May 31, 2011

Do Apple, Google and Microsoft Know Your Every Step?


Do Apple, Google and Microsoft Know Your Every Step?


If you are using android/apple/windows based phone.Be aware apple, Google and Microsoft know every step you do.

one side-effect of the iOS secret-tracking fiasco is that a lot of other different types of location data and transmissions to and from your smart phone are being conflated into your phone's platform founder.





To simplify all this (hopefully),here is what's happening on three of the major platforms.


We're talking about two completely separate issues when it comes to your phone and location data. The first issue is the location data collected by your phone and transmitted to Apple, Google or Microsoft about nearby cell towers, Wi-Fi hotspot and potentially GPS coordinates.The location services are opt-in and your data is anonymized. The second issue is the location data your phone is storing locally on the phone itself.

The reason your phone beam a bundle of location data back home every,, so often is so that when your phone asks where it's at???—like when you're using an app like google map—it can be located pretty quickly using the database of known cell towers and Wi-Fi hotspots (crowd sourced by you and your phone). Apple and Google, further, collect anonymous data about traffic conditions when you're using GPS.

Every so often, if—and only if—you've turned on location services, your phone will hit up home base with the package of information it's collected about cell towers and Wi-Fi hotspots it's passed by. That data is anonymized, though everybody does assign a unique ID to the data. Microsoft explains it's so they can "can tell difference between one person going back to a location 15 times or 15 people going to a location once." This all happens in the background. And again, if you turn off location services, you opt out of all of this.

The difference between all of the platforms comes down to how they store data locally. Microsoft says Windows Phone only locally caches the single most recent location entry. Android apparently stores the 200 most recent Wi-Fi hotspots and 50 most recent cell towers it's seen.and for ios tracking your location—based on cell towers—in a database that's on your phone and on your computer, going back to whenever you installed iOS4, in a way that's fairly easily accessed if someone gains physical control of your phone or machine.The best you can do right now, if you're concerned about it, is to encrypt your iPhone backups.
http://petewarden.github.com/iPhoneTracker/#faq

And that's way, way different from what anybody else is doing with location data and services.one way to avoid all this tracking is to modify our OS,,but that is out of our level...

References

http://daringfireball.net/linked/2011/04/21/andy-ihnatko-location-log
http://hackaday.com/2011/04/25/location-tracking-droid-does/

May 30, 2011

Cain RDP (Remote Desktop Protocol) Sniffer Parser

I was searching for some stuffs while i found this so i thought to share it here

As some of you may know, Cain has the ability to ARP poison, sniff and pull off a man in the middle attack against the RDP/Remote Desktop/Terminal Services protocol.  It's kind of hit a miss depending on the network layout and what version of RDP is in use. Pulling out keystrokes from the decrypted log file made by Cain can be quite a chore, so I coded up this quick little parser. Normally you would have to look through the RDP logs Cain makes by hand, searching for entries like "Key pressed client-side: 0x5 - 'a'". Using my script you can interpret those logs and save the keystrokes sent by the client to the server. This is very useful for finding passwords that may have been sent over the RDP session. I plan to use this script in a future video, but for now it can be downloaded from the following link:



         Just choose the file you want to parse, then choose a name for the output text file.

May 26, 2011

Need Writers For Hacking-class



Hello !! I want to thank our visitors for visiting this blog and making it a good blog :)

I am busy in my studies and other works so not able to give more time Hacking-class . I am requesting for peoples who would like to write articles for this blog .

Doesn't Matter Who you are whether a n00b or a l33t . Doesn't matter where you are from . Doesn't matter you are Hindu or Muslim ( I believe in mankind ) ..

But the least requirement is you interest and your dedication towards hacking..

If you are interested Do mail me at samthedoode@gmail.com or for more easier access directly add me at
www.facebook.com/sauravhacker


A offer for Beginner Bloggers or Blog Starters  

Of being a author here I will my self Personally Look After your Blog Statistics  and you will have a link back to your blog on Hacking-class.

