Skip to main content

Posts

Showing posts from 2005

How to Hack AOL,HOTMAIL and YAHOO

We often hear people claim that they have lost their passwords because they have been hacked and now need to get their password back.Here i am giving few techniques All this techiniques are illegal can be called as Phishing THE HOAX Let's dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work. : : : (([[THIS REALLY WORKS ]])) : : : (1) send an E-mail to passwordrecovery@yourdomainhere.com (2) In the subject box type the screenname of the person whose password you wish to steal (3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa (4) Send the e-mail with priority set to "high" (red ! in some mailprograms) (5) wait 2-3 minutes and check your mail (6) ...

New Sophisticated Security Threats From Voip

A new report from the Information Security Forum (ISF) warns that along with existing security problems associated with IP networks, VoIP will present new and more sophisticated threats, such as caller ID spoofing, voice modifiers, SPIT (voicemail SPAM) and packet injections. With VoIP now poised to hit the business market in a big way, the ISF believes that failure to address these serious risks may bring voice communications to a grinding halt and result in identify theft and loss of sensitive information. With a combination of caller ID spoofing and freely available voice modification software, it is relatively easy to pose convincingly as someone else, similar to web site spoofing and phishing. But the ISF believes that one of the most virulent problems posed by VoIP will come about as a direct result of the low cost of sending voice messages over the Internet. SPIT (spam over internet telephony) could become a huge problem for companies. This could range from staff wasting time cl...

First Exploit in Firefox 1.5 discovered

Security experts with Packet Storm have published proof of concept code that exploits an unpatched flaw in the Firefox 1.5 browser, making the application vulnerable to a denial of service attack. The code marks the first publicly disclosed security vulnerability in Firefox 1.5 since it became available late November . The published code will add a large entry to the history.dat file of the browser, causing the application to crash the next time it is launched or the application will freeze. Users can fix the problem by manually erasing the file. Another option is to change the browser setting to disable the saving of history data by setting the days of saved history to zero or increasing the privacy control. While the proof of concept code is relatively harmless, the flaw could be exploited to install malware, said John Bambenek, a researcher with the University of Illinois at Urbana-Champaign and volunteer at the SANS Internet Storm Center . "Presumably, if the topi...

Bruteforce Password Cracking

A very elemental intrusion technique is bruteforce password guessing with a wordlist. This is very easy to do and I'd like to specifically explain how to crack simple, online websites. The basic principles are very transportable and we'll examine a couple more uses for them. We'll use the wonderful language, ruby , for our implementation. To begin, you need a wordlist file. Find yourself some wordlist files at ftp://ftp.cerias.purdue.edu/pub/dict/wordlists and ftp://ftp.ox.ac.uk/pub/wordlists/ . These will provide you with words that might be used as passwords. For example, ftp://ftp.ox.ac.uk/pub/wordlists/computer/common-passwords.txt.Z contains a list of some 800+ commonly used passwords. You can join them with a " cat file1 >> file2 " or " ruby -e 'File.open("file1", "a").write(File.open("file2", "r").read)'" , substituting whatever your files' names are for file1 and file2 . Now you want...

Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information

Article at ... http://www.hacker.co.il/security/ie/css_import.html Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information Overview It was bound to happen. I was recently intrigued by the possibility of utilizing Google Desktop for remote data retrieval of personal user data (such as credit cards and passwords) through the use of a malicious web page. Now, thanks to a severe design flaw in Internet Explorer, I managed to show it's possible to covertly run searches on visitors to a web site by exploiting this vulnerability. In this article I will detail what the vulnerability in IE is and how it is used to exploit Google Desktop. If you have IE 6 and Google Desktop v2 installed you can test it for yourself in my proof of concept page. Detailed analysis Normally, browsers impose strong restrictions for cross domain interaction through the web browser. A certain web page can make a user browse to a different domain. However, it may not read the ...

