My Blog

It's all about Information, tricks and knowledge..

Test the strength of your anti-virus

9 comments

EICAR is a short 68-byte COM file that is detected by anti-virus programs as a virus, but is actually NOT "VIRAL" at all. When executed it just displays a message and returns control to the host program.
Why is this harmless file detected as a virus? The file was created in order to demonstrate to users the messages and procedures that anti-virus programs display when a real virus is detected.
Some time ago researchers from several anti-virus companies were asked by users to develop a way to demonstrate what would happen in case of a real virus attack; a sort of simulation of which messages anti-virus programs will display and what actions will be recommended to perform, e.t.c.
After some time and thought toward how to best satisfy the request, the anti-virus researchers decided to release some virus-simulators that would be some harmless file that does nothing but display a message(s) and then exits to DOS (host OS). It was decided that this file could contain only ASCII characters so that users could type it or copy it from a User Guide. As a result the COM file looks as follows:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Despite having only ASCII characters, this COM file is nonetheless a legitime computer program that does work under DOS or in a DOS window under Windows, OS/2 or any other OS that is able to run DOS programs. When run or executed this COM-file simply displays a text message and exits to DOS. The displayed message looks as follows:
 EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
It is as simple as that, though a lot of anti-virus programs detect it as a virus named EICAR-Test-File or something close to this

9 comments :

Post a Comment

Most Common Passwords

No comments

  1. 123456, 123, 123123, 01234, 2468, 987654, etc
  2. 123abc, abc123, 246abc
  3. First Name
  4. Favorite Band
  5. Favorite Song
  6. first letter of given name then surname
  7. qwerty, asdf, and other keyboard rolls
  8. Favorite cartoon or movie character
  9. Favorite sport, or sports star
  10. Country of origin
  11. City of origin
  12. All numbers
  13. Some word in the dictionary
  14. Combining 2 dictionary words
  15. any of the above spelled backwards
  16. aaa, eee, llll, 999999, and other repeat combinations

Common Extensions

Some sites force you to have passwords with both numbers and letters. For example bob's password is football, and the site asks him to add some numbers to it to make it valid. Here's what people usually add.
  1. Their year of birth / marriage / graduation (or expected grad) from HS or college
  2. 007
  3. 0 - 9
  4. 69
  5. 000, 111, 4444 or other long combinations
  6. 123456, 123, 123123, 01234 and other retarded combinations
Years are usually added in different ways: football85, football1985, football04 instead of football4. There's also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything.

My opinion on an Ideal password

Mixed numbers and letters over 8 characters long. Memorize it once, use it forever.

How long it takes to hack a password

If they have hacked and downloaded the entire database it's 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second. Most decent sites have captchas now which prevent brute force guesses.

Words in the Dictionary

If they steal a sites database you can get hacked fast, even if you use foreign words. The open office english spellcheck has around 70,000 words. Apps like passwordspro on my 2 Ghz cpu can check around 4,000,000 md5 possibilities a second, allowing to to breeze through several dictionaries, including possible variations like all uppercase/lowercase and backwards words. The latest nvidia cards with a coda gpu brute forcer can easily exceed 200 million md5s a second.

Numbers

If you have an all numbers password it's much faster to crack than if it were mixed. Instead of having a massive array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. At 2 Ghz my comp can check every number up to 14 million in 2 minute for salted md5s, making it possible to have a weak 8 character password. Adding 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode+your best friends number or something VERY long it would be strong enough.

All Random letters

Every possible combination of 3 letter words is only around 17000 while every possible 4 letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 character to your password helps expontentially. No dictionary words!

Why hackers usually don't care about your Computer

Contrary to popular belief most malicious hackers do not give a damn about giving you trojans or making your stupid windows computer crash. Then why are there so many trojans in p2p networks? Because of retarted script kiddy teenagers and nigerians that fancy themselves hackers using prebuilt trojan software. Hackers target servers. Why?
  1. Massive bandwidth.
  2. Mail servers with proper mmx records that validate spam checks
  3. The possibility for phising.
  4. Most servers are unattended meaning it can be months before the person finds out there's a malicious script bombing emails or phising people.
  5. Exploitation of social networks.
They can get a lot of credit card numbers or bank account information email bombing thousands of emails on a hijacked server rather than waiting to find a credit card number amongst all the instant messages and random typing you / your kids type throughout the month.
Sure there's been a lot of home PCs infected, but usually this is the result of very efficient viruses that replicate and spread in-mass. Most people have decent antivirus software for hackers to want to waste their time flooding trojans. Some hackers use hijacked home PCs as DDoS zombies, but other than that you're more likely just to get spyware that floods you with ads.

