1. Cross site scripting (XSS)
The problem: The “most prevalent and pernicious” Web application security vulnerability, XSS flaws happen when an application sends user data to a Web browser without first validating or encoding the content. This lets hackers execute malicious scripts in a browser, letting them hijack user sessions, deface Web sites, insert hostile content and conduct phishing and malware attacks.

Attacks are usually executed with JavaScript, letting hackers manipulate any aspect of a page. In a worst-case scenario, a hacker could steal information and impersonate a user on a bank’s Web site.
Real-world example: PayPal was targeted last year when attackers redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were redirected to a phishing site and prompted to enter PayPal login information, Social Security numbers and credit card details.
How to protect users: Use a whitelist to validate all incoming data, which rejects any data that’s not specified on the whitelist as being good. This approach is the opposite of blacklisting, which rejects only inputs known to be bad. Additionally, use appropriate encoding of all output data. Validation allows the detection of attacks, and encoding prevents any successful script injection from running in the browser.
2. Injection flaws
The problem: When user-supplied data is sent to interpreters as part of a command or query, hackers trick the interpreter which interprets text-based commands into executing unintended commands. Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application. In the worst-case scenario, these flaws allow an attacker to completely compromise the application and the underlying systems, even bypassing deeply nested firewalled environments.
Real-world example: Russian hackers broke into a Rhode Island government Web site to steal credit card data in January 2006. Hackers claimed the SQL injection attack stole 53,000 credit card numbers, while the hosting service provider claims it was only 4,113.
How to protect users: Avoid using interpreters if possible. If you must invoke an interpreter, the key method to avoid injections is the use of safe APIs, such as strongly typed parameterized queries and object relational mapping libraries.
3. Malicious file execution
The problem: Hackers can perform remote code execution, remote installation of rootkits, or completely compromise a system. Any type of Web application is vulnerable if it accepts filenames or files from users. The vulnerability may be most common with PHP, a widely used scripting language for Web development.
Real-world example: A teenage programmer discovered in 2002 that Guess.com was vulnerable to attacks that could steal more than 200,000 customer records from the Guess database, including names, credit card numbers and expiration dates. Guess agreed to upgrade its information security the next year after being investigated by the Federal Trade Commission.
How to protect users: Don’t use input supplied by users in any filename for server based resources, such as images and script inclusions. Set firewall rules to prevent new connections to external Web sites and internal systems.
4. Insecure direct object reference
The problem: Attackers manipulate direct object references to gain unauthorized access to other objects. It happens when URLs or form parameters contain references to objects such as files, directories, database records or keys.
Banking Web sites commonly use a customer account number as the primary key, and may expose account numbers in the Web interface.
References to database keys are frequently exposed. An attacker can attack these parameters simply by guessing or searching for another valid key. Often, these are sequential in nature.
Real-world example: An Australian Taxation Office site was hacked in 2000 by a user who changed a tax ID present in a URL to access details on 17,000 companies. The hacker e-mailed the 17,000 businesses to notify them of the security breach.
How to protect users: Use an index, indirect reference map or another indirect method to avoid exposure of direct object references. If you can’t avoid direct references, authorize Web site visitors before using them
5. Cross site request forgery
The problem simple and devastating this attack takes control of victim’s browser when it is logged onto a Web site, and sends malicious requests to the Web application. Web sites are extremely vulnerable, partly because they tend to authorize requests based on session cookies or “remember me” functionality. Banks are potential targets.
Ninety-nine percent of the applications on the Internet are susceptible to cross site request forgery.
Real-world example: A hacker known as Samy gained more than a million “friends” on MySpace.com with a worm in late 2005, automatically including the message “Samy is my hero” in thousands of MySpace pages. The attack itself may not have been that harmful, but it was said to demonstrate the power of combining cross site scripting with cross site request forgery. Another example that came to light one year ago exposed a Google vulnerability allowing outside sites to change a Google user’s language preferences.
How to protect users: Don’t rely on credentials or tokens automatically submitted by browsers. The only solution is to use a custom token that the browser will not ‘remember’.
6. Information leakage and improper error handling
The problem: Error messages that applications generate and display to users are useful to hackers when they violate privacy or unintentionally leak information about the program’s configuration and internal workings.
