World Of Tricks

Twitter suffered a hack attack overnight, with its Web pages redirecting to a site for the “Iranian Cyber Army.” Twitter later Friday posted an update that said its domain name records “were temporarily compromised but have now been fixed” and promised another update “once we’ve investigated more fully.”

Iranian reformist Web site Mowjcamp also appeared to be hacked by the same group.

TechCrunch has a number of screenshots and videos of the hacks, which also affected Google’s listing for the sites.

It wasn’t immediately clear who was responsible for the attacks.

As The Wall Street Journal reported earlier this month, Iran has been conducting a campaign of harassing and intimidating members of its diaspora world-wide — not just prominent dissidents — who criticize the regime, according to former Iranian lawmakers and former members of Iran’s elite security force, the Revolutionary Guard, with knowledge of the program. Part of the effort involves tracking the Facebook, Twitter and YouTube activity of Iranians around the world, and identifying them at opposition protests abroad, these people say.

There is a severe security risk in Firefox, that most people aren’t even aware of. All the passwords stored or “remembered” in the browser are accessible to anyone who happens to get on their computer (both physically or with hacking tools). Just try this in Firefox:Show saved passwords.


1. Go to Tools -> Options and select the Security tab.
2. Press the Show Passwords button in the middle-right of the window.
3. You should now see a list of sites and your usernames stored. Press Show Passwords again.

See what I mean? Anyone who has access to your computer could have a pretty good “look” at those…

The way to protect yourself from this danger, is to either use a special software such as KeePass to store passwords, or to use Firefox’s own Master Password option (MPW). To enable it, go back to the Security tab in the Options window and check the box Use a master password. Set the Master Password and you’re a lot safer!

Now, every time you start your browser and log in somewhere, Firefox will ask for the Master Password. You won’t be asked for it any more. It will also ask the MPW when trying to view saved passwords the way I explained earlier or when doing anything else with your personal data. This tool will really help you in remembering passwords, as I hope every one of yours is different… Or it’d better be…

A bad guy can also use a plugin or script to view saved passwords in Internet Explorer, but there is no Master Password tool to protect yourself with. Another point for Firefox.

Trojan’s are the most dangerous of all types of attacks.

What are Trojans?

Trojans are small programs through which the hacker gain control over your system. Although, most of the Trojans are detected by anti virus programs but the frequency with which these programs are written is far more than the anti virus updating system.

Some common features with Trojans are as follows:

• Capturing screenshots of your computer.

• Recording key strokes and sending files to the hacker

• Giving full Access to all your drives and files.

• Ability to use your computer to do other hacking related activities.

Every Trojan has two parts a Client and a Server. In order to gain access, the server file must be installed in the target computer.

How this is done?

Initially this was done using a simple email. The hacker will send you an email with some sort of attachment (the Server File). The matter of that mail will make you open that attachment, when you double click on it you will see nothing but in the background the server file gets installed on your system.

Now, all the hacker has to do is just use the client file to connect to your system.

But this method became so popular that the hacker has to search for some other technique to achieve the above objective.

How many of you have played small computer games such as “shooting bird”, “catching butterflies”, “slapping some face”, etc

Now, in this technique the hacker joins two exe files into a single file i.e. the server file + the game file.

In this case when you open the attachment you will see the game but at the same time the server also gets installed on your system.

This is just one way; there are many other ways to achieve this objective. So always be careful whenever you are opening an unknown attachment, or while visiting unsafe websites, while chatting, etc.

Here is a list of the top 10 hacks of all time.

Early 1990s
Kevin Mitnick, often incorrectly called by many as god of hackers, broke into the computer systems of the world's top technology and telecommunications companies Nokia, Fujitsu, Motorola, and Sun Microsystems. He was arrested by the FBI in 1995, but later released on parole in 2000. He never termed his activity hacking, instead he called it social engineering.

November 2002
Englishman Gary McKinnon was arrested in November 2002 following an accusation that he hacked into more than 90 US military computer systems in the UK. He is currently undergoing trial in a British court for a "fast-track extradition" to the US where he is a wanted man. The next hearing in the case is slated for today.

1995
Russian computer geek Vladimir Levin effected what can easily be called The Italian Job online - he was the first person to hack into a bank to extract money. Early 1995, he hacked into Citibank and robbed $10 million. Interpol arrested him in the UK in 1995, after he had transferred money to his accounts in the US, Finland, Holland, Germany and Israel.

1990
When a Los Angeles area radio station announced a contest that awarded a Porsche 944S2 for the 102nd caller, Kevin Poulsen took control of the entire city's telephone network, ensured he is the 102nd caller, and took away the Porsche beauty. He was arrested later that year and sentenced to three years in prison. He is currently a senior editor at Wired News.