How hackers usually obtain your password

Most malicious hackers just wait for security update news. Whenever some forum or cms software like drupal, vbulletin, phpbb or invision board releases a security update, they try and find what the discovered exploit was. They google search for forums that may have the affected system and use the exploit. Forums can give tons of emails / passwords.
The ones who are skilled enough and actively attempt to discover the exploits are more rare.
Even worse is when the skilled programmers make simple automated exploit programs for script kiddies to use without even understanding the code. This is where the majority of the attacks come from, losers that use programs made by hacker and call themselves hackers.
It's super rare that you would be targeted or your password has been hacked from large sites like google, hotmail or myspace. Most of the big sites have capchas and DDoS protection, which cripples speed, It's more likely they hacked some other site that you long forgot about and found you conveniently use the same password for all your accounts including your email. From there they find even more passwords.. Most people get hacked from phising attempts or other forms ofsocial engineering rather than real hackers, although they can use XSS vulnerabilities to help trick people. People also get trojans from opening email extensions and downloading pirate stuff off p2p without a decent antivirus. Hackers with skills enough to find open ports / exploit them and get shell access are much more rare than people claim.

Common Types of Webhacks

SQL Injection
By far the most common serious error web programmers have is not validating user input well. Usually SQL injections are used to get username / passwords or other information in the database by adding a UNION statement to a select query. Despite it's name its more rare to get an exploit where you can actually inject or insert data into the database since most programmers aren't stupid enough to use GET requests for insert, most hackers are more lazy when it comes to spoofing post requests, and it's a lot more tricky or impossible to add insert, create or drop queries to injected strings.
Local File Inclusion
Many web apps load modules or plugins through get or post variables. Lets say I use ?loadplz=file.php if I wanted to load /home/jimmy/htdocs/file.php a malicious person could say ?loadplz=../../../../../../../../../etc/passwd to try his luck for some unshadowed password goodness. Many times the NULL byte exploit is used to trick input validation. It is often used to include any CMS or Forum configuration files to get MySQL access.
Remote File Inclusion
Yikes, a lot of web apps have forms where you can upload pictures, texts or files Some have admin control panels that only the admin of the site can access but then there's no input validation on the upload forms. Some just don't validate the type of file you upload, meaning you can upload malicious code that does anything within the limits of the JIT compiler privileges.
Logged in User Exploits
Many sites often don't validate the data you want to modify or delete is yours. They only check if you're logged in. Sites that use Ajax are especially prone to overlook possible input validation problems.

How are passwords stored in a website

Most are stored as md5 hashes. If your password is stored without encryption you are screwed if the site gets hacked. It doesn't matter how long your password is. Sites like thepiratebay and stage6 have gotten their passwords stolen, don't think it can't happen to big sites. You can tell if a site encrypts your password by using their password recovery form. If it gives you your password your password is not encrypted. If it asks you to enter a new one or it generates a password for you, it has your password encrypted. You should never purchase anything from sites that don't encrypt your password, they may keep your credit card information or other sensitive data without encryption following their php for dummies guide

Dangers of md5

Sites like milw0rm and plain-text have millions, maybe billions of precomputed hash values in what are called rainbow tables. People can enter hashes in limited quantities to put on queue for cracking. md5 is a one-way hash, meaning it can't be decrypted. Instead, they try every possible combination in a limited range. Encrypting many possibilities and comparing them to the original hash is extremely slow. Rainbow tables make it so that the possibilities are encrypted only once and the resulting hashes are saved into massive files called a Rainbow table. From there the real hashes are compared to all the possibility hashes in the rainbow table. This avoids recalculating the hashes for every possibility for every user but in exchange costs a lot of overhead loading the file into memory and comparing from memory. The time-memory trade off is worth it. Other sites are just searchable databases of hashes. You still should be ok if your pass is over 8 characters long. Some sites do double md5s or concatenate md5 encrypted passwords with an encrypted "salted" value, then encrypt the whole thing again. Because the salted value is different for each user, precalculating millions of hashes in rainbow tables would have to be done one user at a time, making it a worse option that brute forcing it. Brute force attacks use word lists separated by line breaks which are widely available around the net and can be easily created, they can also check all possible combinations for certain ranges and character sets.
Making your password case sensitive helps exponentially, specifically ^+26 lol, but it makes typing a pass a bit more inconvenient and not all sites support it. I'm sure my prog isn't the most efficient possible and there are way faster comps out there so be careful.

