Skip to main content

Posts

Showing posts from 2006

WhiteHackers Toolvbar

Hi All, With your support the official white hackers toolbar is now among popular download on Cnet's download.com. Thanks to everyone who made it possible... For others ther is still chance here is the link...:) http://www.download.com/WhiteHackers-Community-Toolbar/3000-2379_4-10599524.html

[whitehackers:231] Try the new Hackers search engine...

Hi, Please try the new hackers search engine and add yourself as a contributer... http://www.google.com/coop/cse?cx=003324193344530269932%3Am2r8casexqo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "whitehackers" group. To post to this group, send email to whitehackers@googlegroups.com To unsubscribe from this group, send email to whitehackers-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/whitehackers The group has a public blog at http://white-hackers.blogspot.com -~----------~----~----~----~------~----~------~--~---

Vista, Office 2007 cracked

Vista, Office 2007 cracked. Kind of. : "Microsoft has had a long history of battling against piracy, ever since Bill Gates' Open Letter to Hobbyists in 1976, long before there was even a personal computer software industry to speak of. Now, Microsoft finds itself in its latest piratical engagement, with the recent cracks of Windows Vista and Office 2007, both of which just hit gold release status. Torrents of the cracks are already finding their way around pirate sites."

[whitehackers:230] New Windows Attack Can Kill Firewall

The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS). http://www.infoworld.com/article/06/10/30/HNwindowsfirewall_1.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "whitehackers" group. To post to this group, send email to whitehackers@googlegroups.com To unsubscribe from this group, send email to whitehackers-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/whitehackers The group has a public blog at http://white-hackers.blogspot.com -~----------~----~----~----~------~----~------~--~---

[whitehackers:229] 10 things you should know about Internet Explorer 7 Security

Internet Explorer 7 is designed to make browsing safer. Here's a quick rundown of some of the new security features, including Active X opt-in, the Phishing Filter, cross-domain security, enhanced privacy protection, and an international character alert. http://articles.techrepublic.com.com/5100-1009_11-6130844.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "whitehackers" group. To post to this group, send email to whitehackers@googlegroups.com To unsubscribe from this group, send email to whitehackers-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/whitehackers The group has a public blog at http://white-hackers.blogspot.com -~----------~----~----~----~------~----~------~--~---

[whitehackers:228] How to Stop Email Spam with SpamAssassin

One highly effective method how to stop spam email using SpamAssassin. A good tutorial about how to configure the SpamAssassin settings in your hosting account, as well as Outlook's filters. I configured my account using this tutorial, for example. http://www.drostdesigns.com/how-to-stop-email-spam-with-spamassassin/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "whitehackers" group. To post to this group, send email to whitehackers@googlegroups.com To unsubscribe from this group, send email to whitehackers-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/whitehackers The group has a public blog at http://white-hackers.blogspot.com -~----------~----~----~----~------~----~------~--~---

Microsoft Now Decides to Accept Outside Security for Vista

Microsoft did an about-face yesterday, agreeing to make it easier for customers of its forthcoming Vista operating system to use outside security vendors, such as those who make popular antivirus and anti-spyware programs. Until now, Microsoft had planned to block those companies from installing their products in the deepest levels of the new OS. read more  |  digg story

How to access blocked site

Approach 1: There are websites Anonymizer who fetch the blocked site/ page from their servers and display it to you. As far as the service provider is concerned you are viewing a page from Anonymizer and not the blocked site. Approach 2: To access the blocked Web site. type the IP number instead of the URL in the address bar. But if the ISP software maps the IP address to the web server (reverse DNS lookup), the website will remain blocked. Approach 3: Use a URL redirection service like tinyurl.com or snipurl.com. These domain forward services sometimes work as the address in the the url box remain the redirect url and do not change to the banned site. Approach 4: Use Google Mobile Search. Google display the normal HTML pages as if you are viewing them on a mobile phone. During the translation, Google removes the javascript content and CSS scripts and breaks a longer page into several smaller pages. [link] View this website in Google Mobile Approach 5: Enter the URL in Google or Yahoo ...

Ban Shutdowns : A trick to Play on Lamers

This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box. Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message: This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrat...

Cisco CCNA Exam Tutorial: Password Recovery Procedures

by: Chris Bryant, CCIE #12933 It might happen on your CCNA exam, it might happen on your production network - but sooner or later, you're going to have to perform password recovery on a Cisco router or switch. This involves manipulating the router's configuration register, and that is enough to make some CCNA candidates and network administrators really nervous! It's true that setting the configuration register to the wrong value can damage the router, but if you do the proper research before starting the password recovery process, you'll be fine. Despite what some books say, there is no "one size fits all" approach to Cisco password recovery. What works on a 2500 router may not work on other routers and switches. There is a great master Cisco document out on the Web that you should bookmark today. Just put "cisco password recovery" in your favorite search engine and you should find it quickly. The following procedure describes the process in reco...

