A new tool that is capable of automatically stealing the Gmail IDs of non-encrypted sessions and breaking into Gmail accounts has been presented at the Defcon hackers' conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed this hacking tool is planning to release the tool in two weeks.
When you log in to Gmail account the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually click the sign out button. When you click sign out this cookie is cleared.Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done.
According to Google this behavior was chosen because of low-bandwidth users, as SLL connections requires high bandwidth.The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for a hacker to sniff the traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the hacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are more likely to get hacked than the ones using secure wired networks.
Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. "Google did not explain why using this new feature was so important" he said. He continued and explained the implications of not informing the users, "This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they're secure but they're really not.
"If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Friday, December 5, 2008
Anonymity of a Proxy Server Explained briefly
How does Proxy Server Works ?
This is the First Question that arises in our mind when we use the Proxy Servers for Surfing the Internet without revealing our Identity to Others. Here all these mindboggling questions are answered with easy to understand examples.
The exchange of information in Internet is made by the “client - server” model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.
What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, …)
IP-address of a client
Other information
The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address
Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).
These are some environment variables:
REMOTE_ADDR ? IP address of a client
HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.
HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.
HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)
HTTP_USER_AGENT ? so called “a user?s agent”. For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.
HTTP_HOST ? is a web server?s name
This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, …). Their quantity can depend on settings of both a server and a client.
These are examples of variable values:
REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5
Anonymity at work in Internet is determined by what environment variables “hide” from a web-server.
If a proxy server is not used, then environment variables look in the following way:
REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
According to how environment variables “hided” by proxy servers, there are several types of proxies
Transparent Proxies
They do not hide information about your IP address:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP
The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies
All proxy servers, that hide a client?s IP address in any way are called anonymous proxies
Simple Anonymous Proxies
These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP
These proxies are the most widespread among other anonymous proxy servers.
Distorting Proxies
As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies
These proxy servers are also called “high anonymity proxy”. In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:
REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined
That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary
Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!
Latest Airtel Hack for mobile office (2008)
Latest Airtel Hack 2008
Now a days Airtel gives New option to the Subscriber to access Mobile Office daily @25.00/perday. But this is too Costly. Only 24 hours and the cost is 25.00. Oh GOD!!
But I got a Trick thats help me to Activate my Mobile Office whole 30 days only for 25.00/. Its really goood.
Just follow the Trick.
1. Your account balance should be above 25.00 for the first time.
2. Acitave your mobile office by dailing *444*1#. You will Activate your Mobile Office in the Morning.
3. You got an Activation msg. Your account should deducted by 25.00/
4. After that your can enjoy mobile office for 24 hours.
5. But for unlimited access you will do this :: Just switch off your mobile from 7.00 am to 10.00am. and your account balance should be below 25.00 /
6. Just try it enjoy the whole world only by 25.00.
20(twenty) hacking tools DOWNLOAD
Top 20 Hacking Tools
14 July 2008 6 Comments
These are Top 20 Hacking Tools, the list is exhaustive, this are a few to name.
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.
OpenBSD Packet Filter
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann20(twenty) hacking tools DOWNLOAD
Top 20 Hacking Tools
14 July 2008 6 Comments
These are Top 20 Hacking Tools, the list is exhaustive, this are a few to name.
The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.
Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol
TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.
Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).
DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).
GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.
>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.
John the Ripper is a fast password cracker, currently available for many flavors of Unix.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
Tripwire is a tool that can be used for data and program integrity assurance.
Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.
NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.
OpenBSD Packet Filter
fport identifys all open TCP/IP and UDP ports and maps them to the owning application.
SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.
OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil ZimmermannHacking Forums, Hardcore Hacking, Security, Windows Hacking
Remove RavMon.exe virus without any anti-virus(Do it your self)
Removing Ravmon Virus without Anti-Virus is easy, btw I haven’t met any Anti Virus which can remove this virus. They can stop your pc from being infected but once you are infected they wont be able to remove it.
I don’t know the Actual Name of this virus nor its effects
Anyways its very easy to remove it.
You will have to follow just few simple steps.
check if your Infected.
Stop currently running virus.
Delete virus files.
Remove virus to run from startup.
So here are the following steps explained:
Remember until you delete the virus files please …
gmail account hacking tool
A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.
When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.
Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.
The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks.
Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”
If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.
When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.
Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of low-bandwidth users, as SLL connections are slower.
The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for an attacker sniffing traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. Once this happens the attacker can log in to the account without the need of a password. People checking their e-mail from public wireless hotspots are obviously more likely to get attacked than the ones using secure wired networks.
Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.”
If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Latest method to hack gmail
Gmail is one of the most popular e-mail services in the world and even if it is available by invitation, it already owns a huge number of registered
users. As you know, the security of a mail account is very important for every user, no matter if he's using a web-based mail or a POP3 client. Google tried to add security tools to Gmail, the mail solution providing a powerful filter for all incoming spam messages. It seems like the ways for hacking Gmail are more evolved in our days as Philipp Lenssen said on his blog. A user published an e-mail on Google Blogoscoped forum to present the latest way for hacking Gmail: send a message to a Google user and ask him his password.
"First send a letter to ***(at)gmail.com, second within the Subject heading place the word "Password" (not in quotes but has to have a capital P) this way he automated bot recognizes what you are after. Then in the text field place the name of the person at gmail that you want to hack (Do not put @gmail.com after their name). No capital letters are to be put in this place. Then skip three (3) lines and place your own gmail account information such as: My login:My password (a smeicolon makes it easier for the bot to recognize). This way the bot can verify that your account actually exists. And then supplies you with the password for the person's account that you want it for," the e-mail said.
This is one of the funniest ways for hacking Gmail but some users that are not too experienced can be tricked by this e-mail and send the password to a "hacker". Anyway, this looks like a phishing attack so I think Google will block that e-mail address soon.
users. As you know, the security of a mail account is very important for every user, no matter if he's using a web-based mail or a POP3 client. Google tried to add security tools to Gmail, the mail solution providing a powerful filter for all incoming spam messages. It seems like the ways for hacking Gmail are more evolved in our days as Philipp Lenssen said on his blog. A user published an e-mail on Google Blogoscoped forum to present the latest way for hacking Gmail: send a message to a Google user and ask him his password.
"First send a letter to ***(at)gmail.com, second within the Subject heading place the word "Password" (not in quotes but has to have a capital P) this way he automated bot recognizes what you are after. Then in the text field place the name of the person at gmail that you want to hack (Do not put @gmail.com after their name). No capital letters are to be put in this place. Then skip three (3) lines and place your own gmail account information such as: My login:My password (a smeicolon makes it easier for the bot to recognize). This way the bot can verify that your account actually exists. And then supplies you with the password for the person's account that you want it for," the e-mail said.
This is one of the funniest ways for hacking Gmail but some users that are not too experienced can be tricked by this e-mail and send the password to a "hacker". Anyway, this looks like a phishing attack so I think Google will block that e-mail address soon.
Subscribe to:
Posts (Atom)
Posts