Web applications will often leak information about their internal state through detailed or debug error messages. Often, this information can be leveraged to launch or even automate more powerful attacks.
Real-world example: Information leakage goes well beyond error handling, applying also to breaches occurring when confidential data is left in plain sight. The ChoicePoint debacle in early 2005 thus falls somewhere in this category. The records of 163,000 consumers were compromised after criminals pretending to be legitimate ChoicePoint customers sought details about individuals listed in the company’s database of personal information. ChoicePoint subsequently limited its sales of information products containing sensitive data.
How to protect users: Use a testing tool such as OWASP’S WebScarab Project to see what errors your application generates. Applications that have not been tested in this way will almost certainly generate unexpected error output.
7. Broken authentication and session management
The problem: User and administrative accounts can be hijacked when applications fail to protect credentials and session tokens from beginning to end. Watch out for privacy violations and the undermining of authorization and accountability controls.
Flaws in the main authentication mechanism are not uncommon, but weaknesses are more often introduced through ancillary authentication functions such as logout, password management, timeout, remember me, secret question and account update .
Real-world example: Microsoft had to eliminate a vulnerability in Hotmail that could have let malicious JavaScript programmers steal user passwords in 2002. Revealed by a networking products reseller, the flaw was vulnerable to e-mails containing Trojans that altered the Hotmail user interface, forcing users to repeatedly reenter their passwords and unwittingly send them to hackers.
How to protect users: Communication and credential storage has to be secure. The SSL protocol for transmitting private documents should be the only option for authenticated parts of the application, and credentials should be stored in hashed or encrypted form.
Another tip: get rid of custom cookies used for authentication or session management.
8. Insecure cryptographic storage
The problem: Many Web developers fail to encrypt sensitive data in storage, even though cryptography is a key part of most Web applications. Even when encryption is present, it’s often poorly designed, using inappropriate ciphers.
These flaws can lead to disclosure of sensitive data and compliance violations.
Real-world example: The TJX data breach that exposed 45.7 million credit and debit card numbers. A Canadian government investigation faulted TJX for failing to upgrade its data encryption system before it was targeted by electronic eavesdropping starting in July 2005.
How to protect users: Don’t invent your own cryptographic algorithms. Only use approved public algorithms such as AES, RSA public key cryptography, and SHA-256 or better for hashing.
Furthermore, generate keys offline, and never transmit private keys over insecure channels.
9. Insecure communications
The problem: Similar to No. 8, this is a failure to encrypt network traffic when it’s necessary to protect sensitive communications. Attackers can access unprotected conversations, including transmissions of credentials and sensitive information. For this reason, PCI standards require encryption of credit card information transmitted over the Internet.
Real-world example: TJX again. Investigators believe hackers used a telescope-shaped antenna and laptop computer to steal data exchanged wirelessly between portable price-checking devices, cash registers and store computers, the Wall Street Journal reported.
“The $17.4-billion retailer’s wireless network had less security than many people have on their home networks,” the Journal wrote. TJX was using the WEP encoding system, rather than the more robust WPA.
How to protect users: Use SSL on any authenticated connection or during the transmission of sensitive data, such as user credentials, credit card details, health records and other private information. SSL or a similar encryption protocol should also be applied to client, partner, staff and administrative access to online systems. Use transport layer security or protocol level encryption to protect communications between parts of your infrastructure, such as Web servers and database systems.
10. Failure to restrict URL access
The problem: Some Web pages are supposed to be restricted to a small subset of privileged users, such as administrators. Yet often there’s no real protection of these pages, and hackers can find the URLs by making educated guesses.
The attacks targeting this vulnerability are called forced browsing, which encompasses guessing links and brute force techniques to find unprotected pages.
Real-world example: A hole on the Macworld Conference & Expo Web site this year let users get “Platinum” passes worth nearly $1,700 and special access to a Steve Jobs keynote speech, all for free. The flaw was code that evaluated privileges on the client but not on the server, letting people grab free passes via JavaScript on the browser, rather than the server.
How to protect users: Don’t assume users will be unaware of hidden URLs. All URLs and business functions should be protected by an effective access control mechanism that verifies the user’s role and privileges. Make sure this is done … every step of the way, not just once towards the beginning of any multistage process.
Quote this message in a reply

