Vulnerability:- Adobe Shockwave Player

A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available.

As always, Tech-da-Hack recommends that users follow best security practices by keeping their anti-malware software and definitions up to date.

WiFi Alliance now certifies WiFi Direct products

First demonstrated at CES 2010, Wi-Fi Direct has taken another step to become part of the Wi-Fi usage spectrum.

The Wi-Fi Alliance, the group that tests and certifies Wi-Fi products to make sure they interoperate, announced today that it has begun certifying products capable of making Wi-Fi-based device-to-device connections and designating them Wi-Fi Certified Wi-Fi Direct.

Traditionally, Wi-Fi clients need to connect to a central place, called an access point, before they can connect to one another in their "infrastructure" mode. Other than that, they can also connect in pairs via a mode called "ad-hoc," which is limited both in range and throughput speed.

Wi-Fi Direct, on the other hand, allows Wi-Fi devices to connect to one another without an access point at the same speed and range of the infrastructure mode. They can also establish a connection much faster via Wi-Fi Protected Setup, a method that enables connecting devices by pressing a button. In other words, Wi-Fi Direct allows Wi-Fi products to connect much like Bluetooth devices but at a much faster speed and a much longer range.

With this flexibility, Wi-Fi Direct devices fill an important hole in daily usage: directly connecting devices for applications such as content sharing, synching, printing, and gaming anywhere, without users having to carry along an access point.

According to the Wi-Fi Alliance, another advantage of Wi-Fi Certified Wi-Fi Direct devices is the fact that they can work with traditional Wi-Fi Certified devices, as they act as a mini access point, to which traditional Wi-Fi products can connect.

The Wi-Fi Alliance say that it formed the test suite for the certification program by using the following products, which are also the first that are designated Wi-Fi Certified Wi-Fi Direct:

• Atheros XSPAN dual-band 802.11n PCIe mini card (AR928x)
• Broadcom BCM43224 dual-band 802.11n 2x2 MIMO PCIe half mini card
• Intel Centrino Advanced-N 6200
• Ralink MIMObility 802.11n 2x2 PCIe half mini card
• Realtek RTL8192CE-VA4 HM92C00 PCIe mini card

The group used the Cisco 2106 Wireless LAN Controller and Cisco Aironet 1240 Series Access Points for the certification test suite.

Source: http://news.cnet.com/8301-1035_3-20020539-94.html?part=rss&subj=news&tag=2547-1_3-0-20#ixzz13OTTmF00

Print a message as many times you like!

This fun hack is a VB script which will keep on displaying "You are a fool." and even can make the computer to hang as this will keep on displaying for "n" number of times.

For this VB script we just need to type the following command in the notepad::

Set wshShell = wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "You are a fool."

loop

and save it as "anyname.vbs".

Enjoy The Fun Of Scripting ...

Public computers are now secure for Facebook

Users who access their Facebook account from public computers can now have some peace of mind when logging in. A new feature from Facebook will send you a password on your registered mobile,and then you can use that password to log in. For getting the password, you'll have to text "otp" to 32665 from the mobile registered on Facebook. The benefit of this password is that it will expire after 20 minutes.
So, if you wish to re-login then you'll have to send the text message again.


Another feature that has been enabled is similar to a feature provided by Gmail. It displays details about all the "Active Sessions" that you may have from other computers. This happens if you had selected the "Stay Signed In" box while logging-in.

Facebook is rolling the feature out gradually, and it should be available to everyone in the coming weeks.

PASSWORD REVEALER

Many people have the habit of saving their facebook, orkut , yahoo passwords on their computer. What if we want to hack their id or know their password,We cannot do that by using any kind of key logger or any such tools. So, What do we do?

In such case we have to look for some other alternative .Now , What can that alternative be?

You don't have to worry about that, as we are always present to help you. The solution is that we use some password revealing software/tool to get the encrypted password revealed .There are many tools available on the Internet. One of such tools is snadboy. This tool helps one reveal saved passwords. It is also very easy to use.