May 25, 2011

Securing Your Wireless Network | A white paper from Hackersbay



Sorry Guys I was out from many days .. I am back with a new article about Securing Wireless Networks - A white paper from Hackersbay

Here are the few Terminologies, You should know About Wireless networked systems..!! if u don understand this underlyin concepts, it lll be a hard time for u to guarding yo Wireless network..

SSID: (Service Set Identifier) If u having a wireless router or modem the Hardware must have SSID(Like Namin a New born Baby, Yo can name ur Router How it wann be called ba others,But If u take any BSNL Connection Wi fi ASDL Modem Comes With SSID name May be second name of yo father)


Router has a 

Device Burned With MAC &SSID Found in the Picture(WANADOO-02DB)
functionality that it can broadcast or stealth broadcast Which means if u scan for wireless networks u often find networks in Broadcast mode (I.e Tikona 1800 204 3333)Like that…In stealth Broadcast we cant identify the wireless network.. MODEM Don have this fuckin option, so that’s y weneva u scan any, u find some home networks modem range..but u can proceed only after Given SSID in the prompt box..!! 




 WEP: (Wired Equivalence privacy) this Protocol givea Base level security for all wi fi vendors and system Can benefit from OSI Standardization effort..Tha
fat ass option is one can Set in “ON” Or
“OFF”To use this…But Mostly all jerks n Geeks Forcibly set this “ON”

 WPA: (Wi Fi Protected Access) A security protocol tat was designed to secure Wireless Technology and To overcome the WEP Limitations..!! (WPA & WPA2 )

 TKIP: (Temporal Key Intergrity protocol) It’s a More secure version of WEP and it utilize the WPA For Network Security, It uses Some Diff kinda Algorithms than WEP, More trusted Encryption tunnels.(But trust me, most admin will not use this, But the Company Security policy wants to maintain diff security scheme for each heirerachy of the employes in the Org…Admins will deploy this feature)
 
MAC: (Media Access Control) Its used to get Multiple access in a Networked Environment,But MAC Address is a 12Digit Hexa decimal number that is associated with Network adapter, MAC Address is unique to each IP Address…(00-12-FA-WE-3R-TR) First 6 digits Says 00-12-FA Manufacturer Code Which say Network Adapter belongs to Whom, And next 6 digit Was assigned to unique Persons WE-3R-TR.

 DHCP : (Dynamic Host Configuration Protocol)  its one of the inbuilt features of Router..It services for the User who restarts the system, Generates the fresh IP address to them to frame the Device address in the network


Whether you are in Wired or wireless Environment..Yo are under Scan by some1 eye, TCP Monitor Or Any one Can use Sniffer tools like packetyzer to and can read your communication Coz all the transportations are not encrypted..

POSSIBLE ATTACKS: 

EAVESDROPPING (Installing Malicious tools and Make ur machine as a listener, And he hacker gets all packet information coz it was redirected by him to server)

DoS Attacks  Injecting Noise Or Interfrences in the wireless network Infinitely, Cause inturn Denial for particular service which tey Requested,Remember A Hacker Can Extract the SSID name of the network in Response to His ICMP Packets..This gives u a Glimpse of Dos Attacks

WEP Encryption “TURN ON
WEP Encrytion is the standard Encryption scheme for all OSI Network Complicance Products, It comes With Encryption, But doesn’t” TURNED ON” Automatically, Do it And Change all the defaults in the Newly purchased Router..So yo have changed SSID, And Turned On WEP…. I Assume.
 
DUMP THE DEFAULTS  Change all your defaults passwords.And keep this Security checklist With you…! Which also Includes Changing the Default Subnet that is 192.168.1.0 

 
Find the Original White Paper By h4ckfreak at Hackersbay

May 12, 2011

How to Hack Email Account with Cookie stealing [For Newbies]

How to hack Email account:

If you are a newbie and don't know about cookie, then for your information, Cookie is a piece of text stored on user computer by websites visited by the user. This stored cookie is used by webserver to identify and authenticate the user. So, if you steal this cookie (which is stored in victim browser) and inject this stealed cookie in your browser, you can imitate victim identity to webserver and enter hisEmail account easily. This is called Session Hijacking. Thus, you can easily hack Email account using such Cookie stealing hacks.

