Unlocking the iphone

As we all know, iPhone is Subscriber Identity Module (SIM) locked. This means iphone was designed for and can be used by one carrier—AT&T in the United States—and offers a limited set of iPhone-compatible voice and data plans. Within weeks of its release, a hacker named iZsh created a tool named iASign, which allowed iPhone owners to unlock and use their phones with AT&T/Cingular plans that were not designed for the iPhone, including pay-as-you-go plans.

 

A month or two later, the iPhone Dev Team hackers released the iUnlock and anySIM tools (see Figure above), which allowed the iPhone to be unlocked and used with any Global System for Mobile communications (GSM) SIM from around the world.Within days of its release, the iPhone had been unlocked and used in dozens of countries,from Malaysia to Jamaica and from Norway to Pakistan.

Reacting to the iPhone Unlock tool, Steve Jobs said, “It’s a cat-and-mouse game. We try to stay ahead. People will try to break in, and it’s our job to stop them breaking in.” In late September 2007, Apple issued the following statement in a press release:

Apple has discovered that many of the unauthorized iPhone unlocking programs available on the Internet cause irreparable damage to the iPhone’s software,which will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed.Apple plans to release the next iPhone software update,containing many new features including the iTunes Wi-Fi Music Store(http://www.itunes.com/), later this week.Apple strongly discourages users from installing unauthorized unlocking programs on their iPhones.Users whomake unauthorized modifications to the software on their iPhone violate their iPhone software license agreement and void their warranty.The permanent inability to use an iPhone due to installing unlocking software is not covered under the iPhone’s warranty.

After releasing firmware update 1.1.1 for iPhone, Apple refused warranty service to bothunlocked phones and phoneswith third-party applications. Caveat emptorand hacker beware.

Read More

10 Tips to Enhance your PC Security

Today almost everyone of us have a PC with an internet connection but how many of us think about it’s security? In fact most of the people are least bothered about their PC’s security.Especially if you have an internet connection safeguarding your PC against network threats is a must.If your PC is not secured then it might be vulnerable to various threats.The threat may be as simple as a virus which corrupts your data or as complex as an identity theft where there are chances of huge loss of money.Did you know that unsecured PCs can be hijacked in minutes ? If you are really concerned about PC security then here are the top 10 security enhancements for your PC.

1. Check Windows Update.Windows Me, 2000, and XP users can configure automatic updates. Click on the Automatic Updates tab in the System control panel and choose the appropriate options.

2. Install a good Antivirus software and update it regularly.An Antivirus without updates is of no use.

3. Install a personal firewall. Both SyGate (http://www.sygate.com/) and ZoneAlarm (http://www.zonelabs.com/) offer free versions.

4. Install a good Antispyware.(Antivirus with built-in antispyware is a go0d choice)

5. Use strong passwords and change them periodically. Passwords should have at least seven characters; use letters and numbers and have at least one symbol. A decent example would be f8izKro#l. This will make it much harder for anyone to gain access to your accounts.

6. If you’re using Outlook or Outlook Express, use the current version or one with the Outlook Security Update installed. The update and current versions patch numerous vulnerabilities.

7. Be skeptical of things on the Internet. Don’t blindly assume that an email “From:” a particular person is actually from that person since it is possible to send a fake email.

8. Check for Versign SSL (Secure Sockets Layer) Certificate (Or logo) before you make any ecommerce transaction (Credit card transaction) with a website.

9. Never disable the Auto-Protect feature of your Antivirus.If your Antivirus doesn’t have Auto-Protect feature then manually scan the files before you execute them.

10. Never give out your passwords to anyone at any time even if the person claims to be from “support.”

Read More

Essential Hacking Tools for every Hacker

Here is a list of all the essential hacking tools that every hacker should possess.Here in this post I will give details of different Hacking/Security tools and utilities along with the download links.I have also divided these tools into their respective categories for ease of understanding.