Cisco CCNP / BCMSN Exam Tutorial: Changing Root Bridge Election Results

by: Chris Bryant, CCIE #12933 Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP features, let's review the root bridge election process and learn how to change these results. Each switch will have a Bridge ID Priority value, more commonly referred to as a BID. This BID is a combination of a default priority value and the switch's MAC address, with the priority value listed first. For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11-22-33-44-55-66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC address is the deciding factor. Switches are a lot like people - when they first arrive, they announce that they are the center of the universe! Unlike some people, the switches will soon ...

Hotkeys for Google

by: Dennis Nazarenko Just select some text, press the corresponding key combination and the search results are in front of your eyes. This is what the new free program Hotkey Search Tool can do for you. An advanced Internet user searches from 8 to 30 times a day. In the case of specialized search systems, such as on-line translators, dictionaries, and references, this value increases and totals from 10 to 60 requests a day. Often, you had to start the browser and enter the search phrase to get the search results. But if the text is already typed, why should you have to type it again? Suppose you want to search an encyclopedia for some unknown word or find the site of some product by its name. All you need to do is just select the text and send a command to Hotkey Search Tool. The program will copy the selected text to the clipboard and open the browser with the search results. If you do not select any text, the program will select the string typed before you pressed the ...

Cisco CCNP / BSCI Exam Tutorial: Introduction To Policy Routing

by: Chris Bryant, CCIE #12933 Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing? Policy-based routing, generally referred to as "policy routing", is the use of route maps to determine the path a packet will take to get to its final destination. As you progress through your CCNP studies and go on to the CCIE (or to a Cisco Quality Of Service certification), you'll find that traffic can be "marked" by policy routing in order to give different levels of service to various classes of traffic. (This is done by marking the traffic and placing the different classes of traffic in different queues in the router, allowing the administrator to give some traffic higher priority for transmission.) There are some basic policy routing rules you should know: Policy routing doesn't affect the destination of the packet, but does affect the path...

Using SMTP to Fake Mails

SMTP stands for simple mail transfer protocol. It is a simple protocol based on exchange of commands. There are lots of commands supported, you can view a list here . The first command used in SMTP is the HELO or EHLO (extended hello). This a way of greeting the server. The server will reply back with some form of greeting. You can use SMTP to send fake mails read on at... http://www.windowsecurity.com/whitepaper/How_to_Send_Fake_Mail_Using_SMTP_Servers.html

Honeypots (Definitions and Value of Honeypots)

By Lance Spitzner Definitions and Value of Honeypots Lance Spitzner With extensive help from Marty Roesch and David Dittrich http://www.spitzner.net Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the Cuckoo's Egg", and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues...

Losing Trust In Search Engines

Privacy. It's a pretty simple concept, at least, for an individual. When you get a group of friends together, expecting your comments and actions to remain private is a little tougher to do. But what if one or two of your friends in the group told you that you could count on them to keep your comments secret? You could reasonably believe them, right? Well, if those friends were named Yahoo or Google, then no, you couldn't. A little background before I get started with the technical data. I run a website called www.gravito.com, I still intend to do something with it; most likely online IP tools for forum administrators, but for now the main page is blank. It's been that way since early 2004. At one point in my life, I had no job and thought I could run a little hosting/web design business right out of college. I think we all thought we could do that at some point in our lives, and some of you might do so now. You can see the Wayback Machine Archive of my hosting business her...

Two Way Authentication To Defeat Phishing

Phishing is becoming an increasingly big problem on the net. When the end user receives an email that for all purposes appears genuine and appears to originate from a trusted source, the psychological effect is to lower the levels of suspicion the user would normally have, when asked to provide sensitive information. There really is very little we can do to stop Phishers from making carbon copies of websites, spoofing email addresses and even buying ssl certificates to make their site appear more genuine. However, we can beat Phishing through implementing a process of two-way authentication. Under two-way authentiation, the customer is required to prove their identity to the bank's web site and the web site must prove its authenticity to the user. This ensures both parties can be confident that they are dealing with a legitimate source. If all financial institutions adopted this login procedure, phishing could be eliminated within the banking sector. The method is described in full...

Two New Windows Wmf Flaws Found

Microsoft announced on TechNet last night two new flaws in Windows, one in viewing WMF files with older versions (pre 6.0) of Internet Explorer, and a second related to priviledge escalation in Windows XP and 2003 systems without the latest service packs. The first flaw, which is vulnerable only to Internet Explorer 5.5 and 5.01, uses the now-familiar terminology that it "could allow an attacker to execute arbitrary code on the user's system" when they view a specially-crafted web page or email attachment. On the surface the flaw appears similar to the very critical WMF flaw discovered in late December, but is a different issue. The second flaw affects only Windows XP SP1 and prior, along with Windows Server 2003 without SP1. Systems with the latest service packs are not vulnerabile. The vulnerability permits priviledge escalation in default Windows services as well as third party applications set with overly permissive access controls. Patches for these two vulnerabiliti...