Read More

dont try it on my website or you will be dead man.

warning : For educational purpose only

here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting

[ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.target.com .

Try typing www.target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.


For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.target.com . We find it's hosted by www.host.com at 100.100.100. 1.



We then go to 100.100.100.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading

Read More

Introduction

Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of facebook account hackings seem to be on the increase (at least I've been getting more bogus messages recently), and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.

Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on facebook, you are risking your information and that of your friends.

Prevention Techniques

It is much easier to prevent having your account hacked than to recover from a hacked account. Here are some good security practices that you should keep in mind not only for Facebook, but for any other web site account you might have.

Don't use Internet Explorer

There are a lot of security problems with IE. I recommend that you use Firefox instead. Other possible browsers are Safari and Opera, along with the new Chrome from Google.

One of the nice things about Firefox is all of the add-ons you can get. Some of the add-ons that I consider essential are:

• Adblock Plus — you don't see any ads
• NoScript — won't allow a web site to run Javascript unless you give it permission

Since ads are suppressed, you are less likely to see dangerous links. By blocking Javascript on all but the web sites you trust, you are less likely to see dangerous links. Firefox will prevent cross-site linking, which is a practice that hackers use to insert dangerous code within regular looking links.

Never click on a link

Never click on a link contained in any e-mail message or IM. Also, never type a URL directly into the address bar of your browser.

When you get an e-mail with a link, don't click on it. Hover your mouse over the link and right-click the mouse, and select "Copy Link Location" in Firefox. Next, paste the link into Google and click on search. You should see at the very top of the search results the page you expected. If, however, you see comments about phishing, malware, etc. then you know not to go there.

If somebody tells you a URL to type into your browser, ignore them. Instead, type the URL into the Google search bar and hit ENTER. As above, you should see the page you were expecting. If not, then either you made a typo, the person giving the URL was wrong, or the site is dangerous.

It is a common practice by malware writers to purchase domain names similar to valid sites, especially commonly mispelled names. They then set up a web site that looks the same as the real site. When you click on any link on the bogus site, you run the risk of downloading malware. These sites will also try to get the user to enter passwords or personal information.

Use a strong password

Find a balance between a password that is easy for you to remember and one that is hard to guess. It should have at least 6-8 characters, and should include letters and digits or possibly symbols. You should never use any word that would appear in a dictionary, the names of your pets, spouse, kids, friends, etc. There are several techniques you can use to do this:

One trick is to make up a saying or phrase and then use the first letter of each word, or possibly a symbol to represent the word. For example, let's use the phrase "This is my secret password for facebook." We could make that "t=msp4fb". We could emphasize certain words to make the password even stronger: "THIS is my SECRET password for FACEbook" can become "T=mSp4Fb"

You can make up your own symbols for words, such as "=" for is or equals, "<" for less than, before, left, etc. and ">" for greater than, after, right, etc. There is a special language call leet that might give you some more ideas for symbols. If you use leet, you might want to type short words in leet rather than just the first letter. Be careful using uncommon symbols, some systems might have problems with strange characters in the password field.

Don't use the same (or similar) password for more than one site. At a minimum, make sure your Facebook password is completely different than your password for any other site.

Don't Give Out Your Password

Of course, having a strong password doesn't help if you give your password to others. Although you hopefully would not give your password to a stranger, there are many ways in which malicious users can trick you into revealing your password. A common way is to create web sites that look like legitemate web sites, and when the victim attempts to login, their user name and password are saved and used later to hack into their account.

Facebook offers a very sneaky way of getting you to enter your user name and password: by offering to help you find your friends on facebook. Facebook asks you for your email address and password, and then uses this information to access your address book / list of contacts. They then search facebook for any matches. The problem, of course, is that your email address and password are now stored inside a facebook database. And, since facebook doesn't have a history of keeping your private information very private, you should be very concerned about that. If you want to find friends on facebook, search for them using their email address.

If you have already given out your email address and password, change your password immediately. If, in the future, you need to enter that information, I would recommend that you login to your email account, change the password to something simple (like "secret") and then submit that password. Once you have done what you needed to do, go back into your email account and change your password to something strong.

Always logout when you are done

I recall using a public terminal, and going to LinkedIn, and was surprised to find myself logged in as someone else. If you don't logout when you are done, you risk having somebody else do things with your account or download key loggers, malware, etc.

Some web sites use cookies to remember who you are so that you don't have to sign in each time. While this might be convenient when using your desktop at home, it can be disasterous on your laptop, cell phone, or PDA. When you logout, that usually destroys the cookies so that you will have to login the next time.

Change your password fairly often

If you change your password too often, it makes it hard to remember, and you might start writing it down, which would be very dangerous. The idea is to change your password often enough so that by the time somebody figures out your password, you have changed it.

Make sure you don't have a pattern between different passwords. If your password is secret1, then secret2 isn't a good password. (Of course, secret1 is a lousy password to begin with.)

Don't let others use your computer, phone, PDA, etc.

I realize that some of your friends might think you are strange if you don't let them use your computer to check their e-mail, but remember that they might accidentally download some malicious program, or actually post or send something under your name. Usually these messages are funny or embarassing, but you haven't any control.

Of course, if you have logged out from all of your applications, your friend won't be able to access your accounts, but they can still download malware to your computer.

Run Anti-virus and anti-spyware software

Not only should you run anti-virus software, but make sure you get updates on a regular basis. I usually run an update every morning, followed by a scan of my computer. Most computers come with anti-virus, but if you need a free program, try AVG Free.

Most people know about anti-virus, but not as many are aware of anti-spyware software. This works similar to anti-virus, but it is looking for programs that do things like track your web browsing. Here are some free anti-spyware software that I have used:

• Spybot Search and Destroy
• Lavasoft Ad Aware

Facebook Dangers

• Personal Information
• Friends List
• Applications

Personal Information

Facebook has some additional features that make it easier to expose your information. For one thing, you are more likely to include personal information on the web site. Be very careful because this can be used for identify theft. You can also help burglars know when you are going to be away from home for long periods of time ("I'm leaving tomorrow to XXXX for a whole three weeks!"). I have heard (but not confirmed) that someone had their place broken into after they mentioned going away for a long weekend on facebook.