NETWORK SCANNERS AND TCP/IP UTILITIES

 

 

1. IP TOOLS

 

IP-Tools offers many TCP/IP utilities in one program. This award-winning program can work under Windows 98/ME, Windows NT 4.0, Windows 2000/XP/2003, Windows Vista and is indispensable for anyone who uses the Internet or Intranet.

It includes the following utilities

• Local Info - examines the local host and shows info about processor, memory, Winsock data, etc.


• Name Scanner - scans all hostnames within a range of IP addresses


• Port Scanner - scans network(s) for active TCP based services


• Ping Scanner - pings a remote hosts over the network


• Telnet - telnet client


• HTTP - HTTP client


• IP-Monitor - shows network traffic in real time & many more

IP TOOLS has almost all the utilities built into it.So there is no need to use seperate tools for every indivisual process of hacking such as Port scanning,Whois scanning,IP monitor etc.It’s like a hacking tool kit which has all the necessary tools for hacking.

Download IP Tools Here

2. NMAP

Nmap is a similar hacking/security tool as IP Tools which offer slightly different set of features.Unlike IP Tools Nmap is a freeware.It is designed to rapidly scan large networks, although it works fine against single hosts.Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available

Download Nmap Here

 

 PASSWORD CRACKERS

1. LC4 (For Windows Password Recovery)

LC4 is the award-winning password auditing and recovery application, L0phtCrack. It provides two critical capabilities to Windows network administrators:

• LC4 helps administrators secure Windows-authenticated networks through comprehensive auditing of Windows NT and Windows 2000 user account passwords.

 

• LC4 recovers Windows user account passwords to streamline migration of users to another authentication system or to access accounts whose passwords are lost.

Donload LC4 Here

2. SAMINSIDE (For Windows Password Recovery)

SAMInside is designated for the recovery of Windows NT/2000/XP/2003/Vista user passwords.

The following are some of the highlighting features of Saminside.

• The program doesn’t require installation.It can be directly run from CD,Disk or Pendrive.


• Includes over 10 types of data import and 6 types of password attack

1. Brute-force attack


2. Distributed attack


3. Mask attack


4. Dictionary attack


5. Hybrid attack


6. Pre-calculated tables attack

• Run’s very fast since the program is completely written in assembler.

As far as my opinion is concerned both LC4 and SAMINSIDE are powerful password crackers for cracking Windows Passwords.However LC4 has slightly upper hand over Saminside.I recommend LC4 for advanced users but Saminside is more suitable for novice users.

You Can Get Saminside From Here

3. MESSENPASS (For Instant Messenger Password Recovery)

Messenpass is a password recovery tool for instant messengers.It can be used to recover the lost passwords of yahoo messenger or windows messenger.It is too easy to use this tool.Just double-click this tool and it reveals the username and passwords that are stored in the system.

Download MessenPass Here

REMOTE ADMINISTRATION TOOLS (RAT)

RADMIN

Radmin (Remote Administrator) is the world famous, award winning secure remote control software and remote access software which enables you to work on a remote computer in real time as if you were using its own keyboard and mouse.

Radmin has the following features.

• Access and control your home and office computer remotely from anywhere


• Perform systems administration remotely


• Provide Help Desk (remote support) functions for remote users


• Work from home remotely


• Manage small, medium, and large networks remotely


• Organize online presentations and conferences


• Share your desktop


• Teach and monitor students’ activities remotely

I have used Radmin personally and recommend this software to everyone.It works great!

Download Radmin Here

 Most of the above tools are shareware which means that you have to pay for them.But they are really worth for their money.Most of the time freewares offer limited functionality/features than the sharewares and hence I recommend them to my visitors.But still you can get 99% of all the softwares for free (cracked versions) on the internet.I will not discuss about how/where to download the cracked versions of the softwares for obvious reasons.It’s all up to you how you get these softwares.

Read More

Disable Task Manager

WARNING: Please Backup your registry before attemting this hack.Changes to registry may lead to system failure.