Places that viruses and trojans hide on start up

By ShaolinTiger The following article was written by ShaolinTiger, Administrator of: 1. START-UP FOLDER. Windows opens every item in the Start Menu's Start Up folder. This folder is prominent in the Programs folder of the Start Menu. Notice that I did not say that Windows "runs" every program that is represented in the Start Up folder. I said it "opens every item." There's an important difference. Programs represented in the Start Up folder will run, of course. But you can have shortcuts in the Start Up ...

Bots

bots' For Sony Cd Software Spotted Online Sony's software, installed when playing one of the record label's recent copy-protected CDs in a computer, hides itself on hard drives using a powerful programming tool called a "rootkit." But the tool leaves the door open behind it, allowing other software--including viruses--to be deeply hidden behind the rootkit cloak. The first version of a Trojan horse spotted early Thursday, which aims to give an attacker complete remote control over an infected computer, didn't work well. But over the course of the day, several others emerged that apparently fixed early flaws. This is no longer a theoretical vulnerability; it is a real vulnerability," said Sam Curry, vice president of Computer Associates' eTrust Security Management division. "This is no longer about digital rights management or content protection, this is about people having their PCs taken over." Sony's use of the rootkit software has spa...

Is it only IT individuals who do hacking..?

Most of time hackers known as individuals who committed to attack some one with his/her skills in IT, but when considering the news that we listen in our day to day life, we can ask a question from our selves that does only those individuals who use hacker skills..? . I don think so, see now day it seems most big organizations use hacker skills too As you know the SONY BMG crisis is long talked news that we heard few days ago. SONY BMG is not the only organizations who use hacker skills to businesses issues. Nowadays hackers are used by military, intelligence services and there are some hacker companies too, most known as computer security companies. The bottom line is every body need hackers and their skills; only deference is how they use them or their skills against others. Well in a way it seems hackers make somebody’s life comfortable while some one get in trouble, well what do you think..?

Adding Back Doors to the Standard C Library

Adding Back Doors to the Standard C Library Hacked by chrootstrap December 2003 (GNU Free Documentation License ) In computer terms, a library is an archive of reusable functions, data, and types. When a program uses parts of a library, the library is said to be statically linked when the library's parts are copied into the program and dynamically linked when the parts are loaded when the program are running. Libraries which support dynamic linking are said to be shared libraries because their parts may be used by many different programs, even at the same time. Only one copy of the parts needs to be on the system and any updates to a part apply to all programs using the part. Because of these advantages, shared libraries are very popular on many operating systems including Linux. Normally when a shared library is updated or changed, it has to be rebuilt from all of the original parts and the new library simply replaces the old library. It is possible, however, to modify the l...

Sony's Anti Piracy

Sonys Xcp Anti Piracy Mechanism Shut Down! Well its funny that the same mechanism they used to stop piracy is now being copied by hackers to create worms and spyware.Sony had to shut down production of there new disk becuase of the security risk .. I guess its true that when they step up so will others to put them down.. Entertainment giant Sony has finally announced that they are suspending the production of their music CDs that are loaded with controversial anti-piracy mechanism. These measures installed hidden software on the MS Windows based machines to limit the number of times the CD can be replicated on it. However, the mechanism has been so insecure that the concept has been picked up hackers to develop spywares and worms based on it. Sony has however claimed that they standby their right to prevent users from pirating songs and other digital content from the CDs. They are however halting the manufacturing of these disks, which used XCP technology. Sony sa...

Hacking Art or Science

By Mark Hinge (Thu, 29 Sep 2005 21:40:00 +0100) 1. Introduction The argument regarding the principal nature of hacking - be it an art or a science is not a new one. This paper hopes to discuss both the meaning of the term “hack” and the underlying arguments for it being defined as an art or a science in reference to the base principles and basic methodologies of the discipline. Ultimately the question is this: Does the creative thinking required to be a successful “hacker” outweigh the necessity for scientific process? The dictionary [www.dictionary.com] defines the term “hacking” in a computer security context as: 1. Informal. a. To write or refine computer programs skilfully. b. To use one's skill in computer programming to gain illegal or unauthorized access to a file or network: hacked into the company's intranet. The origin of the term however is a far more relevant issue than the “dictionary” definition itself – as is the subsequent media bastardisat...