Wednesday, August 5, 2009

VULNERABILITY IN GMAIL

Gmail is one of the major web mail service provider across the globe. But as we all know Gmail still carries that 4 letter word BETA. Sometimes we may wonder, why Gmail is still in the testing stage even after years of it’s emergence. Here is one small reason for that.
Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the term Gmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.

Google or Gmail cannot be used as first or last name

This rule is implemented by Gmail for obvious reasons, because if the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phishing or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combination.

First Name        Last Name
Gmail                       Team
Google                     Team
Gmail                       Password Assistance 
From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing it’s services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. Because Gmail has a small vulnerability that can be exploited so that the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it’s very simple.
1. Login to your Gmail account and click on Settings.
2. Select Accounts tab
3. Click on edit info
4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!
Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot
gmailhack

Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords since they believe that they are sending it to Gmail Team (or someone authorized). But in reality they are sending it to an attacker who uses these information to seek personal benefits.

MEASURE THE NUMBER OF PAGE VIEWS ON ANY SITE

Statbrain is a online web stats tools that helps you guess the number of page views on any site using a combination of Alexa rank, backlink counts from Google, Yahoo and some other unknown factors.

Don’t expect it to be too accurate, but if you want a very rough estimate for any site, this could be useful.
This could be very handy for advertisers or people who are interested in measuring rough traffic on a competitor’s website.
You may also want to checkout Google Trends as they are pretty accurate.
StatBrain gives an estimate about number of visits and not unique visitors or page views. 

Tuesday, August 4, 2009

MOST EASIEST WAY TO LOCK ANY FOLDER IN WINDOWS XP



Dirlock is the simplest and most easiest way to lock any folder in Windows XP using NTFS volume.

DirLock is designed for users who keep their computer turned on/logged in for others to use it.
So by using this application you will be able to lock individual folders instead of just locking the whole computer.



The user interface of DirLock is quite simple.Just right click any folder and click on lock/unlock and a pop up menu like above will ask you for password and thats it.

It provides you fairly straightforward way of protecting folders, and this freeware should suit the needs of most casual computer users and its simple and easy to use, no hassles or anything like that...

It's easy to use...but in starting you may get confused.
There is no Help file available to understand the functionality of this application.
And the last thing is that I don't know..if I forget the Password...how can I recover it.

You need to have Microsoft.NET Framework Version 2.0 installed in your system for running DirLock1.4

Related Links: Download DirLock1.4

RECOVER GMAIL, AOL,YAHOO OR WINDOWS LIVE PASSWORDS

MessenPass is a free password cracking tool that will easily reveal passwords of your AOL, Yahoo! Messenger, Google Talk, MSN or any other instant messenger clients.

Since most messengers (like Google Talk or Yahoo! Messenger) require the same username / password combination to login as the mail account, MessenPass can effectively be used to recover your (or someone else's) Google Account, AOL or Yahoo! Mail password.



MessenPass works only if you have selected the "Remember Password" setting while logging into your messenger program. It detects the Instant Messenger applications installed on your computer, decrypts the passwords they store, and displays all user name/password pairs in a text or Excel file.

This may be a useful but quite dangerous tool as well - it's so small that it can run off your USB drive and requires no installation .

The only workaround is to deselect the "Remember password" while starting your IM client. MessenPass doesn't crack Skype or Hotmail passwords yet.

Download MessenPass [IM Password Recovery Software]

Sunday, August 2, 2009

HACK ADMIN PASSWORD ANY OPERATING SYSTEM

Now you can hack the admin password of any operating system using OPHCRACK.

What is Ophcrack?

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Features:
* » Runs on Windows, Linux/Unix, Mac OS X, ...
* » Cracks LM and NTLM hashes.
* » Free tables available for Windows XP and Vista.
* » Brute-force module for simple passwords.
* » Audit mode and CSV export.
* » Real-time graphs to analyze the passwords.
* » LiveCD available to simplify the cracking.
* » Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
* » Free and open source software (GPL).

How to use?
Simple. Just download the .iso file. It is a live cd. Burn the file to a cd and boot the system you want to hack with it.


CLICK HERE TO START [XP] [412 MB]


CLICK HERE TO START [VISTA] [493 MB]