The following registry hack enables us to disable the Task Manager.Here is a step by step procedure to disable Windows task manager.

Step1: Goto start>run and type “regedit” in the run.

Step2: In the registry navigate to

HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\System

Value Name: DisableTaskMgr

Data Type: REG_DWORD (DWORD Value)

Value Data: (0 = default, 1 = disable Task Manager)

Step 3: Then navigate to

HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Policies\System

Value Name: DisableTaskMgr

Data Type: REG_DWORD (DWORD Value)

Value Data: (0 = default, 1 = disable Task Manager)

Read More

Advanced Google Search

In this post I will show you some of the secrets of Advanced Google Search.

Google is clearly the best general-purpose search engine on the Web.But most people don’t use it to its best advantage or in an advanced way. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 3 billion pages in Google’s index, it’s still a struggle to pare results to a manageable number. There are some ways in which advanced Google search can be used to get the desired results.

But Google is an remarkably powerful tool that can ease and enhance your Internet exploration. Advanced Google search options go beyond simple keywords, the Web, and even its own programmers. Let’s look at some of the advanced Google search options.

Syntax Search Tricks



Using a special syntax is a way to tell Google that you want to restrict your searches to certain elements or characteristics of Web pages.Here are some advanced Google search operators that can help narrow down your search results.

1.Intitle: at the beginning of a query word or phrase (intitle:”Three Blind Mice”) restricts your search results to just the titles of Web pages.

2.Intext: does the opposite of intitle:, searching only the body text, ignoring titles, links, and so forth. Intext: is perfect when what you’re searching for might commonly appear in URLs. If you’re looking for the term HTML, for example, and you don’t want to get results such as

www.gohacking.com/index.html

you can enter intext:html

3.Link: lets you see which pages are linking to your Web page or to another page you’re interested in. For example, try typing in

link:http://www.gohacking.com/

3.site: (which restricts results to top-level domains) with intitle: to find certain types of pages. For example, get scholarly pages about Mark Twain by searching for intitle:”Mark Twain”site:edu. Experiment with mixing various elements; you’ll develop several strategies for finding the stuff you want more effectively. The site: command is very helpful as an alternative to the mediocre search engines built into many sites.

Swiss Army Google



Google has a number of services that can help you accomplish tasks you may never have thought to use Google for. For example, the new calculator feature

(www.google.com/help/features.html#calculator)

lets you do both math and a variety of conversions from the search box. For extra fun, try the query “Answer to life the universe and everything.”

Suppose you want to contact someone and don’t have his phone number handy. Google can help you with that, too. Just enter a name, city, and state. (The city is optional, but you must enter a state.) If a phone number matches the listing, you’ll see it at the top of the search results along with a map link to the address. If you’d rather restrict your results, use rphonebook: for residential listings or bphonebook: for business listings. If you’d rather use a search form for business phone listings, try Yellow Search

(www.buzztoolbox.com/google/yellowsearch.shtml).

Let Google help you figure out whether you’ve got the right spelling—and the right word—for your search. Enter a misspelled word or phrase into the query box (try “thre blund mise”) and Google may suggest a proper spelling. This doesn’t always succeed; it works best when the word you’re searching for can be found in a dictionary. Once you search for a properly spelled word, look at the results page, which repeats your query. (If you’re searching for “three blind mice,” underneath the search window will appear a statement such as Searched the web for “three blind mice.”) You’ll discover that you can click on each word in your search phrase and get a definition from a dictionary.

Extended Googling

Google offers several advanced services that give you a head start in focusing your search. Google Groups

(http://groups.google.com/)

indexes literally millions of messages from decades of discussion on Usenet. Google even helps you with your shopping via two tools: FroogleCODE(http://froogle.google.com/),

which indexes products from online stores, and Google CatalogsCODE(http://catalogs.google.com/),

which features products from more 6,000 paper catalogs in a searchable index. And this only scratches the surface. You can get a complete list of Google’s tools and services at

www.google.com/options/index.html

You’re probably used to using Google in your browser. But have you ever thought of using Google outside your browser?

