Disqus for Cyber Fort

Showing posts with label computer security. Show all posts
Showing posts with label computer security. Show all posts

Wednesday, 16 April 2014

How to Open Adf.ly Blocked Links in India

2 Comments

You know what is Adf.ly. It is a URL Shortener service which pays for every visit your URL gets. It became so popular in only few days and everyone in the world started to use it to earn some decent bucks. But unfortunately it is blocked in India and some other countries. If you are living in india, you may be familiar with this problem because nowadays most of the outgoing download links are from adf.ly. Anyway it is not at all a problem now. I figured out something which allows you to open the links.
If you want to go to adf.y, then you are blocked (let it be adf.ly/xxxx)
Just ad v2 in front of adf.ly (v2.adf.ly/xxxx)
Now go to v2.adf.ly and continue your service.
Update: If adding v2 is not working then try adding httpS:// instead of http://. 
Your Old Link – http://adf.ly/xxxx
Your New Link – https://adf.ly/xxxx
Note: When bypassing the links from above sites, Remove https:// and replace it with http://..

pls comment u get any queries . . . .
Read More

Monday, 17 March 2014

Google Public DNS Server Traffic Hijacked

3 Comments
The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World's largest and most widely used Google's free public DNS (Domain name system) resolvers raised security red flags yesterday.
DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon, Google's DNS server 8.8.8.8/32 was hijacked yesterday for 22 minutes.

The Google's DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions, Governments were redirected to BT’s (British multinational telecommunications services company) Latin America division in Venezuela and Brazil.Hackers exploited a well-known vulnerability in the so-called Border Gateway Protocol (BGP), which is used to exchange data between large service providers, and hijacking could allow the attackers to simply re-route the traffic to a router they controlled. 
BGP attack is the man-in-the-middle attack at large scale and harder to detect, as the traffic still reaches its legitimate destination and which was first demonstrated in 2008 by two security researchers - Tony Kapela and Alex Pilosov.

It's not the first time when Google Public DNS service has been hijacked. In 2010, DNS server traffic was hijacked and redirected to Romania and Austria.

Read More

Tuesday, 11 March 2014

Nokia X launched in India for Rs 8,599: Nokia’s first Android phone

Be The First To Comment

nokia android phone
Nokia has launched its first Android device for India at an event in Mumbai. The Nokia X will be available from today for Rs 8,599. That price is slightly higher than the Rs 8,500 tag it was expected to sport, and could be the major factor in the final equation, Nokia is positioning the X series below its Lumia line, but above the Asha range, so it is expected to bridge the gap between the two price points. It must be noted that the price announced is the MOP (Market Operative Price) of the phone, so the box price (or MRP) is higher.
While the Nokia X has been launched, the company didn’t launch the X+ or the XL in India. Both are expected to launch in the next couple of months. The Nokia X run Android, but the login and app data is tied to Microsoft’s cloud services, and not Google as in any other Android phone. The phones run a version of Android Open Source Project, with access to sideloading of apps, third-party app stores and Nokia’s own store. You will find Microsoft essentials instead of Google services. Indian buyers will not get free Skype calls to mobiles and landlines when they purchase the Nokia X, due to regulatory hurdles.
The Nokia X features a 4-inch display with a 800×480 pixel resolution. It sports a low-powered Snapdragon S4 SoC with dual-core processor, which given the other specs should be enough for most use cases. The dual-core processor is clocked at 1GHz. There’s 512MB of RAM on the Nokia X, and it has 4GB internal storage and the ability to take in microSD cards up to 32GB in capacity. 
The Finnish company has decided to go with a 3-megapixel primary shooter, and there’s no front-facing camera. That’s a bit of a disappointment for the selfie-obssessed and Skype users, though you can still use Skype on the phone. The Nokia X gets a 1500 mAh battery, rated for around 13 hours of talk time on 2G and 17 days standby time. In terms of connectivity, the X and X+ have dual SIM slots, 3G cellular data, Wi-Fi b/g/n and Bluetooth 3.0.
view more at :-  ezivera
Read More

Tuesday, 4 March 2014

Change Your IP in Less Then 1 Minute

1 Comment


1. Click on “Start” in the bottom left hand corner of screen
2. Click on “Run”
3. Type in “command” and hit OK
 You should now be at an MSDOS prompt screen.
4. Type “ipconfig /release” just like that, and hit “enter”
5. Type “exit” and leave the prompt
6. Right-click on “Network Places” or “My Network Places” on your desktop.
7. Click on “properties”
You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.
8. Right click on “Local Area Connection” and click “properties”
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab.
10. Click on “Use the following IP address” under the “General” tab.
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
13. Hit the “Ok” button here.
14. Hit the “Ok” button again.
You should now be back to the “Local Area Connection” screen.
15. Right-click back on “Local Area Connection” and go to properties again.