How to get it and use it?

Step 1:Just download this tool from the Internet by a simple google search.(or www.snadboy.com)

Step 2:Install it on the system from which you want to get the password revealed .

Step 3:You will find a symbol(as below) just hold it and drag it on to the saved password and the encrypted message will be revealed in the tool window.

MAC SPOOFING

First of all a question arises that what is MAC address?

MAC stands for media access control address. It is the hardware network address for the network interface cards.

Now why do we have spoof it?

We have to spoof it in the cases when you are performing some administrative task or in case you are performing some kind of crime and you don't want to get caught. As MAC is the physical address it remains constant until and unless you manually change it. And if you don't change it and and perform some kind of unauthenticated task police easily catches you with the help of your MAC number.So, it is essential to spoof your MAC address.

How do we know our MAC address?

To know your MAC address simply go to command prompt and type " ipconfig/all " this will show all the network adapters and interface cards present. And the physical address would be your MAC address.

How do we spoof our MAC?

There are two basic ways of doing so::

1. Manually editing it from the registry.

2. Using some third party software to do it.

1. Manually editing it::

Step 1: Click on run and type regedit.

Step 2: go to

HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Control -> Class ->{4D36E972-E325-11CE-BFC1-08002BE10318}

Step 3: Now under {4D36E972-E325-11CE-BFC1-08002BE10318} you will find different subheadings like "0000","0001" and so on. now manually click on each subheading and on the right hand side many options will be shown check for NetworkAddress.

Step4: Once you find NetworkAddress click on it and enter the new 12 digit mac number without gap and click on ok.

Step 5: Once all this is done now goto the control panel -> Network Connections and disable and enable the network card. This will change your MAC address.

How do we get our MAC address back?

In order to get the old MAC address back simply delete the entry which you had made. This way you can get back your MAC.

The MAC spoofing with the help of third party software will be discussed in another post.

Airtel 3G

Airtel has recently launched a page in its domain which shows the benefits of 3G features that Airtel users might be able to access. It has not yet announced any date for the launch of 3G,but the site shows the features of 3G.

This page seems to be an informational page and will be helpful to those consumers who wish to gain more information about 3G and its benefits.

The addition of this page to airtel.in shows that we are soon going to get 3G service from this telecom operator.

Eagerly waiting.....!

Fun Hack cont...

POP out your friend's CD/DVD Drive. If he/she has more than one, it pops all of them out.
Type :

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save it as "anyname.VBS" and send it.

Strong password

A Good Password must have 3 properties ::

1.IT SHOULD BE A COMBINATION OF ALPHABETS CHARACTERS(LOWER & UPPER CASES)AND NON ALPHABETIC CHARACTERS(*&^$).
2.SHOULD NOT BE YOUR NAME RELATIVES (GF/BF).
3.IT SHOULD NOT BE TOLD TO ANYONE.

Password hacking

Many a times we want to hack the password of some person 'xyz' and we keep thinking of the ways we can do it. And there may be is a chance that this person uses your laptop / computer at times to check his/ her email/facebook or orkut or any of it. We also want to see the details or the chat history i.e. who did he chat with and what did he chat.

Now how do we do to get these information ? Just go and ask him...

No, he will to tell you all this. Now to know all this secretly and without his/her knowledge we can use certain third party tools named the "KEYLOGGERS" these are the tools which help you can make the logs of the things done on the computer by him or her,the best part of these monitoring tools is that they can be easily be hidden and the user cannot come to know that they are present.And one more thing few of these tools also work on remote systems.

How to look for them :: just go to google and type keyloggers and you find a large range of them. But the few, which are working properly and We personally have worked with are:

1. Ardamax Keylogger: This is a very good and effective tool in the case of key loggers. Easily available on the Internet. This works on remote systems also. But this is a paid version, And we all know how to use torrent .

2. Child safe: This is also equivalent to Ardamax but works only on a personal system. This has a very effective snapshot feature. They are easily available on the Internet.

