itself. Each of these clones then marches forth to conquer the cyber world.<br />
<span id="more-39"></span><br />
<b><br />
How do they spread?</b><br />
Where do newly cloned computer worms march to? A worm can open your email address book and, in a jiffy, despatch one clone each to each of the addresses listed. Of course, the machine has to be connected to the net. If it is not, the worm silently bides it time till the connection takes place.<br />
Chats and Instant messaging software like MIRC, MSN Messenger, Yahoo IM and ICQ can also act as unwitting carriers enabling the worm to spread like wildfire throughout the cyberworld (the “Jitux” worm is an example).<br />
Every operating system has vulnerabilities which are thoroughly exploited by worms to propagate themselves. Windows systems are the usual target. A very prominent example of this is the Sasser worm which uses security holes in the Windows LSASS service.Other worms spread only by using Backdoor infected computers. E.g. the “Bormex” worm relies on the “Back Orifice” backdoor to spread.<br />
There is a facility available within peer-to-peer networks known as the P2P folder which all users of the network share. A worm can simply copy itself into the shared folder and quietly wait for the other users to pick it up. If the folder does not exist, the worm simply creates it for the benefit of the users! How benevolent can worms be! In the hall of hoodlums, worm “Axam” gets top honours for such devious activity.<br />
Some worms take on even more deceptive forms to snare users. Sending emails with malicious code embedded within the main text or as an attachment. Some worms act as SMTP proxies (Sircam, Nimda, Sasser & co) to spread quickly. Worms can attempt remote logins (especially on Microsoft SQL servers – the “Spida” worm does this quite elegantly!) to launch DDoS (distributed denial of service) attacks. Another favourite is injecting malicious code in running services on the server like “Slammer”".<br />
When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).<br />
If you click on the attachment to open it, you’ll activate the worm, but in some versions of Microsoft Outlook, you don’t even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.<br />
After it’s activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program’s address book and web pages you’ve recently looked at, to find them.<br />
Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn’t even have to be open for the worm to spread.<br />
<b><br />
</b><br />
<span style="font-size: 180%;"><b>What do they do?</b></span><br />
The nature of havoc that these worms bring to bear upon us? Well, Denial of service (DoS) is one situation that users of a server may find themselves in thanks to these programs.<br />
Unlike viruses, many worms do not intend to destroy the infected computer. More often than not they have a more important job to do – subvert the computer so that the worm’s creator can use it often without the owner of the computer knowing anything about it.<br />
Worm writers nowadays work together with Spammers to send out unsolicited emails to increasingly overloaded inboxes. Their worms install backdoor trojans to convert the home computer into a “zombie”. the countless variants of the “Bagle” worm are the best known examples.”Phishing” is the latest fad in town. It tries to prise those secret passwords of bank accounts and credit cards from you… all courtesy of a piggy back ride on the worm’s powerful shoulders.<br />
Most of the damage that worms do is the result of the traffic they create when they’re spreading. They clog e-mail servers and can bring other internet applications to a crawl.<br />
But worms will also do other damage to computer systems if they aren’t cleaned up right away. The damage they do, known as the payload, varies from one worm to the next.<br />
The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.<br />
<span style="font-size: 180%;"><b>How do I get rid of them?</b></span><br />
The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.<br />
Never open attachments you aren’t expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)<br />
Also, install anti-virus software and keep it up to date with downloads from the software maker’s website. The updates are usually automatic.<br />
Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.<br />
As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don’t affect computers that run Macintosh or Linux operating systems....<br />
<br />
<br />
<span style="font-weight: bold;"><span style="font-size: 180%;"><span style="color: #00cccc;">GET READY FOR HACKING ...!!!</span></span></span><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com1tag:blogger.com,1999:blog-5014765014755135308.post-51552196121619548492009-06-17T12:42:00.000-07:002011-01-12T13:21:43.106-08:00Spyware – A Threat To Your Privacy -->>INFO and DEFENCE...???<div style="color: black;"><span style="font-size: 130%;"><b>What is spyware ?</b></span></div><div style="color: black;">Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. technically it is a software which spies on you it spy over your music habits(just like google is spying on your searching habits),bank accounts etc.......</div><a name='more'></a><br />