16. Go back to the “TCP/IP” settings.
17. This time, select “Obtain an IP address automatically” tongue.gif
18. Hit “Ok”
19. Hit “Ok” again
20. You now have a new IP address
With a little practice, you can easily get this process down to 15 seconds.

NOTE:- This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back.

more info- Ezivera 
Read More

Thursday, 20 February 2014

Which Browser Is Better for Privacy And for Security Purpose

Be The First To Comment

Dear Lifehacker, 
With Firefox getting ads and Chrome extensions spying on me, is there really one browser that's better than the others when it comes to privacy? Does it matter if I use something like Opera or Safari instead? Is my browser watching what I'm doing and reporting back? P
That's a great question, and the answer isn't as clear cut as you might think. Different browsers handle user data in different ways, and when you toss add-ons and extensions into the mix, the picture changes even more. Let's take a look at some of the most popular browsers from a privacy angle, and see who has your back when it comes to tracking—or not tracking—what you do online. 

Chrome, and Google's Position on Browser Privacy

Google Chrome, being the dominant web browser in most of the world, has taken a few hits lately in the privacy department. Between adware-filled extensions and microphone-listening exploits, It might look like Chrome has privacy problems. However, both of those issues are third parties using a combination of built-in features and user trust to spy on them—it has nothing to do with the browser itself. We'll get to how third parties play into things a little bit later, but first, let’s talk about Chrome on its own.

Firefox, and the Mozilla Foundation


Firefox has long been touted as the best browser for privacy. It's open source, managed by the non-profit Mozilla Foundation (of which, it should be noted, Google is an investor), and is at the core of most privacy-focused browsers (like the previously mentioned Tor Browser Bundle). Even on the mobile side, Firefox for Android is open source and its code available to anyone who wants it. By most accounts, Mozilla is completely above board with what Firefox does, and the Foundation doesn't trade in user data, so there's no reason for them to harvest it.

What About Opera, Safari, and Internet Explorer?

So if you don't use Firefox or Chrome, where does that leave you? We asked the EFF, but none of their experts had any knowledge when it came to browsers that weren't Chrome or Firefox. They did, however, note that privacy advocates generally prefer open source browsers like over closed-source, proprietary ones like Apple's Safari and Microsoft's Internet Explorer. The EFF praised both however for pioneering their own privacy features, like Safari's 3rd party cookie blocking and IE's Tracking Protection Lists. Still, the fact that you can't see under the hood and that neither have developer APIs makes them tough to analyze. 

The Bottom Line: No, Your Browser Doesn’t Make a Huge Difference

So where does that leave us? Well, your browser is probably sending some information back to the company that created it, but that information is explicitly used to support the features you have turned on. As long as you trust the developer behind your favorite browser, this isn't an issue. Bonus: there's nothing dangerous or invasive about using Chrome sync or Firefox sync.


Read More

Sunday, 16 February 2014

Chrome, Firefox face threat of mischievous cyber attacks

Be The First To Comment

New Delhi: Multiple vulnerabilities have been detected in popular web browsers Google Chrome and Mozilla Firefox and cyber security sleuths have advised Internet users in the Indian cyberspace to guard against arbitrary activities on their systems.
In view of these suspicious virus-based activities, Internet users have been asked to upgrade their personal versions of these two most used web browsers on their work stations.

“Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird and SeaMonkey which could be exploited by a remote attacker to bypass certain security restrictions, disclose potentially sensitive information, gain escalated privileges, execute arbitrary code and causes denial of service condition on the affected system,” the Computer Emergency Response Team of India (CERT-IN) said in its latest advisory to online users in the country.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet arena.

“The two web browsers are an important tool for Internet surfing among Indian online consumers. The anomalies have been detected recently and it would be advised that users upgrade their existing versions sooner than later. These activities are mischief on part of hackers or they are harmful viruses,” a cyber security expert told PTI.
The agency, in its advisory, said the vulnerability is caused “due to improper restrict access to ‘about:home’ buttons by script on other pages in Mozilla Firefox”.