Web Exploiters vs Program Crackers

People who exploit website vulnerabilities are not always the same as those who crack and keygen commercial software and games. The two require a few different skill sets. Web hacking requires mastery knowledge of the http protocol, cookies, php, asp, SQL, and the methods user input is usually validated. The skill is gained from a lot of practice writing safe web-apps and observing the exploits found often in others. Program crackers on the other hand usually have very intimate knowledge of assembly and non-JIT compilers. They use a debuggers to find exactly where in the program a certain procedure is executed in order to modify it. They are also apt in modifying and exploiting unvalidated user input in the memory with buffer overflows. Browser plugins are often the target to buffer overflow exploits. I'm not saying some people don't have both skill sets.

What is hacking

Contrary to popular belief and the Hollywood culture, hackers are just people that can manipulate things on a bits and bytes level. They're excellent programmers and the majority do not engage in illegal activity. Making something do what it wasn't intended to is exploiting, not hacking.





No comments :

Post a Comment

4 Things To Do Immediately When Your Facebook Account Is Hacked

No comments

For most people, having their Facebook account hacked is a nightmare. Imagine if someone had access to all your private messages, could contact your friends, abuse your Facebook page, and delete your personal information. To avoid this, you should regularly update your password and keep other security settings tight.
Once it’s too late, however, you must act fast. The most important thing is – don’t panic! You canregain access to your account.

How Do You Know Your Facebook Account Was Hacked?

First of all, how do you know your Facebook account was hacked if nothing obvious was changed…yet? If a hacker managed to get into your account, they will leave a trace. While their session is active, it will be listed under > Home (top right corner) > Account Settings >Security > Active Sessions (click edit). Here you can end the activity of suspicious sessions.
facebook hacked
It is recommended that you enable Login Approvals for logging in from unrecognized devices. For increased security, you should also set app passwords.

1a. Change Your Password

In case your password was not changed you got lucky! This is the time to update your password! Be sure to end any suspicious active sessions first (see above), then go to >Home > Account Settings > General and click > Password to confirm your current password and then enter a new password.
When you’re done, review our articles regarding Facebook security (see resources below) and see what other measures you can take to secure your account.
hacked facebook profiles
From here, proceed to step 3 if you think that your account was abused.

1b. Reset Your Password

If your password was changed, act quick! Try to regain access. There is a > Forgot your password? link underneath the Facebook login.
hacked facebook profiles
It will let you retrieve your password in several different ways. You can either enter the email address you registered to Facebook with or any other secondary email address you added, as well as your phone number and username.
hacked facebook profiles
If you’re not sure whether the person that hacked your account was smart enough to change your profile information, you should go with the last option and enter your name and that of a friend. This will give you an idea of which information is currently added to your account.
hacked from facebook
If you don’t have access to any of the email accounts or to the phone number associated with your account, click the > No longer have access to these? URL. This will take you to a page where you can enter a new email address, which Facebook will then use to assist you in recovering your account.
hacked from facebook
This is not all. If you believe that your account was abused by the person who has access to it, proceed to step 2.

2. Report Compromised Account

If your account wasn’t simply hacked, but is sending out ads and spam to your friends, you must report it as compromised.
hacked from facebook
From here, immediately proceed to step 2.

3. Do Damage Control

After doing everything you could to regain control over your hacked Facebook account, inform your friends about what is going on, just in case the hacker has abused or currently is abusing your account. If you presently can’t access your account, contact your Facebook friends through other social networks, by email, or have a mutual friend inform them via Facebook. Once you can log in again, proceed to step 3.

4. Remove Suspicious Applications

Oftentimes, it’s not an evil person that randomly hacked into your account. More likely than not you granted access to a malicious application which subsequently hijacked your account. To remove suspicious applications, go to > Home > Account Settings > Apps and go through the list. Click the > X next to any application you wish to remove or click > Edit to change what the app can do.
facebook hacked

Bonus: Improve Your Facebook Privacy and Security Settings

Once you’re back in control, review the following resources and close the security gaps in your Facebook account. Note that some of these articles are over a year old and hence the information may not be 100% accurate.

No comments :

Post a Comment

10 Beneficial Facebook Pages For Educators To Check Out

3 comments

A selection of Facebook Pages providing resources and dialogue focused on education and instructional technologies.