3. Actual spy: It is just a key logger but very effective and easy to use. This is a freeware available on the Internet.

4.Perfect keylogger: This has an advance feature of taking snapshot at every mouse click. Not a freeware .Available on the Internet.

How to use them ??

step 1: Download any one of them.

step 2: Install it on the system where you want it to log the data from(if remote system attach it to a file and send it to your friend and as soon as he clicks on the file at the background it will get installed) we will make another post about "How to attach a keylogger to a file".

step 3:Look at the instructions and carefully configure the logger as required.

step 4: Be careful because it might log your data also, If installed on your system.

This way you you can log the data ...

Fun Hack

Here are few of the pranks which you can play with your friends. on a remote system and on your own system which will make them feel that the system has got some viruses in it.

THESE COMMANDS HaVE TO BE WRITTEN ON NOTEPAD::

1.Display a little message and shut down his/her computer :

Type :

@echo off

msg * I don't like you

shutdown -c "Error! You are too ******!" -s

Save it as "Anyname.BAT" in All Files and send it.

2. Toggle your friend's Caps Lock button:

Type :

Set wshShell =wscript.CreateObject("WScript.Shell")

do

wscript.sleep 100

wshshell.sendkeys "{CAPSLOCK}"

loop

Save as "Anyname.VBS" and send it.

Fun Hack cont...

2. Open Notepad and slowly type "Hello,friend how are you? I am fine bbye tc":

Type :

WScript.Sleep 180000

WScript.Sleep 10000

Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.Run "notepad"

WScript.Sleep 100

WshShell.AppActivate "Notepad"

WScript.Sleep 500

WshShell.SendKeys "Hel"

WScript.Sleep 500

WshShell.SendKeys "lo "

WScript.Sleep 500

WshShell.SendKeys ", fri"

WScript.Sleep 500

WshShell.SendKeys "end"

WScript.Sleep 500

WshShell.SendKeys " how"

WScript.Sleep 500

WshShell.SendKeys " are"

WScript.Sleep 500

WshShell.SendKeys "you"

WScript.Sleep 500

WshShell.SendKeys "? "

WScript.Sleep 500

WshShell.SendKeys "I a"

WScript.Sleep 500

WshShell.SendKeys "m f"

WScript.Sleep 500

WshShell.SendKeys "ine"

WSc, hoript.Sleep 500

WshShelw al.SendKeys " bb"

WScript.Sleep 500

WshShell.SendKeys "ye "

WScript.Sleep 500

WshShell.SendKeys " tc"

Save it as "Anything.VBS" and send it.

Email Spoofing

Some times we just want to hack someone's password for the sake of sending some mails to their girlfriends / boyfriends or may be just friends from their IDs. It is not always essential to hack passwords for just sending few mails. you can do it without logging in their accounts.

Many of us must be wondering that how is it possible to send mails without logging in into someone's account.

We'll tell you.
There are two ways of doing this :
1. Via telnet
2. Via online websites

1.TELNET ::
Step 1. Goto command prompt and type

telnet mx1.hotmail.com 25 //(this will connect you to the smtp server or hotmail)

Step 2. type
HELO hotmail.com //(this will confirm your connection)

Step 3. type
MAIL FROM : (senders address)

Step 4. type
RCPT TO: (receivers person)

Step 5. type
DATA

Type your message, finish the message by a full stop (.) on a new line and press enter and here you have just sent your first spoofed mail.



2. Via Online Web-site::
This is a really easy method of spoofing a mail.
Step1: Google for a site which can spoof a mail for you.

Here are few for your ease:
-->http://mailz.funmaza.co.uk/
-->http://www.anonymailer.net/
-->http://www.sendfakemail.net/fakemail/

Step 2: This will open few pages which will ask for the details of mail. Just enter the details as per requirement and send

Step 3. Take a sip of coffee!! and your mail is sent. And you just have spoofed a mail.

--------------------------------------------------------------------------------------------------------------------------------------------------------