Depending on how much information you put into your profiles, you might be at risk for identity theft. All that is needed to identify a person is their birthday, their sex, and their zip code. If you have your birthday, address, and phone number, you are making it easy for somebody to steal your identity. With that information, people can search various on-line databases to uniquely identify a person. Since most people on facebook use their actual names, that makes identity theft even easier. Don't display your birth year. Just put the city name instead of your actual address; if you live near a large city, then enter that name instead of your actual town. And be careful what you post on your wall. I've seen people put their actual address, their cell phone number, when they were going to be away, etc. on their wall, which is very dangerous.

Friends List

Some people accept any friend request they get, whether they know the person or not. This is a serious problem, since whoever you accept will be able to see all your personal information. They can also see personal information about your friends. So, even if you only accept friends from people you know, if you have a friend that accepts anybody's request, your personal information might be exposed. Make sure your personal settings are restricted to "friends only", not "friends of friends."

Debt collectors have been known to find people who are behind in their debts, send them a friend request, and then start to bother them. If they can't conect to the person of interest, they try to friend their friends. In one case, they friended the person's mother and told them that failure to pay might end up in jail time. A few clever collectors have their profile picture set to a cute young woman in order to get men to accept their requests. (read more details)

Most employers will search facebook, myspace, etc. to find out more about people applying for a job. So having those embarassing pictures open to the public might prevent you from landing your next job. Do you want your future employer reading your smart aleck comments on your wall?

You can create several different friends lists, and then assign different permissions to each list. This will allow you to accept a friend request and still restrict what they can see. With this arrangement, your close friends can see everything you have on Facebook, but your business or casual friends will only see some basic information. You can read more aboutmanaging friends lists.

Applications

Another serious danger on facebook are all of the applications. Any application that asks to access your profile information puts your information at risk. What's worse, if any of your friends use those applications, they also put your information at risk, even if you never run an application. Supposedly, these applications only use this feature to put the results and some cute picture on your home page, or help you remember events, birthdays, etc. However, facebook doesn't bother to check any of these applications. There is no rating system, so that you have no idea if the application is safe or malicious.

The ACLU has highlighted these dangers recently by creating their own quiz, which displays all the information that is available to the quiz. It is important to realize that quizzes aren't created by facebook, but by facebook users - any facebook user can create a quiz. Why would you trust an anonymous programmer that you know nothing about with not only your own personal information, but information about all your friends? When you run a quiz, you give the application permission to access anything in your profile,including your friends' profiles. A quiz can do anything you can do on facebook; actually, even more. And no virus or malware scan will even see any of this, let alone prevent it.

It is important to realize that applications aren't affected by what browser you run or what anti-virus or anti-malware software you run. The damage isn't done on your machine, it is done on the facebook servers. As soon as you run an application, you have given it permission to do anything it wants to any and all of your information, and any information you can see about your friends. And remember, the people who write applications aren't hired by facebook, they are anyone who wants to write an application.

What kind of problems can applications raise?

Photo of the Day

There was one application called Photo of the Day that actually sent your personal information to the author. This was built as part of a research project, and became quite popular, without people knowing that their information was being compromised.

The Danger of Facebook Quizzes

Many people seem to enjoy taking lots of quizzes on facebook. There are several problems with quizzes:

• Accuracy - does anyone actually believe those quizzes?
• Exposure - the authors have access to all your answers and your personal information
• Control - you are giving the application permission to do things in your name

For example, the article The Danger of Facebook Quizzes gives examples of how quizzes have been used to sell personal information to drug and marketing companies, based on your answers. So if you mention you have trouble sleeping, you might start getting e-mail, junk mail, or even phone calls trying to sell you sleep products.

One quiz asked the names of your pets, kids, spouse, etc. These are what many people use for their passwords. Even if you don't use them for passwords, the information you provide might be used by a malicious person to construct a message using social engineering that looks genuine, but isn't. For example, someone could send something to your friend and mention your brother John, or your dog fluffy, which can cause your friend to think they are talking to one of your friends.

Facebook Fan Check (or Stalker Check)

There are rumors going around that the Fan Check (which used to be known as stalkercheck) is a virus.

I would like to remind people that any application that asks permission to access your profile puts your facebook account at risk (and the facebook accounts of all your friends as well.)

However, what is going on might be something different. It might be a fake virus alert to trick you into infecting your computer.

Here is how these kinds of things work:

• Somebody starts a rumor that something is actually a virus.
• They include a link to some site that supposedly "fixes" the virus.
• The link actually contains malware that will infect your computer.

At this point, there is no proof that Fan Check / stalker check is a virus. I know of two friends who have used it, and neither have reported any problem.

