Windows XP offers the ability to save passwords for web sites and network resources. This can be very convenient as opposed to remembering and entering the username and password each time you need access, but it poses a security risk because anyone who has physical access to your computer would also be able to log into those sites using your saved credentials. Windows XP does not offer a very easy way to review or remove the saved passwords. If you follow the steps below you can access a graphical interface to add, remove or edit the saved passwords on a given system.
Step #1:
Click Start and select Run
Or
Press Win+R
Step #2:
In the Run box type "rundll32.exe keymgr.dll, KRShowKeyMgr"
Step #3:
Once the Stored Usernames and Passwords interface opens you can select any of the entries and select Properties to view the existing information.
Step #4:
To remove a saved password you can select one of the entries and click Remove. A confirmation dialog will appear. Click on OK and the account will be removed.
Step #5:
You can add additional saved passwords by clicking on the Add button and entering the appropriate details. Also you can perform edit, remove operations.
Step #6:
When you are done click the close button to exit.
Sunday, March 7, 2010
Monday, November 9, 2009
Internet Cafés
Packing the Backpack:
Remember in these days many Internet Cafes are using soft wares like “Deep Freeze” to erase previous changes that have been made to the computer. After the reboot all new files will be deleted and the system restored to its pre-stored state.If there is Deep Freeze installed, then there is no way to recover previous login details. Just trust on your faith.
But there is an advantage for hackers, many Café owners does not Turn off their systems until
The shop closes.
Beware of anti-virus softwares. First of all disable the Anti-virus softwares.
Recovering Passwords:
From a computer of an Internet Café we can collect passwords of the previous users of that computer. Some users clicks Remember Me checkbox in the login page. If someone does the password and username will be stored in the system.There are many tools to recover stored passwords (Gmail, Yahoo, MSN etc passwords) from a system.
Tool : Messen Pass
MessenPass can reveal passwords stored by messengers like Gtalk, yahoo messenger, MSN messenger etc
Tool : Mail Passview
By using the tool Mail Pass View we can recover the passwords stored by Email services like Gmail, Yahoo Mail, Msn mail, Reddiff etc
Security Instructions to block Recovering Passwords:
- Never ever select the checkbox “Remember Me” in any Café computers or other systems.
- Always Logout your Email or Messengers or other online accounts
- After you done your internet activity Clear history, cache, and clear private data from your browser. Browsers like Internet Explorer, Opera, Firefox etc have the option to delete personal information, But in different menu’s.
- Always use newer versions of Browser softwares
- Make sure that the Anti-virus software of the Café is working and up to dated. Anti-Virus softwares protects you from attacks of Spy softwares or from other Trojans.
- If you have any doubt that the Café management software itself a spyware do not use the Café.
- Change your Passwords regurarly
- If you used your valuable passwords to use your accounts in any Internet Café or other computers, change your passwords from a secure system.
To be continued...
Tuesday, November 3, 2009
Some Must See War movies
Here I'm describing about some War movies. From these movies we can see the cruel face of war.
In some World war II movies America states via their movies that they not like war and other countries like Japan and Germany made them for war. In some Japanees movies they states their feelings.
Anyway please try to watch some these movies.
Pearl Harbor
Letters From iwo jima
LOC cargil
Hurt Locker
In some World war II movies America states via their movies that they not like war and other countries like Japan and Germany made them for war. In some Japanees movies they states their feelings.
Anyway please try to watch some these movies.
Saving Private Ryan (1998)
Windtalkers (2002)Pearl Harbor
Letters From iwo jima
LOC cargil
Hurt Locker
Monday, October 26, 2009
Sending Spoofed e-mails
Hi, I'm describing here about sending anonymous or fake emails. You can send fake e mails to anyone you want to. What about sending a mail to your friend which is came from Abdhul Kalam???
Isn't it funny???
But in the other hand it is very dangerous. Any one can fake anyone's email id. In the cyber world email ids are used to contact each other. If you got a thanks giving mail from "Bill gates", what you'll think???
The point is hackers can use these Technology for conduct "Phishing Attacks". They uses these Fake email providers for send emails to their victims and tries to collect sensitive information from them.
One Example is, A mail from Gmail Team asking about your personal information or password. Here is a site for send fake emails. Do not use this for do anything wrong.
http://anonymailer.net/
An email Sent from anonymailer.net/
But you have to pay for sending emails without their advt message. Look at the end of the email.
AA
02 Oct 09 20:13:54
Print
A
More Mails from this user
To : <4bhijith@in.com>
CC :
Abhijith is best
--- Message ID=6276---
This email was sent by AnonyMailer.net v2.0 for free...
Remove this footer advertisement for just $12/year
Isn't it funny???
But in the other hand it is very dangerous. Any one can fake anyone's email id. In the cyber world email ids are used to contact each other. If you got a thanks giving mail from "Bill gates", what you'll think???
The point is hackers can use these Technology for conduct "Phishing Attacks". They uses these Fake email providers for send emails to their victims and tries to collect sensitive information from them.