1983
Kevin Poulsen again. A little-known incident when Poulsen, then just a student, hacked into Arpanet, the precursor to the Internet was hacked into. Arpanet was a global network of computers, and Poulsen took advantage of a loophole in its architecture to gain temporary control of the US-wide network.

1996
US hacker Timothy Lloyd planted six lines of malicious software code in the computer network of Omega Engineering which was a prime supplier of components for NASA and the US Navy. The code allowed a "logic bomb" to explode that deleted software running Omega's manufacturing operations. Omega lost $10 million due to the attack.

1988
Twenty-three-year-old Cornell University graduate Robert Morris unleashed the first Internet worm on to the world. Morris released 99 lines of code to the internet as an experiment, but realised that his program infected machines as it went along. Computers crashed across the US and elsewhere. He was arrested and sentenced in 1990.

1999
The Melissa virus was the first of its kind to wreak damage on a global scale. Written by David Smith (then 30), Melissa spread to more than 300 companies across the world completely destroying their computer networks. Damages reported amounted to nearly $400 million. Smith was arrested and sentenced to five years in prison.

2000
MafiaBoy, whose real identity has been kept under wraps because he is a minor, hacked into some of the largest sites in the world, including eBay, Amazon and Yahoo between February 6 and Valentine's Day in 2000. He gained access to 75 computers in 52 networks, and ordered a Denial of Service attack on them. He was arrested in 2000.

1993
They called themselves Masters of Deception, targeting US phone systems. The group hacked into the National Security Agency, AT&T, and Bank of America. It created a system that let them bypass long-distance phone call systems, and gain access to the pbx of major carriers.

These days Agents spy on you everywhere, in college, at work, maybe a trojan virus on your home PC which keylogs your paswords and mails it to someone else. If you think you are being logged, try this:

Whenever you have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as [ndowwis] instead of [WINDOWS].

Haha, keylogger fooled. Use this trick whenever you login from a Cyber café or any Computer that is not yours.

Want to Reveal the Passwords Hidden Behind Asterisk (*****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your 'Username' and 'Password'.

3) Copy and paste the JavaScript code given below into your browser's address bar and press 'Enter'.
javascript: alert(document.getElementById('Passwd').value);

4) As soon as you press 'Enter', A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox.

Keyloggers are specially devised programs that are installed inside a computer via a Trojan, a virus or a worm. Once inside, the Keylogger will auto execute and start recording all the key strokes made by the computer user. Once a determined period of time has gone by, the Keylogger will send the keystroke information to the hacker who sent this infectious software.

Then the hacker will start searching key combinations that can lead him to determine the password for determined web pages. This simple and effective method is a favorite among hackers since it can provide them with lots of private information from their victims.

Many computer users have more than one email account, especially if they use the messenger services from multiple providers, like Microsoft's Hotmail, Yahoo's Email or AOL email. It doesn't matter if you have one or many email accounts, every one of them may be a victim of a hacker. Even with the security measures imposed by the companies, Yahoo password hacking or hotmail hacking still exist. And it's very improbable that will disappear.

So, if you want to protect yourself from people who are hacking yahoo accounts or whose whole purpose in life is to do some MSN hacking, then increase the number of special characters in your password and try not to access your email account from a computer that is not yours. And that goes to IM's too. The ability for hacking yahoo messenger or any other IM provider it's a latent danger for all of us.

Some of the examples of Keyloggers are :
Golden Keylogger
Elite Keylogger
Perfect keyloggger
Ardmax Keylogger
Win-Spy Keylogger
Family Keylogger
and many more…..

This download of O’Reilly Hacks All-In-One pack is divided into 4 rapidshare download links which has 26 ebooks.

01- O’Reilly Paypal Hacks
02- O’Reilly Amazon Hacks
03- O’Reilly Wireless Hacks
04- O’Reilly Network Security Hacks
05- O’Reilly eBay Hacks
06- O’Reilly Word Hacks
07- O’Reilly Flash Hacks
08- O’Reilly Yahoo Hacks
09- O’Reilly Google Hacks
10- O’Reilly Firefox Hacks
11- O’Reilly Windows XP Hacks
12- O’Reilly Windows Server Hack
13- O’Reilly PC Hacks
14- O’Reilly IRC Hacks
15- O’Reilly PDF Hack
16- O’Reilly Podcasting Hacks
17- O’Reilly Swing Hacks
18- O’Reilly BSD Hacks
19- O’Reilly Spidering Hacks
20- O’Reilly Visual Studio Hacks
21- O’Reilly Car PC Hacks
22- O’Reilly Digital Video Hacks
23- O’Reilly Digital Photography Hacks
24- O’Reilly Mapping Hacks
25- O’Reilly Halo 2 Hacks
26- O’Reilly Retro Gaming Hacks