Remember, be *very careful* before installing anything on your computer. This shows how people can be tricked into downloading something to "fix" a problem they think they have, when they are actually infecting their computer with malware.

Any time something asks permission to access your profile, I recommend you say "no". Granted, you won't be able to take the lame quizzes, or stick silly pictures on your page, but at the same time, you are less likely to have your identity stolen or your account hacked. The choice is yours.

Recovering After Being Hacked

Most people know they should close the barn door after the horse got out, but what should you do if your account has been hacked? For starters, you should change your password. That may or may not prevent future problems, but it can't hurt. If you used the same password (or a similar password) for any other accounts, make sure you change those as well.

The next thing you want to do it try to figure out how your account got hacked. If you have run a new application, maybe you want to block it. Of course, clever authors of malicious software won't do anything at first, and wait a while before doing anything bad. That makes it more difficult to identify the source of the problem. If you don't really need some application, get rid of it. Better safe than sorry.

Notify your friends. If your account has been hacked, your friends are in danger of being hacked as well. If you know the cause, warn them not to click on the application, message, etc.

Check your account settings, especially all of your security settings. Malicious software often tries to spread as much as possible. By letting all people view your information, it will increase the chances that somebody else might get infected with whatever trashed your account.

Read More

Facebook users can lean on a new app to help them fight spam and malware.

Designed by a team of students at the University of California at Riverside, MyPageKeeper is a free Facebook app that continually monitors wall posts and news feeds for malicious content. If the app suspects that any content may contain spam or malware, it alerts you and gives you the ability to remove it.

Beyond protecting your own Facebook account, it can also protect the accounts of friends who may get infected by viruses or hit by spam just by viewing your page.

Why should you use MyPageKeeper?

MyPageKeeper protects your Facebook profile and online reputation. Hackers, malicious individuals and even Facebook friends can unknowingly post malicious content on your wall. Visitors to your wall may get infected with viruses, may get scammed by phishing and spam campaigns. Using MyPageKeeper puts you in charge of what content can be allowed on your wall and news feed. You have the power to protect your friends visiting your profile from getting infected with malware.

What does MyPageKeeper do?

MyPageKeeper scans and monitors all content posted on your wall and news feed. It uses advanced techniques to identify whether a piece of content is malicious, spam or related to phishing. Continuous monitoring and the latest web-based malware detection technologies allows MyPageKeeper to protect your online persona on Facebook.

Do you have to pay anything for MyPageKeeper?

As with most things on the web, MyPageKeeper is FREE to use.



So get installed this app and be secure..

Here is the link to the app,

http://apps.facebook.com/mypagekeeper/

Read More

Even after the virus is totally removed from the system, some users find it difficult to restore all those things back which were affected by the virus. A virus usually when enters into a system disables the registry editor and task manager so that the user can not remove the virus from the system.

Here is a free tool Re-Enable using which even a novice users can fix all the things which were disabled by the virus. An antivirus can remove the virus files but sometimes it may fail to restore the system settings. In such situations this tool can come handy.

The program has the ability to restore functionality to these Windows features:

• Windows Registry
• Command Line Tool
• Windows Task Manager
• System Restore Config
• Folder Options
• Run command
• My Computer
• Task Scheduler
• Right Click Context menu
• Ms-Config (Xp only)
• Control Panel
• Search

You will require dot net 3.5 or higher version to run this software. Or if you don’t want to download .Net framework then you can try the portable version of this software.

Read More

How to use Keyscrambler Personal:

1. Free download Keyscrambler Personal to protect yourself from keyloggers.

2. Install this Keyscrambler software on your computer and restart.



3. Now, after restart, whenever you will hit any keystroke, you can see the encrypted corresponding keystroke in Keyscrambler overlay window.

Read More

Guyz 1st Go Here Norton Safe Web and Click on Allow Application it will take serval minutes and after Some time it will show you result of you profile account..:)

Read More

These days Agents spy on u everywhere, in college, at work, maybe a trojan virus on your home PC which keylogs your paswords and mails it to someone else.
If u think u r being logged, try this:


Whenever u have to type a password, never type the complete password in one go, ie, if your password is WINDOWS, u should type NDOW, then move cursor to start of the password field using the mouse ONLY, then type WI, then move cursor to end using the mouse and type S. This way the logger will record your keystrokes as ndowwis instead of WINDOWS.
Haha, keylogger fooled.


Another method is the use of Virtual Keyboard.
go to Start->All Programs->Accessories->Ease of Access–>select On-Screen Keyboard


There are some softwares also which can do the work for you:


Paid Antilogger Software :
This software would take of all your most important components like Keyboard, Hard Drive, Screen by looking for suspicious activity like webcam loggers, screen loggers, SSL loggers, keyboard loggers etc which try to send out information out of your computer connection without your knowledge. There is a 30days free trail during which you can try out all the features of this program and then buy the paid version at 37.75$ if you are satisfied with the application and when you feel you are completely secured.
(Download it from here)

KeyScrambler Personal :: Add-ons for Firefox ( Download it from here )

KeyScrambler Premium v2.6.0.2 ( Download it from here )
or How to use it Tutorial

SpyShelter Personal Free 4.5 ( Download it from here )

So guys Use the above techniques and secure your personal datas !!!