Like most Facebook users, many educators use Facebook to connect with friends new and old, but the Internet’s most popular site can also be a great learning (and teaching) tool. There are many Facebook pages that have been created as a resource to collect, share, and disseminate information about education and education technologies. Here’s 10 of our favorites.
To ready complete by click on Social Button

3 comments :

Post a Comment

The top 10 gaming stories of 2011

No comments


"Call of Duty: Modern Warfare 3" sold more than 6.5 million units the first day, becoming one of 2011's biggest gaming stories.

It was a year of crippling -- and creative -- hacks, a year of blockbuster sequels and (yet again) a year of slinging vengeful birds at corpulent pigs.
It was also a year in which gaming continued to expand beyond the traditional console to your phone, your tablet, your TV and your Facebook page.
Video gaming in 2011 had plenty of ups and downs -- and we're not even talking about the actual video game titles that were released.
Here, in no particular order, are our choices for gaming's 10 biggest stories of the year:
Sony's PlayStation Network hacked
While the explosion of social and mobile gaming continues, a hacking incident focused attention on the perils of gaming online.
In April, Sony confirmed that its PlayStation Network, the online service that has more than 77 million users and allows online play for its PS3 consoles, was hacked and taken offline.
Millions of PlayStation Network subscribers were affected by a breach in the spring of 2011.
Millions of PlayStation Network subscribers were affected by a breach in the spring of 2011.
The episode was more than just a denial-of-service attack. Sony said that personal data, including users' credit card information, was compromised. While Sony stopped short of saying "stolen," the company recommended that its customers keep an eye on their credit card accounts and watch out for identity theft.
Some gamers lacked access for weeks, and the network was not fully restored until early June. After the fix, Sony offered special incentives to woo back customers.
But in October, the PlayStation Network was hacked again -- this time affecting "only" 93,000 accounts. Sony said the lessons they learned from the April hack prevented more information from being illegally accessed. A teenager in London was quickly arrested in connection with the crime.
Game-related hacking in 2011 wasn't just a PlayStation problem. Earlier in the year, the hacker group LulzSec released a data file with names, e-mail addresses and passwords they said could be used to get into the accounts of Microsoft's Xbox Live members.
The growth of mobile and social gaming
Game developers increasingly recognize they can reach new audiences with games that are designed to be played quickly and with others via PCs or wireless networks.
Actor Alec Baldwin is a fan of online game "Words with Friends."
Zynga, the social-game developer behind "CityVille," "FarmVille" and "Words With Friends," went public in 2011 and began trading on NASDAQ. Its stock has fizzled so far, but that hasn't stopped rivals from muscling into the market for social and mobile gaming.
Companies are developing more games for smartphones and tablets and incorporating social features to let players around the world connect to enjoy games together. Atari changed its mission to work exclusively on social and mobile gaming, while publishers like Electronic Arts continue to push big names (the "Madden" series) to the small screen.
Meanwhile Google launched a gaming page on its new Google Plus social network, and Apple added a "Game Center" to its popular iPhone.
Blockbuster game sales
You know gaming is big when the release of a title smashes entertainment records for sales.
For the third consecutive year, the "Call of Duty" franchise raised the bar. "Call of Duty: Modern Warfare 3" earned more than $400 million while selling more than 6.5 million units in North America and the United Kingdom in the first 24 hours.
If that wasn't enough, the military shooter game totaled more than $775 million in sales during the first five days. "Modern Warfare 3" also broke the record for peak concurrent players on Microsoft's Xbox Live online gaming service.
According to Activision Blizzard, the all-time sales for the "Call of Duty" franchise exceeds worldwide box office sales for the "Star Wars" and "Lord of the Rings" movies. There were more than 13,000 midnight openings at retail stores worldwide for the release of the new title.
Last year, "Call of Duty: Black Ops" sold $360 million worth of units on its first day while "Call of Duty: Modern Warfare 2" earned $310 million on its first day in 2009.
More than a gaming device
Microsoft introduced its Kinect system for the Xbox in 2010 to expand motion-controlled gaming beyond the wrist to the whole body. In 2011, creative people found new ways to hack the device, employing its cameras and sensors for more than just play.
The Kinect system for Xbox 360 lets you control games by moving your whole body.
The Kinect system for Xbox 360 lets you control games by moving your whole body.
Some people have used the Kinect to create lifelike movies with computer-generated figures. Others use it to manipulate video playback.
And other hackers even found ways to use Kinect as a watchdog for your home. A program turns on Kinect when it senses motion nearby and takes pictures of the "intruders" -- whether a burglar or the family dog -- to be stored online.