“A user-assisted remote attacker could exploit this vulnerability using a crafted website or webpage. Successful exploitation of this vulnerability could allow user-assisted remote attacker to cause a denial of service condition,” the CERT-In said.
Similar issues have been reported in the popular browser offered by Google.

“Multiple vulnerabilities have been reported in Google Chrome which could be exploited by a remote attacker to cause denial of service condition or execute arbitrary code on the target system,” the agency said.

The maximum damage these vulnerabilities can cause, the advisory said, was memory corruption, unwanted downloading of files, loss of sensitive information (when Mozilla Firefox is used in Android phones) and cause of denial of various services on the Internet to the user.

The agency advised Internet users to either user proper security patches (Mozilla Firefox) or upgrade the browser version (Google Chrome).

The affected software systems include “Firefox versions prior to 27.0, Firefox extended support release (ESR) versions prior to 24.3, Thunderbird versions prior to 24.3, SeaMonkey versions prior to 2.24 and Google Chrome prior to version 32.0.1700.102".

Read More

Thursday, 13 February 2014

J.A.R.V.I.S : Artificial Intelligence Assistant Operating System for Hackers

Be The First To Comment

A group of Indian Hackers has designed Artificial Intelligence Assistant Operating System called 'J.A.R.V.I.S' , who recognizes them, answer questions, tweet for them and Collect information, scan targets for them.

Chiragh Dewan, a 18 year old student who is currently pursuing his BCA has taken the initiative to be the first Indian to complete this project J.A.R.V.I.S , which is inspired by Iron Man’s (movie) artificial intelligence assistant Jarvis.
With his team of 7 including Himanshu Vaishnav, Mayur Singh, Krishanu Kashyap, Vikas Kumar, Vinmay Nair and Sravan Kumar, they are about to finish the 3rd level of the project.
Their long term goal is to create an OS which could adapt itself according to the user's needs. Like if a doctor is using the OS, it will adapt itself so as it is capable of helping him out in his field like searching for new techniques, medicines, help in their research, etc. Add for architects, other professions. 
Project Task Completed: In the current version of Jarvis v1.0, it is capable of:
  • Answering questions asked by the administrator
  • Compile reports on any topic asked by the user.
  • Control lights by voice.
  • Basic interaction with the user.
  • Handling Facebook, Email and Social profiles of users
  • Using Twitter Account with voice control
  • Basic OS kernel is ready.
  • Can Scan targets for Hackers
  • Gathering Basic information about the target
All the above functionalities are completely controlled by voice. It has only been four months since they have started this project and have achieved a lot in this short period of time.

The team will announce the OS publicly soon after completion of phase 3, but for now Chiragh proudly shows off his creation on the J.A.R.V.I.S project website.

Read More

Top 7 Best Operating System For Hacking

Be The First To Comment


Hacking is not an art than can be mastered overnight, it requires dedication and off-course time. Have you ever thing why Hacking is possible because of “unaware developers and inappropriate programming techniques” . As a Ethical hacker i personally realize that You can never stop hackers to hack something, you can just make his task harder by putting some extra security. if you are really interested in Hacking, You need to be know Which Operating systems are used Hackers.

Today i want to say u that which is the best operating system for hacking a/c hackers .
1.  Kali Linux :-



Kali Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub.
2. BackTrack 5r3 :-

The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.
3. BackBox Linux :-

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.
4. Samurai Web Testing Framework :-

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
5. NodeZero Linux :- 
Best-operating-system-used-for-Hacking1
Penetration testing and security auditing requires specialist tools.The natural path leads us to collecting them all in one handy place. However how that collection is implemented can be critical to how you deploy effective and robust testing.
All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
6.  Knoppix STD :-
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.



7.  CAINE :-
Best-operating-system-used-for-Hacking1
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.



Read More

Sunday, 26 January 2014

Common Methods to Hack a Website

2 Comments
Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.


The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. 
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.


In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:

' OR 1=1 double-dash-txt.png 

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username =USRTEXT ' 
AND password = ‘PASSTEXT
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '
Two things you need to know about this:
['] closes the [user-name] text field.
'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc. 
Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go to hack a Bank! 

Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidentlyBut the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:
  • admin'—
  • ') or ('a'='a
  • ”) or (“a”=”a
  • hi” or “a”=”a
… and so on.

Cross site scripting ( XSS ):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack )


A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking




Cookie Poisoning:



Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");


It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'


and so on...

You may have to try 13 things before you get it completely right...

Password Cracking


Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it. 
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.

Know more about Brute force attack

A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes. 

hope u like this article...
Read More