http://rapidshare.com/files/25115586/B000121.part1.rar

http://rapidshare.com/files/25116322/B000121.part2.rar

http://rapidshare.com/files/25133288/B000121.part3.rar

http://rapidshare.com/files/25134067/B000121.part4.rar

Password : xylofon

This post will explain you about Phishing which came across me when I used to learn hacking related stuffs. In this post I will be explaining you mode of operation of Phishing starting from scratch. Though phishing is old ,it poses as a great threat in the world wild wide web. For security it is needed to get into the source loop holes. So, lets start without wasting much time.


Definition
Phishing is simply the act of creating fake page of any legitimate web-service and host them on net in order to fool the user to get the passwords, credit card no .,social security no. etc

Requirements

1. Web browser (mozilla firefox, internet explorer)

2. Text editor (ex: notepad ,kwrite)

3. Knowledge of basic HTML and some scripting languages like php, javascript etc.

4. Web hosting resource

Mode of operation::
I will provide quite simple steps.

1.The source code of the target website is obtained by using in built function of web browsers .

Ex: For mozilla firefox page source code can be obtained by
option 1) by navigating to page source present in edit tab.
option 2) pressing ctrl+u
option 3) right clicking and selecting view page source

2. All the source code is copied into an editor.

3. Now , the action attribute of form element is searched.

• Form elements are elements that allow the user to enter information (like text fields of username ,password , textarea fields, drop-down menus, radio buttons, checkboxes, etc.) in a form.

•When the user clicks on the "Submit" button, the content of the form is sent to the server. The form's action attribute defines the name of the file to send the content to. The file defined in the action attribute usually does something with the received input.

5. From the above explanation it is quite clear that by editing the action attribute we can send information (like user account information) .

6. As the last step ,manipulated web page is hosted in the web and victims are made to use them using some social engineering technique.

social engineering ::Social engineering is a collection of techniques used to motivate people into performing actions that will reveal confidential information.


Prevention
1. Don't blindly believe any kind of mail without authenticity.
2. While logging in give a close look at the domain name
3. Change your passwords regularly.
4. Use some web-site advisory software (now a days comes with internet security softwares).ex:Wot
5. Always be alert.

This one has got to deal with very own age old social engineering (Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information)which still clicks.
Now a days cyber criminals ,specifically spammers are increasingly using celebrities' names to tempt people into opening emails.They rely on the fact that we are indeed a curious species, and we do seem to have an unrelenting interest in scrutinizing the personal lives of politicians.So Mr. Barack Obama who is the junior United States Senator from Illinois and a candidate for the Democratic nomination has become eye candy for spammers.
Specifically three types spam mails relating to him are currently circulating in the internet.

1.Barack Obama Sex tape spam
2.Barack Obama Survey Gas Card spam
3.Barack Obama Transexual affair spam

Let's come to the first one

1.Barack Obama sex tape spam mail as the name says typically persuades recipients to open the attachment included by fooling them in to thinking it leads to a sex tape starring Barack Obama. . Even his biggest supporters would surely baulk at seeing him indulging in some bedroom As would his detractors, surely.

When the unwitting and novice user clicks on Download and view now button he will never get the stuff that lured him.What he gets is a gift of a trojan horse known as Mal/Hupig-D.

2.According to Trend Micro, a new email currently circulating, asks the recipient to participate in a survey with the gratifying moulder being a chance to win a free $500 gas card. We all love contests, and with the chance to win $500 in gas, who wouldn’t click on the link. Good old social engineering ,huh !!

But here’s the pitfall; click on the link and you arrive on the Smileycentral.com, web site which is a distributor of malware under the best of circumstances.

The prominent “Always Free” button on this site, if clicked, will lead to a request that you download an ActiveX control which, when downloaded, will begin the process of installing the ADW_MYWEBSEARCH Trojan on your system.


3.Barack Obama Transexual affair spam mail gives a link which purportedly leads to a video of Barack Obama disclosing his transsexual affairs.Those that are gullible enough to follow this link will be enticed to download the file - Barack_Obama-videostream.v182.exe - which has been classified as a malware agent - BKDR_AGENT.ABTQ.

So what does make thes spam mails so feared ??

Ans: They are designed to drop malicious code, including rootkits, password stealers, trojan horses, and spam bots on our computers. Malicious code that can lead to identity theft and the theft of your passwords, bank account numbers, and other personal information.

What should I do when I get these mails ??

Ans:Report them here IC³ (Internet Crime Complaint Center)

Of course delete them ..