Tools needed for Cookie stealing attack:

Cookie stealing attack requires two types of tools:
  1. Cookie capturing tool
  2. Cookie injecting/editing tool
1. Cookie capturing tool:

Suppose, you are running your computer on a LAN. The victim too runs on same LAN. Then, you can use Cookie capturing tool to sniff all the packets to and from victim computer. Some of the packets contain cookie information. These packets can be decoded using Cookie capturing tool and you can easily obtain cookie information necessary to hackEmail account. Wireshark and HTTP Debugger Pro softwares can be used to capture cookies.

Update: Check out my Wireshark tutorial for more information on cookie capturing tool.

2. Cookie injecting/editing tool:

Now, once you have successfully captured your victim cookies, you have inject those cookies in your browser. This job is done using Cookie injecting tool. Also, in certain cases after injection, you need to edit cookies which can be done by Cookie editing tool. This cookie injection/editing can be done using simple Firefox addons Add N Edit Cookies and Greasemonkey scripts. I will write more on these two tools in my future articles.

Drawbacks of Cookie Stealing:

Cookie Stealing is neglected because it has some serious drawbacks:
  1. Cookie has an expiry time i.e. after certain trigger cookie expires and you cannot use it to hijack victim session. Cookie expiry is implemented in two ways:
    1. By assigning specific timestamp(helpful for us).
    2. By checking for triggers like user exiting from webbrowser. So, in such cases, whenever user exits from his browser, his cookie expires and our captured cookie becomes useless.
  2. Cookie stealing becomes useless in SSL encrypted environment i.e. for https (Secure HTTP) links. But, most Email accounts and social networking sites rarely use https unless vicitm has manually set https as mandatory connection type.
  3. Also, most cookies expire once victim hits on LogOut button. So, you have to implement this Cookie stealing hack while user is logged in. But, I think this is not such a serious drawback because most of us have the habit of checking "Remember Me". So, very few people actually log out of their accounts on their PCs.
So friends, this was a short tutorial on basics of how to hack Email account using Cookie Stealing. As I have stated, Cookie stealing has some disadvantages. But, I think Cookie stealing is a handy way to hack an Email account. In my next articles, I will post detailed tutorial to hack Facebook and Gmail accounts using Cookie stealing. If you have any problem in this tutorial on how to hack Email account using Cookie stealing, please mention it in comments.

Enjoy Cookie stealing trick to hack Email account...

VIa = http://www.go4expert.com

May 9, 2011

Anonymous IRC networks - irc.anonops.net & irc.anonops.ru Compromised

Dear Users of the AnonOps Network,

We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan". He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them. We however still have control over AnonOps.in, and will continue to publish news there.

We would STRONGLY ADVISE all users to STAY AWAY from AnonOps.net and AnonOps.ru, and they should be considered COMPROMISED. Using or connecting to any service on those addresses may put your computer, and by extension your person, at risk.

We will continue to update you on this story, as well as on how we proceed with the future of Anonops.

We are profoundly sorry for this drama, and we can't give you a an estimate on when service will resume normally.

Alas, the IRC-network will probably remain down until we can sort this out.

We will try to keep you up to date you via our official channel (anonops.in).
Signed,
The "Old" AnonOps netstaff.
"shitstorm", "Nerdo","owen","blergh", and "Power2All"



P.S: Further notices on AnonOps.net/ru will probably be posted to dispell this one, and any unavailablity of AnonOps.in will only prove this message is true. THIS IS NOT A JOKE, THIS ISN'T A LIE, THIS IS THE TRUTH AND WE ARE SORRY FOR THAT.
P.P.S: The person behind this attack is also involved in the "new" Encyclopedia Dramatica (encyclopediadramatica.ch) . If you have previously signed up as a user with a legitimate email-address/password, you should take caution and consider that your account and password *might* be compromised.
tl;dr: 

AnonOps.ru/net got hijacked by a rogue admin, and no longer has anything to do with AnonOps, this domain should NOT be used if you wish to connect to the legitimate AnonOps network. Please use anonops.in instead. Sorry!