Google Alert

(http://www.googlealert.com/)

monitors your search terms and e-mails you information about new additions to Google’s Web index. (Google Alert is not affiliated with Google; it uses Google’s Web services API to perform its searches.) If you’re more interested in news stories than general Web content, check out the beta version of Google News Alerts

(www.google.com/newsalerts).

This advanced Google service (which is affiliated with Google) will monitor up to 50 news queries per e-mail address and send you information about news stories that match your query. (Hint: Use the intitle: and source: syntax elements with Google News to limit the number of alerts you get.)

Google on the telephone? Yup. This service is brought to you by the folks at Google Labs

(http://labs.google.com/),

a place for experimental Google ideas and features (which may come and go, so what’s there at this writing might not be there when you decide to check it out).

 With Google Voice Search

(http://labs1.google.com/gvs.html),

you dial the Voice Search phone number, speak your keywords, and then click on the indicated link. Every time you say a new search term, the results page will refresh with your new query (you must have JavaScript enabled for this to work). Remember, this service is still in an experimental phase, so don’t expect 100 percent success.

In 2002, Google released the Google API (application programming interface), a way for programmers to access Google’s search engine results without violating the Google Terms of Service. A lot of people have created useful (and occasionally not-so-useful but interesting) applications not available from Google itself, such as Google Alert. For many applications, you’ll need an API key, which is available free fromCODE www.google.com/apis

SOURCE: http://www.pcmag.com/

Read More

Change the Title of Yahoo Messenger

Here’s how you change the title text that appears at the top of the Messenger window. By default, this is “Yahoo! Messenger”, followed by your status. Simply edit the ymsgr.ini file, which you will find in the same folder as the Messenger program, in your Program Files folder. Locate the file and open it in Notepad. Then, at the end, add the following:

[APP TITLE]

caption=YOUR TEXT

Here, “YOUR TEXT” is whatever you want in the title bar. Save the file and close Messenger. When you restart it you will see your text in the title bar.

Read More

Email Tracking

One of most the frequently asked question is how to track an email back to the sender.That is how to determine the sender of the email? The most obvious answer is by looking at the “From:” line! But this way of tracking does not work all the time since most of the spammers forge the email address or most of the spam that we get has a forged email address.This is also known as a spoofed email.Is it possible to send email from other’s address?Yes it is possible to send email from anyone’s name.Why not, you can send an email even from Bill Gate’s Email ID.If you need a proof look refer the post Send Spam Email To Friends

 

For more information on how to send a spoofed email refer the following post (link).

How To Send Fake Emails



OK now let’s come back to the topic of email tracking.So how do you determine where a message actually came from?Inorder to track an email we have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack an email to the source network, sometimes the source host.

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message.I have double spaced the headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: sriki@example.com

Delivered-To: sriki@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7for <sriki@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: “Maricela Paulson” <s359dyxtt@yahoo.com>

Reply-To: “Maricela Paulson” <s359dyxtt@yahoo.com>

To: sriki@example.com

Subject: You Have won $10000 in US Lottery Scheme

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”MIMEStream=_0+211404_90873633350646_4032088448″

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time.

This message didn’t come from yahoo’s email service.

The header most likely to be useful in tracking the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider in tracking is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here’s is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

sriki@nqh9k:[/home/sriki] $whois 12.218.172.108 AT&T WorldNet Services ATT (NET-12-0-0-0-1)12.0.0.0 - 12.255.255.255Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15# Enter ? for additional hints on searching ARIN’s WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

sriki@nqh9k:[/home/sriki] $nslookup 12.218.172.108

Server: localhostAddress: 127.0.0.1

Name: 12-218-172-108.client.mchsi.comAddress: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com/, I get Mediacom’s web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host’s IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.

Read More