<div style="color: black;"><span style="font-size: 130%;"><b>History of spyware </b></span></div><div style="color: black;">well we heard spyware word in 1995 October, t popped up on Usenet (a distributed Internet discussion system in which users post e-mail like messages) in an article aimed at Microsoft’s business model.It re-appeared in a news release for a personal firewall product in early 2000, marking the beginning of the modern usage of the word.then since there they are affecting our PC’s</div><div style="color: black;"><b>SPYWARE INFECTION DETECTION</b></div><div style="color: black;">- Your computer slowing down to a crawl.<br />
- Porn sites popping up in your browser when you are surfing the net<br />
- Your computer mysteriously dials up phone numbers during the middle of the night,normally to expensive porn chat lines leaving you with a huge bill.<br />
- When you enter a search into your search bar, a new and unfamiliar site handles the search.<br />
- New sites are added to your favorites list without you adding them<br />
- Your homepage has been hijacked and even though you remove the new site it keeps coming back<br />
- You get pop up adverts that address you by your name, even when your computer isn’t connected to the internet</div><div style="color: black;"><span id="more-556"></span></div><div style="color: black;"><b>CHOOSING RIGHT SPYWARE SCANNER</b></div><div style="color: black;"><b></b>Some of the best scanners are freeware, so if you download a scanner and it detects a heap of spyware then pops up a link to purchase the software to clean the spyware then it could be just a scam. The best freeware scanners include:<br />
-Spybot S&D:</div><div style="color: black;">It is important that if you make any major changes to your system that you first consult a good search engine (<a href="http://www.thehackerslibrary.com/void%280%29;" target="_blank">google.com</a>) too see what it has to say about the problem. Removing spyware with anti spyware software should be straight forward, but it is best to be safe then sorry. Prevention is often the best medicine, and choosing a non MS browser can significantly reduce your chances of being infected with spyware from internet exploits. Blocking<br />
active-x scripting and java scripting can also add extra security to your system. Most good firewalls will block malicious coding; investing in a good firewall would be a greatidea. Always keep up to date with the latest windows updates.</div><div style="color: black;"><b>SITES TO AVOID</b></div><div style="color: black;">Free porn sites; avoid these at all costs. There normally is a reason these are free, and more often then not its because you end up infected with a porn dialer.</div><div style="color: black;">Warez and cracks: This is dodgy anyway; the webmasters who run these sites don’t care too much about ethics. You will find 95 percent of these sites have spyware embedded into their html code somewhere.</div><div style="color: black;">Mp3 sites and P2P software: These are well known to be sources of spyware, many of the big named P2P and file sharing programs come bundled with spyware so if you must use these programs then check on the internet before installing</div><div style="color: black;"><b>DETECTING SPYWARE IN WINDOWS</b><br />
System admins need to pay careful attention for spyware processes that may have infected machines on their network. An infected machine cannot only pose a security risk from remote intruders; it can also mean that that particular area of the network may need auditing to strengthen security.<br />
It is important to use a good process monitor, Windows 9x machines do not come with any process monitoring software as such, and I recommend using a third party application on all MS Windows operating systems to manage system processes (this includes XP/NT/2000 etc). Wintasks Pro is probably one of the best process monitors available today. The makers ofWintasks pro have set up a process library allowing system admins to make informed decisions when ascertaining whether a process is malicious or not. This<br />
process library can be viewed here </div><div style="color: black;"><a href="http://www.thehackerslibrary.com/void%280%29;" target="_blank">http://www.liutilities.com/products/wintaskspro/processlibrary/</a><br />