Read More

How to Know if You Are Infected with RATs or Keyloggers

In this post i am going to show you how to find out when you are infected with a RAT or Keylogger without using any complex tools. Now i believe most of you might know that you need to have an internet connection to make a RAT or a Keylogger work, which would mean, if you are not connected to internet, you don't have to worry about being infected with RAT or Keylogger Ok, so for those who have internet connection and think they are being infected with a Trojan, here is a little guide that can solve your problem.

1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process theTrojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.

2. If you cant find, then the next thing you can do is use cmd 
(to open cmd prompt, Click on Start--->Accessories-->Command prompt).
3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!

Now we wonder What this Command does? 
This command will show all the opening ports. Now check for any unknown port.

4. You can skip step 3 if you want, and can do this instead.

Open command prompt and type netstat -b

Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.

5. Go to your task manager. On the top of it, 
click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.

Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit ---> HKLM\Software\Microsoft\Windows\Current version\Run
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\Windows\Current Version\Run
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.

Read More

in this article I will show you how to use a simple Google Dork to access unprotected webcams online.There are thousands of unprotected webcams available online, Since many Webcams use known protocols to transmit live video streams over the web, it's often very easy to search for publicly accessible webcams
1.First of all open your Internet browser and visit Google.com

2.Search on Google for the following Keyword "inurl:/view.index.shtml"

3. Next Choose a webcam and Enjoy

Google Dorks

Here is the list of Few Google Dorks used for this purpose:

inurl:/view.shtml
intitle:”Live View / - AXIS” | inurl:view/view.shtml^
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / - AXIS”
intitle:”Live View / - AXIS 206M”
intitle:”Live View / - AXIS 206W”
intitle:”Live View / - AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
intext:”MOBOTIX M1″ intext:”Open Menu”
intext:”MOBOTIX M10″ intext:”Open Menu”
intext:”MOBOTIX D10″ intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:”sony network camera snc-p1″
intitle:”sony network camera snc-m1″
site:.viewnetcam.com -www.viewnetcam.com
intitle:”Toshiba Network Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console - Web Monitor”

Read More

Hum Jante hain key shutdown ki pc ko off karne ke liye use hoti hai jesa ke shutdown -s (s) for shut down -r for restart -l for logof and if u want to shut down a pc on network use -s -m .. eg


is ko banane ke liye==>

1. Open Notepad,

2.Type Shutdown -s -m \\xxx.xxx.xxx.xxx (IP Address)

For exapmle -s -m //475.357.357.247 (in number ki jagah per us pc ka ip address likhen jis ko ap off karna chahte hain)

3. Save To Desktop As (Anything).bat (file ke last per .BAT lagana mat bholiye)

4.Double click on the icon and wait.

you can also open CMD and type "Shutdown -i"

Thats My 2nd Trick Thankyou..

Read More

Aksar Sites Aisi Hoti Hain Jinhon ne Ap ke Mouse Ke Right Click Ko Enable Kiya hota hai apni Sites per jis ki wajah se ap un ki site se koi image wagaira download nahin kar sakte ya "Open In New Tab" Nahin Kar sakte. For Example Facebook ki kisi image per agar ap Right Click Karen to "save image" wala option nahin aaaye ga or bhi aisi kayi sites hain.


yeh buhut hi easy tariqa hai so lets start.

Click "Tools"->"Internet Options"

Click the "Security" tab

Click "Custom Level"

Scroll down to the "Scripting" section

Set "Active Scripting" to "disable"

Click "Ok" a couple of times.


You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.

Enjoy (*_*)

Read More

Get traffic into your site, NOW!

Wanna more traffic? YES, YOU CAN!

Need any investment? NO!

What do I have to do?

Nothing but keeps your computer ON.

Is that EASY? If you believe, IT IS.

Okay. Let us start doing this. As I am a web master as well, I

used to buy traffic from others in order to increase my


website popularity. However, it doesn’t seem to be working

well as it doesn’t do much on the search engine bit and

most of them are either fake traffic or too expensive for me.

But here, today, I am introducing you a BRAND NEW

method that you should KNOW to increase traffic for your

site. You don’t have to have any skill or experience, just

follow my step you will walk into SUCCESS. You can do this

to your site, or you can even SELL traffic to others.

Site requirement in order to receive traffic:

‐ Less than 100kb (Will show you how to check)

‐ No Porn content included (On that page)

‐ No Virus/Malware

‐ No Fancy JavaScript (Those who slow the browser)

So how do I check my page size?