3-D games in your hand
With much fanfare, Nintendo released a new handheld console in early 2011 that lets players experience 3-D visuals without the use of special glasses. The Nintendo 3DS was supposed to revolutionize the gaming experience.
But by August, Nintendo dropped the price on the device by $80 after demand for it was softer than expected.
To appease early adopters who bought the 3DS at the higher price, Nintendo offered 20 free downloadable games.
The device also suffered from a perception problem about health risks. The company warned the 3-D mode should not be used by players 6 years old and younger. While there has been no scientific data showing that 3-D harms the development of eyesight in children, some players did report experiencing headaches after hours of continuous playing.
"Angry Birds" takes on the world
Casual game \
Casual game "Angry Birds" has expanded beyond phones and tablets to become a pop culture blockbuster.
Casual game "Angry Birds," already a hit in 2010, became a full-fledged phenomenon in 2011.
The game, in which people advance to new levels by toppling structures occupied by egg-stealing pigs, appeared in commercials and as stuffed toys. Also in the works are an animated series, a possible feature film and a series of books, including a cookbook of egg recipes.
Notable fans include NBA star Kevin Durant and British Prime Minister David Cameron, who plays the iPad version of the game. "Angry Birds" has even inspired a form of yoga.
Game creator Rovio says players have slingshot more than 100 billion virtual birds in the game's many versions -- more birds than actually exist on the planet.
New hardware coming
This year, two major gaming hardware companies announced new gaming consoles.
At the Electronic Entertainment Expo in Los Angeles, Sony showed off its new handheld game console, the PlayStation Vita, while Nintendo introduced its newest home console, the Wii U.
The first major refresh for the Wii in several years, the Wii U is expected to be fully backwards compatible with the Wii. The controller will have an embedded single-touch screen, and the console will produce high-definition graphics. No price has been announced for the console, which will be released after March 2012.
The PlayStation Vita, Sony's new handheld console and the successor to the PSP, was released in Japan in December and is expected to North America and the UK in February. It boasts touch screens on the front and back as well as dual analog joysticks. Vita will also be available in two versions: one with 3G support and one without.
Sony\'s PlayStation 3 has been on the market for nearly five years.
Sony's PlayStation 3 has been on the market for nearly five years.
A more affordable PS3
Perhaps feeling the heat over the PSN hacking problems, Sony cut the price of its flagship console, the PlayStation 3.
The price drop of about $50 put the cost on par with the rival Xbox 360. Some analysts wondered whether Microsoft would respond with an Xbox price drop of its own, but that never happened.
Buoyed by Xbox-exclusive hits like "Gears of War 3," the Microsoft system remained the top-selling gaming console in the U.S.
Moving from subscription to free-to-play
"World of Warcraft" has been the most successful subscription-based entry in the awkwardly named category of massively multiplayer online role-playing games (MMORPG), with 10.3 million subscribers as of November.
So it stands to reason that others would try to take a slice of that very large pie.
Perhaps the most notable was "DC Universe Online," which was released in January and tried to capitalize on the power of DC Comics. The game let players act out their comic hero/villain fantasies in the DC Universe and interact with iconic characters like Superman, Joker and Wonder Woman.
Initially, players paid a monthly fee (around $15 in the U.S.), but by September, there were reports that the game was not doing as well as Sony, Warner Bros., and DC Comics would have liked. In November, the game became free, but it offered players the option of paying within the game to access new levels.
The strategy worked, as "DC Universe Online" saw a tenfold increase in its user base.
The season of '3'
The hit sequel "Battlefield 3.."
Finally, you can't talk about the year in gaming without talking about games. As always, many of the popular franchises produced sequels, with many of the blockbuster shooter titles sporting the number 3 in their titles.
"Call of Duty: Modern Warfare 3," "Battlefield 3" and "Gears of War 3" all brought back familiar violent gameplay and characters while putting them in new scenarios.
"Uncharted 3," featuring the treasure-seeking ways of Nathan Drake, closed out that franchise. "Resistance 3" also brought an end to the alien invasion of Earth. And "F.E.A.R 3" finally stopped making us dread little girls in darkened hallways.
X-Play host Morgan Webb said all these sequels and finale installments are happening for a reason: New consoles are coming in the near future.
"We're nearly at the end of a console cycle, so series that have begun at the beginning of the console cycle, they're starting to finish up," she said. "People have made the investment in the franchise and they've got the art together and they don't want to create something completely new when new consoles are starting to be on the horizon."

No comments :

Post a Comment