Malware will often inject itself into legitimate processes, this is an advanced infection technique and is very difficult, but not impossible, to remove. Process injection has become very popular in the malware world. Many remote access trojans use this form of infection as it can evade rule-based firewalls. Spyware makers have begun to use this technique also. Injecting into the internet explorer process will often allow the spyware internet access; a lot of rule based firewall applications will not see the malware, only the trusted application IE and will allow communication.</div><div style="color: black;">System SafetyMonitor is a freeware program that will help system admins protect against malware code injection. “System Safety Monitor (SSM) is an application firewalling tool (it is not a “firewall” in traditional understanding, so there shouldn’t be any conflicts with your network firewalls). SSM controls which programs are running on your computer and what they are doing. For example, SSM can prevent so called “DLL Injection”. Also, SSM will notify you whenever a program you want to start was modified. In addition, SSM can constantly check your registry and alert you, when an important modification was made.”</div><div style="color: black;"><a href="http://www.thehackerslibrary.com/void%280%29;" target="_blank">http://maxcomputing.narod.ru/ssme.html?lang=en</a></div><div style="color: black;"><b>Spyware in autostart (windows)</b></div><div style="color: black;">Autostart folder<br />
All items in the autostart folder will autostart<br />
<b>Win.ini</b><br />
[windows]<br />
load=malware.exe<br />
run=malware.exe</div><div style="color: black;"><b>System.ini</b><br />
[boot]<br />
Shell=Explorer.exe malware.exe<br />
Autoexec.bat<br />
c:\malware.exe</div><div style="color: black;"><b>Registry Shell open</b></div><div style="color: black;">[HKEY_CLASSES_ROOT\exefile\shell\open\command]</div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellopencommand]</div><div class="para" style="color: black;">A key with the value “%1 %*”, will be executed each time you execute a .exe file.<br />
“malware.exe %1 %*” <br />
<b>Alternate Registry Keys</b><br />
[HKEY_CLASSES_ROOT\.exe] @=”myexefile”]</div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\Software\CLASSES\myexefile\shellopencommand\@="malwaree.exe %1 %*"]<br />
winstart.bat<br />
A batch file that autostarts with windows<br />
<b></b> <br />
<b>Main Registry</b></div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]</div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]</div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Run]</div><div class="para" style="color: black;">[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]</div><div class="para" style="color: black;">[HKEY_CURRENT_USER\Software\Microsoft\WindowsCurrentVersion\Run]</div><div class="para" style="color: black;">[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]</div><div class="para" style="color: black;">[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]</div><div style="color: black;"><b>DEFENCE</b></div><div style="color: black;"><b>Configuring Internet Explorer for your Network Users</b><br />
The following settings is the bare minimum that all IE users should have. If you are a system administrator, it is your job to make sure that the network users at least have these settings enabled.Close all running instances of Internet Explorer and Outlook Express (use a process monitor if you cannot close these)<br />
Control Panel > Internet Options > Click on the “Security” tab<br />
Choose the “Internet” icon, and click “Custom Level”<br />
- “Download signed ActiveX scripts” choose: Prompt<br />
- “Download unsigned ActiveX scripts choose: Disable<br />
- “Initialize and script ActiveX not marked as safe” choose: Disable<br />
- “Installation of Desktop items” choose: Prompt<br />
- “Launching programs and files in a IFRAME” choose: Prompt<br />
NEXT, Click on the “Content” tab, Click the “Publishers” button choose then click “Remove” any unknowns, click Ok<br />
Finally, Click the advanced tab, untick “Install on demand (other)”, and click Apply or<br />
Ok</div><div style="color: black;"><b>Using A Hosts File to Block Spyware Infected Hosts</b><br />
A simple yet effective way of blocking spyware-infected servers is to add them to a host file. Creating a host file is straightforward. Open up a text editor and at the very top of the text file type:</div><div style="color: black;">127.0.0.1 Localhost<br />
Now you can add the spyware-infected hosts underneath like this<br />
127.0.0.1 abc.com</div><div style="color: black;">127.0.0.2 xyz.com</div><div style="color: black;">127.0.0.3 123.com</div><div style="color: black;">Once a good list of adware servers has been made, save the file as hosts (not hosts.txt just hosts). Place this file in the appropriate directory:</div><div style="color: black;">Windows XP<br />
C:\WINDOWS\SYSTEM32\DRIVERS\ETC</div><div style="color: black;">Windows 2K<br />
C:\WINNT\SYSTEM32\DRIVERS\ETC</div><div style="color: black;">Win 98\ME<br />