Anonymity mini HOWTO

Disclaimer: I strongly recommend that nobody attempts in anyway to gain unauthorized access to any sort of computer system, as any kind of attempt to gain unauthorized access sadly seems to be a serious criminal offense. I'm in no way responsible for any kinda offence. Its totally ethical stuff and there's even potential danger that you may even get logged and even chance to get sniffed. So stay alive. Happy Hacking :) Hey fellas don't get annoyed by the disclaimer. It's just a formality you know rules are always meant to be broken. So today's hot topic is about how anonymous you are. Let's see what anonymity on web really mean. In one line its nothing but how deep you can tunnel down the rabbit hole without being noticed. If you ain't anonymous, may be your first hack be your last one. Always cover your tracks, it's the basic thing one should ensure before planning to hack the box. There are loggers all the way. If you escape you ISP, there are routers ...

Overview of HTTP Authentication

The HTTP 1.x protocol has a built in mechanism for requiring a valid username/ password to gain access to web resources. This mechanism is known as HTTP Authentication and can be initiated by either a CGI script or by the web server itself. The overall purpose of this document is to provide the new user with a common sense definition and understanding of HTTP authentication at the HTTP Header Level. There are currently 2 modes of authentication built into HTTP 1.1 protocol, termed 'Basic' and 'Digest' Access Authentication. Basic Authentication transmits the username:password pair in an unencrypted form from browser to server and in such should not be used for sensitive logins unless operating over an encrypted medium such as SSL [1]. Digest Authentication sends the server a one way hash of the username:password pair calculated with a time sensitive, server supplied salt value. Here a couple definitions are in order: One way hash:? A mathematical calculation of a string...

Wmf Exploit Sold For $4,000

Russian hacker groups sold exploit code for the WMF exploit in early December, well before vulnerability research companies caught wind of the problem, mounting evidence is suggesting. A two-week window separated the development of the exploit and the discovery of suspicious activity, according to an eWeek article. During these two weeks the exploit code was available on underground websites -- at a $4,000 cost. Details regarding the first release of the exploit are still being discovered, however the eWeek article mentions an early relationship with a stock pump-and-dump scheme, where the WMF flaw was used quietly for quick financial gain. A BugTraq posting in late December was first to show a website actively implementing the WMF flaw, and the flurry of activity that followed sent the security community into overdrive -- over one thousand malicious WMF files were detected in the days following the post. Source : http://www.securityfocus.com/brief/126

New Bid To Tackle Spyware Scourge

Five computer security firms are collaborating on a common naming system for spyware and will co-produce tools to remove the malicious software. The initiative hopes to remove some of the current confusion caused by anti-spyware firms managing their own labelling and removal methods. The group said collaboration was needed as the amount of spyware in circulation was rising by 50-100% per year. The initiative will see ICSA Labs, McAfee, Symantec, Thompson Cyber Security Labs and Trend Micro join forces to tackle spyware.

Armoring Solaris

By Lance Spitzner Preparing Solaris 8 64-bit for CheckPoint FireWall-1 NG Lance Spitzner http://www.spitzner.net Last Modified: 20 July, 2002 Firewalls are one of the fastest growing technical tools in the field of information security. However, a firewall is only as secure as the operating system it resides upon. This article is a continuation of the original Armoring Solaris article, focusing on building a minimized Solaris 8 64-bit for CheckPoint FW-1 NG firewall. This article does not include an updated script for the automated securing of the new installation, as there was in Armoring Solaris. Instead, we will be using Solaris Security Toolkit (JASS). This is a new tool developed and rele...

Nmap 4.00 With Fyodor

After more than eight years since its first release in Phrack magazine, Fyodor has announced Nmap 4.00. Curious as usual, Federico Biancuzzi interviewed Fyodor on behalf of SecurityFocus to discuss the new port scanning engine, version detection improvements, and the new stack fingerprinting algorithm under work by the community. Could you introduce yourself? Fyodor: I'm a long-time network security enthusiast with a particular interest in full disclosure and the offensive side of security. I have gained a lot from the security community over the years, and try to contribute back by releasing free tools such as my Nmap Security Scanner and publishing useful content on my websites, Insecure.Org and Seclists.Org. I am also an active member of the Honeynet Project. Writing has been a major recent focus of mine. Last year I co-authored a technical security novel named Stealing the Network: How to Own a Continent, and I'm almost finished with a network scanning book. This is all on ...