May 4, 2011

CHANGE THE COLOR OF THE WINDOW START BUTTON

For those of you using Windows XP and getting tired of the green start button, listen up! Here is a straight forward article showing you how to change the color of the Windows XP start button for free.The XP start button consists of three layers: a bitmap file, a start text, and a hover text.

Thanks to this circumstance you can simply change the color of the underlying bitmap image layer.


This hack describes how to change the color of the windows xp start button from the “Default (blue)” and “Olive Green” sub-designs of the “Windows XP Style” to a color of your liking. The same procedure can also be used to change other elements and designs.

First of all, you will need to download and run a tool called Resource Hacker. It will show you the contents of the file that we’re going to edit.
Before you start, I recommend to make a backup of any files that you are going to change.

To make a backup, open your Windows system root folder, typically found under C:\Windows. Alternatively you can go to > Start > Run, type %systemroot% in the field, and click OK. Within the folder, go to > Resources > Themes > Luna. You can also go there directly by tying %systemroot%/Resources/Themes/Luna in the Run dialog box.

Make a backup copy of the file “luna.msstyles”.



Now run Resource Hacker and open “luna.msstyles” and expand the following folders: > Bitmap > BLUE_STARTBUTTON_BMP. Here, you see the dreaded green color background image that is going to be changed.

Save the bitmap image to your desktop through > Action > “Save [Bitmap: BLUE_STARTUPBUTTON_BMP: 1033] …” and leave Resource Hacker open.


Open the saved bitmap image in a program such as Photoshop or Paint and work on the colors until you’re happy. Don’t change the original dimensions of the image and save it as bitmap (.bmp file). For this demonstration, I simply inverted the colors.

Once you have a new image, go back to Resource Hacker, click > Action, > “Replace Bitmap …”, and a window will open. In the top left click on > “Open file with new bitmap …”, select the .bmp file you edited, and click > Replace in the bottom right.


Don’t forget to save your changes in Resource Hacker, then close the program.

To see your changes, you must either reboot or change back and forth between two Windows styles. Right-click onto your desktop, select > Properties, go to > Appearance and switch the sub designs. To the left, you see my admittedly ugly result.

As mentioned previously, this hack describes changing the start button color for the “Default (blue)” and “Olive Green” designs. To change the button for the Silver design, edit and replace the bitmap image for METALLIC within the Bitmap folder of the luna.msstyles file.

Enjoy Hacks!!

Credits ===|


http://www.techieblogie.info/2011/02/how-to-change-color-of-windows-xp-start.html





May 3, 2011

Firefox a inbuilt keylogger

I am sorry if you thought something else while visiting this post :P

Mozilla Firefox can be turned  undetectable keylogger. This keylogger will be used to store all the usernames and passwords that will be entered by the user.

Steps to Turn Your Firefox Into A KeyLogger


  • Close Firefox Application if open
  • Go to: Windows- C:/Program Files/Mozilla Firefox/Components
  • Find The Script Named " nsLoginManagerPrompter.js"
  • Click here to download the file unzip it and simply overwrite the existing nsLoginManagerPrompter.js with it, it is one already edited to save all usernames and passwords with user intimation.

From now on, when someone logs onto any site, they username and passwords will bw saved automatically, without prompt!

To retrieve the account information, make sure Firefox is opened, go to Tools > Options > Security Tab > click on saved passwords, then click on show passwords, and press yes
 
This is not a remote keylogger but a good one if your victim uses your computer while managing his accounts ;)

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More