C:\WINDOWS</div><div style="color: black;">When a computer tries to go to the malware-infected server, the hosts file will block it, instead of going to the intended server, the server address will point locally rendering the spyware useless (or blocking spyware from infecting the computer from a remote location). You can download an excellent hosts file here<br />
<a href="http://www.thehackerslibrary.com/void%280%29;" target="_blank">http://www.mvps.org/winhelp2002/hosts.txt</a>;<br />
it has a huge database of spyware, malware and parasitic servers and will become a valuable asset in any system admins arsenal of protection.....</div><div style="color: black;"><br />
</div><div style="color: black;"><br />
</div><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-33271444257074243662009-06-17T12:36:00.000-07:002011-01-12T13:23:32.852-08:00Microsoft’s WorldWide Telescope: Virtual telescope opens night sky...!!!<div style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="WorldWide Telescope-Explore" class="alignright" height="164" src="http://rj007.files.wordpress.com/2008/05/wwt_explore.jpg?w=256&h=164" style="float: right;" width="256" /> Joining Google Sky and Stellarium is Microsoft’s entrant to the stars, Worldwide Telescope. I’ve been playing around with it for about an hour and it’s pretty cool. It effectively turns every computer that downloads it into a mini-planetarium capable of displaying high resolution images of millions of stars, planets and other celestial.</div><a name='more'></a><br />
<br />
<br />
Any Star Wars , Star Trek fan (like me) knows that space travel is not always easy, but Microsoft wants to make traveling the ‘final frontier’ as simple as turning on your computer.<br />
<span id="more-582"></span><br />
First of all I was happy to see that Microsoft has came out of “ ~ ta’s “ naming ( e.g. Vista, Lista, Volta … that “ta” was getting on my nerves ), “Worldwide Telescope” is a bit old skool name, inspired from you know what … I can live with this one.<br />
OK, now Check it out if you’re an outer space dork — it includes a bunch of guided tours from astronomers. I liked the “many worlds” tour, which started with Mount St. Helen’s ranges and then flew off to the rest of the planets in our solar system for some hot world-on-world action. A tour called “Dust and Us” walks through the dark regions in galaxies where stars and planets form.<br />
<img alt="WorldWide Telescope-Tour" class="alignleft" height="164" src="http://rj007.files.wordpress.com/2008/05/wwt_tour.jpg?w=256&h=164" style="float: left;" width="256" /> The software allows users to develop their own guided tours of the universe to share with others or take part a guided tour created by astronomy experts.<br />
The WorldWide Telescope stitches together 12 terabytes – the data of pictures from sources including the Hubble Space Telescope, the Chandra X-Ray Observatory Center and the Spitzer Space Telescope.<br />
The experience is similar to playing a video game, allowing users to pan, zoom in and out of galaxies that are thousands of light years away. It allows seamless viewing of far, far away star systems and rarely-seen space dust in breathtaking clarity.<br />
I can use WorldWide Telescope for 4 different “looks” – Panorama, Sky, Earth, or Planets. Users can see the X-ray view of the sky, zoom into bright radiation clouds, and then cross-fade into the visible light view and discover the cloud remnants of a supernova explosion from a thousand years ago.<br />
Other data sets include the ongoing Sloan Digital Sky Survey, also known as the Cosmic Genome Project, which aims to capture detailed optical images of more than a quarter of the night sky.<br />
By default, WorldWide Telescope is configured to view the night sky as if you were standing at Microsoft Building 99 in Redmond. But you can change your Observing Location very easily via View options.<br />
<i><b>Experience WWT:</b></i><br />
To use the new system, users need to download WorldWide Telescope from the web ( it’s free ). It only runs on Windows operating systems ( M$ strikes back ! … as usual )<br />
The System Requirements does include 2GB of RAM , 3D accelerated card with 128 megabytes (MB) RAM; discrete graphics card with dedicated 256-MB VRAM, but i’m using it on my PC : Windows Vista, intel CTD 2.2 G Hz, 1 GB RAM, no graphics card, and it just works fine.<br />
A test version is available for download at: http://www.worldwidetelescope.org<br />
P.S. - it’s interesting how the site is made using Adobe Flash and not Silverlight. … yehh !!<br />
<i><b>Other options :</b></i><br />
Google Sky, an add-on to Google Earth has been there for some time, but I found WorldWide Telescope’s GUI, and overall experience better than Google sky.<br />
<img alt="The dance of the planets above Hurricane Ridge, Olympic national park, WA, United States" class="alignright" height="164" src="http://rj007.files.wordpress.com/2008/05/stellarium.jpg?w=256&h=164" style="float: right;" width="256" /> Stellarium is a free open source tool that gives people a chance to access more than 210 million stars, in addition to planets and moons. The project was launched in 2001 and is used in many planetariums.<br />