It is easy, open up your IE or FireFox. Press �"Ctrl+S�" or Files�->Save As and choose FULL WEB PAGE. Save it

anywhere you want and go to that location. Select the

folder and the html page and Right click�->Properties. Look

at their disk size and make sure they are under 100KB.

(Otherwise it MAY NOT WORK!)

What do I do NEXT?

Get into this site and register with them: http://tinyurl.com/ccg4o2

Oh shit, they are in Chinese! Don’t worry, Just follow me.

When you enter the homepage, click on the highlighted link.

Then Follow This

  

Download the RAR File and Unrar it..

Now we have to set up your site in their index.

You are ALL DONE. Remember to run the software every time you

turn your computer on and it wills GENERATE UNLIMITED TRAFFIC

to your site. Thank you.



*If you have two computer (on different IP), you can use the

software with same username to increase traffic.

If You Don not Believe This Then I Am Giving You My Words

I Have Been Using It For MANY Days

I Am Earning Sometimes Above $10 And Some Times 2 or 3

My Account Has Not Been Blocked So That Means It Is Safe To Use

Enjoy!!! 
Note==> If This Trick Were N0t Work Then Your Adsense Could Block. If This Work Then You Will Bill Gates lolz:)

Read More

NETBIOS HACKING
THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE
1.Open command prompt
2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.
3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1:
C:\>net use D: \\219.64.55.112\F
Example-2:
C:\>net use G: \\219.64.55.112\SharedDocs
Example-3:
C:\>net use I: \\219.64.55.112\Myprint

NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack.
4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.
Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

HAPPY NETBOS HACKING!!

Read More

What is KeyLogger? How Use it? How To Hack Facebook Account With KeyLogger? All In One. (*_*)

1. What is a Keylogger?
A keylogger (also called as spy software) is a small program that monitors each and every keystroke a user types on a specific computer’s keyboard. A keylogger program can be installed just in a few seconds and once installed you are only a step away from getting the victim’s password.

2. How Keylogger works?
Once the keylogger is installed on a PC, it starts operating in the background (stealth mode) and captures every keystroke of the victim on that PC. Let’s take up a small example: The victim goes to http://mail.yahoo.com and types his “username” and the “password” in the respective fields to login. The keylogger silently records these keystrokes and stores them in the logs. These logs when opened up shows the captured “username” and “password” and will also tell you that they were typed in the Yahoo login page. Thus the keylogger loads upon every startup, runs in the background and captures each and every keystroke.
3. How to install the keylogger?
A keylogger can be installed just like any other program. Just follow the screen instructions and you’re done.
4. Do I need any special knowledge to install and use the keylogger?
Absolutely NOT! Anyone with a basic computer knowledge can install and use the keylogger. It requires no special skills.
5. Once I install the keylogger can the victim come to know about it’s presence?
No. The victim will never come to know about the presence of the keylogger on his/her computer. This is because, once installed the keylogger will run in total stealth mode. Unlike other programs it will never show up in start-menu, start-up, program files, add/remove programs and task manager. So the victim can no way identify it’s presence on his/her PC.
6. Can I be traced back if I install the keylogger on some other computer?
No, it’s almost impossible to trace back to you for installing the keylogger on other’s PC.
7. Which keylogger is the best?
Today there exists hundreds of keyloggers on the market and most of them are no more than a scam. So I tested some of the top keyloggers and conclude that the following is the best one.

8. How SniperSpy works?
I will try to explain the working of Sniperspy in simple steps.
1. After you purchase Sniperspy, you’ll be able to create the installation module using easy set-up program. You need to email this module to the remote user as an attachment.
2. When the remote user runs the module it’ll get installed silently and monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continously.
3. You can login to your Sniperspy account (you get this after purchase) to see the logs which contains the password.
9. I don’t have physical access to the traget computer. Can I still use SniperSpy?
Yes you can. SniperSpy supports REMOTE INSTALLATION feature which allows you to remotely install the program on any PC even if you have no physical access to it. For remote installation all you need to do is just place the module (refer FAQ-8) in a .zip/.rar file and send it as an attachment to the target email address (for which you need the password).
10. Can I install SniperSpy on a local computer?
If you need to install to your local (current) computer instead of your remote computer, then the process is simple. Simply navigate to the folder in which you saved your module ( Refer FAQ-8). Double-click the module filename to execute it. Nothing will appear on the screen as the software is installed.
11. What if the antivirus block from sending it as an email attachment?
Instead of sending the keylogger as an email attachment, it is recommended that you place the file in .ZIP/.RAR format and upload it to www.fileden.com. After uploading, just send the direct download link to the victim via email. Once he downloads the file from this link and run it, the keylogger will get installed automatically.
12. Why SniperSpy is the best?