Like WorldWide Telescope the software allows users to record and play their own tours of the Universe. Stellarium is really good, and Microsoft must continue taking WorldWide Telescope to next levels to stay ahead.<br />
Stellarium is just wonderful. Best of all is that it is not quite the memory and system resource hog that Starry Night Basic and Pro is ( it is one more option ). In fact, I have found that the latest versions of Starry Night often will not run on computers that are a few years old. It gives good view of what the sky would look like from pretty much anywhere on Earth at any time over a wide range of dates. If you want to know what stars and constellations are which, if you are an amateur planning an observing session, or you have any other need for a basic planetarium software, then this seems good.<br />
<i><b>Future From My View</b></i><i><b>:</b></i><br />
- WorldWide Telescope is not bad, but it’s not great either. It would be better as an online app where people can share access to their telescopes. People with better telescopes with the servo system and the drivers and the right CCD. They could sell time on their equipment via the Internet or at least share it with some new Microsoft or Google services.. A virtual space marketplace. I would pay for something like that and so would a lot of people.<br />
- I see social network interaction potential in developing our own guided tours and sharing them. We can have forums facility bundled where people interested in common space topics can interact and share information through custom tours and traditional chat.<br />
- This software will be like having an important educational mission.<br />
- Microsoft will never learn it…<br />
Under download for Mac: ‘Minimum Windows XP SP2 , Vista recommended …with BootCamp”<br />
Guys a Mac running Windows IS NOT A MAC, it’s like a beautiful woman wearing a sack and led boots….<br />
Anyhow, they don’t seem to get it that clinging to their old lady OS doesn’t fly anymore.<br />
- In the hollywood hills we only use telescopes to see into our neighbors houses. let me know when someone comes out with that one...!!!<div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-54671878554363578522009-06-17T12:31:00.001-07:002009-06-17T12:34:48.840-07:00Semantic E-mail Delivery: The Future of E-mail?<p><strong><em>Smart email figures out who should get messages...!!!</em></strong><br /></p><p>--> New cutting edge technology? or just another waste of time? Perhaps you might discover a life-changing potential so stay tuned.</p> <p>A prototype e-mail system being tested at Stanford University later this year will radically change how users specify where their messages are supposed to be delivered. Called SEAmail, for “semantic e-mail addressing,” the system allows users to direct a message to people who fulfill certain criteria without necessarily knowing recipients’ e-mail addresses, or even their names.<br /><span id="more-601"></span><br /><img class="size-full wp-image-70" title="seamail" src="http://rj007.files.wordpress.com/2009/01/seamail.jpg?w=163&h=169" alt="seamail" width="163" height="169" />In SEAmail, a user selects recipients for a message in much the way that he would set up a search query. The parameters can be as simple as a person’s name, or as complex as sets of logical requirements.</p> <p>Yes, a user could also send a message to a group such as “say … all girls who graduated from Xyz School in 2000″ <img class="wp-smiley" src="http://s.wordpress.com/wp-includes/images/smilies/icon_wink.gif" alt=";)" /> or I can see it working within companies i.e. “email all people working on SSAS.” SEAmail can handle that without requiring the user to spend time doing research or keeping an address book up to date.</p> <p>But the system is limited by how much information it has about potential recipients. Within an organization, there’s usually a lot of available data. The technical challenge is setting up an integrated version of the data that SEAmail can access easily.</p> <p> </p> <p>First thing that came to my mind about this technology is “spammer’s heaven” <img class="wp-smiley" src="http://s.wordpress.com/wp-includes/images/smilies/icon_smile.gif" alt=":)" /> . You can target the exact group of people without even knowing their email IDs, bringing accuracy to junk. Is it ripe for misuse? Will there be more time spent patching than progressing? On first look, “Yes”.</p> <p>Assuming that worries about spam could be properly resolved, still getting good data for SEAmail becomes a much harder problem on the broader Internet.</p> <p>Also outdated information could degrade the quality of the system.</p> <p>Still I think there is a lot of potential for internal use by large businesses, for which its benefits far outweigh the potential for abuse.</p> <p>Even with issues, more of social than technological, SEAmail is ready to impact the way we mail and this may be something you’ll hear more about....!!!</p><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-69864972041048811542009-06-17T12:31:00.000-07:002009-06-17T12:34:32.569-07:00Semantic E-mail Delivery: The Future of E-mail?<p><strong><em>Smart email figures out who should get messages...!!!</em></strong><br /></p><p>--> New cutting edge technology? or just another waste of time? Perhaps you might discover a life-changing potential so stay tuned.</p> <p>A prototype e-mail system being tested at Stanford University later this year will radically change how users specify where their messages are supposed to be delivered. Called SEAmail, for “semantic e-mail addressing,” the system allows users to direct a message to people who fulfill certain criteria without necessarily knowing recipients’ e-mail addresses, or even their names.<br /><span id="more-601"></span><br /><img class="size-full wp-image-70" title="seamail" src="http://rj007.files.wordpress.com/2009/01/seamail.jpg?w=163&h=169" alt="seamail" width="163" height="169" />In SEAmail, a user selects recipients for a message in much the way that he would set up a search query. The parameters can be as simple as a person’s name, or as complex as sets of logical requirements.</p> <p>Yes, a user could also send a message to a group such as “say … all girls who graduated from Xyz School in 2000″ <img class="wp-smiley" src="http://s.wordpress.com/wp-includes/images/smilies/icon_wink.gif" alt=";)" /> or I can see it working within companies i.e. “email all people working on SSAS.” SEAmail can handle that without requiring the user to spend time doing research or keeping an address book up to date.</p> <p>But the system is limited by how much information it has about potential recipients. Within an organization, there’s usually a lot of available data. The technical challenge is setting up an integrated version of the data that SEAmail can access easily.</p> <p> </p> <p>First thing that came to my mind about this technology is “spammer’s heaven” <img class="wp-smiley" src="http://s.wordpress.com/wp-includes/images/smilies/icon_smile.gif" alt=":)" /> . You can target the exact group of people without even knowing their email IDs, bringing accuracy to junk. Is it ripe for misuse? Will there be more time spent patching than progressing? On first look, “Yes”.</p> <p>Assuming that worries about spam could be properly resolved, still getting good data for SEAmail becomes a much harder problem on the broader Internet.</p> <p>Also outdated information could degrade the quality of the system.</p> <p>Still I think there is a lot of potential for internal use by large businesses, for which its benefits far outweigh the potential for abuse.</p> <p>Even with issues, more of social than technological, SEAmail is ready to impact the way we mail and this may be something you’ll hear more about....!!!</p><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com0tag:blogger.com,1999:blog-5014765014755135308.post-69481394563090635962009-06-17T11:55:00.000-07:002009-06-17T12:01:16.626-07:00Get rid of Windows Vista Administrative Password<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_I-Zkf6M1ttg/Sjk82U1zDUI/AAAAAAAAAA4/E2GE8chAzm0/s1600-h/images.jpeg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 150px; height: 112px;" src="http://4.bp.blogspot.com/_I-Zkf6M1ttg/Sjk82U1zDUI/AAAAAAAAAA4/E2GE8chAzm0/s320/images.jpeg" alt="" id="BLOGGER_PHOTO_ID_5348372936484130114" border="0" /></a><br /><p><strong>Method 1: System Restore</strong><br />This only works in cases where you changed your password to something new and then forgot it or deleted a user account by accident. In order for this to work, there must be a System Restore point at which a logon was successful for the problem account. Also, this is not a problem if you are in a domain environment because the Domain Administrator can always reset your password.<br />1. The first thing you’ll need to do is make sure you have your Windows Vista DVD or a repair disc. Insert the disc and then restart the computer. When asked to “Press any key to boot from CD or DVD”, go ahead and press any key.<br />2. Click Next until you get to the screen that has the option “Repair your computer”, select the operating system you want to repair and then click Next.</p> <p><span id="more-651"></span> N.B. Before reaching this screen, you may have to set preferences for the language to install, time and currency format, and the keyboard or input method.<br />3. In the System Recovery Options dialog, choose System Restore from the list and then click Next.<br />4. Now you need to choose the system restore from the list. You want to choose a restore point that will return the computer to a state where the logon was successful and that was using the old password.