• SniperSpy supports REMOTE INSTALLATION feature. This feature is not present on most of the keyloggers.
• SniperSpy is fully compatible with Windows 2000/XP/Vista/7 and alsoMac.
• SniperSpy canbypass any Firewall.
• SniperSpy is more reliable than any other keylogger program. You need not rely on your email account to receive the logs. Instead you can just login to your online SniperSpy account to receive the logs.
• SniperSpy captures full-size screenshots of the activities on the target PC.
• Records BOTH sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.
• SniperSpy is more easy to install and requires no extra knowledge.
• SniperSpy is recognized by BBC, CNN, CBS and other news networks. Hence it is reputed and trustworthy.

13. How safe is to use SniperSpy?
Sniperspy is completely safe to use since all the customer databases remain confidential and private. SniperSpy do not collect any information from your system other than the information required for the product’s successful operation. They will not contact you in any way unless you request assistance.
14. Is my online order 100% Safe and Secure?
Absolutely Yes! All the e-commerce transactions for SniperSpy is handled by Plimus – they are a trusted online retailer specializing in digitally delivered products. All your information remains private and secure. The safety and protection of your personal information is 100% guaranteed. So you can place your order for SniperSpy with no worries of scam!
SniperSpy is completely reliable, safe and best keylogger out there. It is really worth the price that you pay for it. I promise that you cannot get a better keylogger than this. So what are you waiting for? Go grab SniperSpy now!

Hack Facebook Password by Keylogger & SniperSpy

8:36 PM

Wondering to know how to hack Facebook password? Well before you try to hack any Facebook password, it is necessary to understand the real ways of hacking that actually work and also those that are simply scam and don’t work. Everyday I get a lot of emails where people ask me “how to hack Facebook password?” So in this post I have taken up this topic to show you the possible ways to do that!
Today even a noob computer user (perhaps like you) can easily hack Facebook or any other social networking site with ease in a matter of hours and thus hacking is no longer the secret art of a Russian hacker! Well the idea behind this post is to expose the truth behind hacking Facebook account so that you can stay away from all those scam sites which will rip off your pockets by making false promises to obtain any password for you. Also this post is not meant to encourage people into hacking Facebook, but rather it is meant to educate the Internet users to be aware of the common scams and frauds and stay away from them.
With my experience of over 7 years in the field of ethical hacking and security, all I can tell you is that there are only two ways to successfully hack a Facebook account.

1. Keylogging – Easiest Way to Hack Facebook Password

Keylogging refers to simply recording each and every keystroke that is  typed on a specific computer’s keyboard. This is possible with the use of a small computer program called keylogger (also known as spy software). Once installed, this program will  automatically load from the start-up, runs in invisible mode and start capturing each and every keystroke that was typed on the computer.  Some keyloggers with advanced features can also capture screenshots and monitor every activity on the computer. To install and use a kelooger one doesn’t need to have any special knowledge. That means anyone with a basic knowledge of computer can install and use this software with ease. Hence for a novice computer user this method is the easiest way to hack Facebook password. I recommend the following keylogger as the best for gaining access to facebook password

SniperSpy is a revolutionary product that will allow you to easily access *ANY* online accountor password protected material such as MySpace, Facebook, Yahoo, Gmail etc. There are absolutely *NO* limitations to what accounts or websites this software can access!

Why SniperSpy is the best?
Today there exists hundreds of keyloggers on the market but most of them are no more than a crap. However there are only a few that stand out of the crowd and SniperSpy is the best among them. I personally like SniperSpy for it’s REMOTE INSTALLATION FEATURE. With this you can install it on a remote computer without the need for having physical access to it. It operates in complete stealth mode so that it remains undetected.
Here is a summary of benefits that you will receive with Sniperspy software:
1. Access ANY Password
With SniperSpy you can hack any password and gain access to Facebook or any other online account.
2. Monitor Every Activity
You can monitor every activity of the target computer, take screenshots and record chats & IM conversations.
3. Never Get Caught
SniperSpy operates in total stealth mode and thus remains undetectable. Thus you need not have the fear of being traced or get caught.
4. Remote Installation Feature
With Remote Install feature, it is possible to install it even on computers for which you do not have physical access. However it can also be installed on a local computer.
5. Extremely Easy to Use
Installing and using SniperSpy is simple and needs no extra skill to manage.
6. Completely Safe to Use
This software is 100% safe to use since it doesn’t collect any information from your computer. SniperSpy is a reputed, trustworthy and reliable company which offers 100% privacy for it’s users.
7. Works on both Windows and Mac
Fully compatible with Windows 2000/XP/Vista/7 and Mac.
So what are you waiting for? If you are really serious to hack Facebook password then SniperSpy is for you. Go grab it now and expose the truth!


( Tracking words HACK facebook account how to hack face book id how to hack yahoo id how to hack msn id how to hack gmail account id hacking cracking software free download rapinshare free account hack crack hotfile premium web hacing virus making free anti virus norton kasper sky avira nod 32 keys )
Click Here To Download KeyLogger

Read More