<br />5. Then click Next to confirm the disks, then Finish to confirm the restore point and finally Yes in the warning window to begin the restore.<br />6. Important Note: After you use the System Restore feature, you have to reinstall any programs or updates that were done on the system after that restore point. You will not lose any personal documents; however, you may have to reinstall programs. You might also have to reset some personal settings.<br />7. When the restore is complete, click on Restart to restart the computer. Click Close to confirm that the restore was successful.<br />8. You can now try to logon using the older password (in the case where you had reset a password on an user account and then forgot it) or using the normal password (in the case where the account was deleted by accident).<br />9. If you have simply forgotten your password or cleared the restore point, then this method will not work.</p> <p><strong>Method 2 : Using NT password and Registry Editor</strong><br />You need to burn a disk with a special utility called an Offline NT Password and Registry Editor. Here is a link: http://home.eunet.no/pnordahl/ntpasswd/<br />To use this:<br />1. Get the machine to boot from CD (or floppy)<br />2. Floppy version need to swap floppy to load drivers.<br />3. Load drivers (usually automatic, but possible to run manual select)<br />4. Disk select; tell which disk contains the Windows system. Optionally you will have to load drivers.<br />5. PATH select, where on the disk is the system?<br />6. File select, which parts of registry to load, based on what you want to do.<br />7. Password reset or other registry edit.<br />8. Write back to disk (you will be asked)<br />N.B. The most common problem is that the computer was not cleanly shut down, and the disk won’t write correctly back. (it says: read only file system). If so, boot into Windows Safe Mode (F8 before windows logo appears) and shut down from the login window. You may have to do that twice in a row.</p> <p><strong>Method 3: ophcrack live cd method</strong><br />You have to download a CD image from here for this<br />http://ophcrack.sourceforge.net/<br />1. Click the button corresponding to the operating system of the computer you’ll be recovering the password on.<br />2. If you’ve forgotten the password on a Windows XP computer, click on ophcrack XP LiveCD. If you’ve forgotten the password on a Windows Vista computer, click on ophcrack Vista LiveCD.<br />3. Burn the image into a cd.<br />4. Insert the Ophcrack Live CD disc into your CD/DVD drive and restart your computer.<br />5. The initial screen you see after restarting should be the same one you always see immediately after starting your computer. There may be computer information like in this screenshot or there may be a computer manufacturer logo.<br />6. You don’t need to do anything here. Ophcrack LiveCD will continue automatically after the Automatic boot in x seconds… timer at the bottom of the screen expires. If you’d like to advance the process a little faster, feel free to hit Enter while Ophcrack Graphic mode is highlighted.<br />7. The next step in the Ophcrack LiveCD boot process is this little window that appears on screen. It may appear and disappear very quickly so you could miss it, but I wanted to point it out because it will be a window that runs in the background that you may see.<br />8. This message is simply confirming that a partition with encrypted password information on it has been found on your hard drive.<br />9. The next screen is the Ophcrack LiveCD software itself. Ophcrack will attempt to recover the passwords for all of the user accounts that it can find on your computer. This password cracking process is completely automated.<br />10. As you can see in the example above, the passwords for the Administrator and Guest accounts are listed as empty. If you were cracking a password for a user that Ophcrack shows as empty, you now know that you can log on to the account without a password at all.<br />11. Look at the bottom of the list – see the Stacy user account? In under one minute, Ophcrack recovered the password to this account – applesauce. You can ignore any other accounts you’re not interested in recovering the passwords for.</p> <p>12. After Ophcrack recovers your password, write it down, remove the Ophcrack LiveCD disc from your optical drive and restart your computer. You don’t need to exit the Ophcrack software – it won’t harm your computer to power it off or restart it while it’s running.</p> <p>N.B. Remember it can only recover password which are up to 14 characters long and do not have any special character (Like @,# etc.) in it.</p><p><br /></p><p>njoy hacking...!!!<br /></p><div class="blogger-post-footer"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script><fb:like show_faces="true" width="450" font="arial" colorscheme="dark"></fb:like></div>Tarun Singhhttp://www.blogger.com/profile/13601903030936777386noreply@blogger.com1