One Example is, A mail from Gmail Team asking about your personal information or password. Here is a site for send fake emails. Do not use this for do anything wrong.
http://anonymailer.net/
An email Sent from anonymailer.net/
But you have to pay for sending emails without their advt message. Look at the end of the email.
02 Oct 09 20:13:54
A
More Mails from this user
To : <4bhijith@in.com>
CC :
Abhijith is best
--- Message ID=6276---
This email was sent by AnonyMailer.net v2.0 for free...
Remove this footer advertisement for just $12/year
Saturday, October 24, 2009
Here is some password breaking tools
Here is some password breaking tools. Don't use this for malicious purposes. Use it your own risk.
I'm not responsible for this.
I'll post more tools next time
I'm not responsible for this.
LC4 www.atstake.com/research/lc
NTFSDOS Professional www.winternals.com
NTAccess www.mirider.com/ntaccess.html
John the Ripper www.openwall.com/johnTSCRACK softlabs.spacebitch.com/tscrack/index.html
pwdump2 razor.bindview.com/tools/desc/pwdump2_readme.html
pwdump2 razor.bindview.com/tools/desc/pwdump2_readme.html
NetBIOS Auditing Tool www.securityfocus.com/tools/543
Crack ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack
Brutus www.hoobie.net/brutus
Pandora www.nmrc.org/project/Pandora
TSGrinder www.hammerofgod.com/download/tsgrinder-2.03.zipI'll post more tools next time
Mobile Number Spoofing
Hi friends,
Is anyone heard about Mobile number spoofing?
Mobile number spoofing means faking someone's mobile number to make call to someone. More clearly I can call you from your Dad's phone number, or can call you from a number of film stars. Think about it, howz that??
But someone with very bad intentions can use this technology for very very bad things.
I tested it successfully. But i can't describe that here bacause of security reasons.
If u have any doubts just put a comment on me!!
Is anyone heard about Mobile number spoofing?
Mobile number spoofing means faking someone's mobile number to make call to someone. More clearly I can call you from your Dad's phone number, or can call you from a number of film stars. Think about it, howz that??
But someone with very bad intentions can use this technology for very very bad things.
I tested it successfully. But i can't describe that here bacause of security reasons.
If u have any doubts just put a comment on me!!
Friday, October 16, 2009
Password Stealing
Password Stealing and Security
Password is the key to access our digital life.
A password is a first line of defense to systems and personal information.
Password stealing is used by the hackers to exploit user credentials.
It allows attackers to access personal information from the system and modify your credentials.
It may cause serious data loss from the system.
How to steal Passwords
Password can be observed during entry.
When password is given away voluntarily
Writing down the password somewhere and the piece of paper gets stolen
It can be guessed
It can be so short that an exhaustive search will quickly find it
Can be stolen by using password stealing tiils
Password can be stolen using techniques like Social engineering and Shoulder surfing
When password stored somewhere in clear text that can be copied
Password which is encrypted using very weak encryption algorithm
Password stealing Techniques
1. Social Engineering
Social Engineering is a kind of non technical attack. These attack aims people to get their personal information. There is no cure for human stupidity, so social engineering can make advantage of it.
An unknown person takes user credentials by using an email or by asking questing over the phone.
2. Phishng
Phishing is a kind of Internet scam where the user is convinced to give their valuable information. It acts like a trusted mail or website and force the user to give their personal credentials.
It’s purpose is to get access to the user’s bank accounts, password, and other personal information.
3. Guessing
Guessing is the easy way to conduct password stealing. Many users choose weak passwords which are vulnerable to password guessing attacks.
The attacker collects personal details of the victim such as phone number, DOB, vehicle number etc. And tries to guess the password by using various combinations of these personal information
Weak password may be the words like ‘password’, ‘I love you’, ‘passcode’, or it may be the user’s name, parents name, pet’s name, mobile number, girlfriends’/boyfriend’s name , etc
Some of the password combinations are,
Victim’s name+date of birth
House name+number
Girl/Boy friend’s phone number
4. Shoulder Surfing
Shoulder surfing is done using observation techniques, it is conducted by looking over someone’s shoulder(Means hands, key pad), when they enter a password.
Shoulder surfing is an effective way to get valuable information. Because it is easy to stand next to someone and watch their activities such as entering passwords, typing personal information etc. Shoulder surfing can be done with using vision enhancing equipments like binoculars and video capturing devices.
5. Spying
Spying means spying on the victim using Spy softwares like key loggers. The attacker can monitor each and every process of the computer and easily track the passwords. The spy softwares can record key strokes, take screen shots and send that to the attacker via email.
Instructions for Improving password security
Don’t do’s
1. Don’t use Any word that appears in the dictionary
2. Don’t use any personal information
3. Don’t use your name or anything that belongs to your personal information.
4. Don’t use the same password for all of your online accounts and local system
5. Don’t write your password anywhere. Some one writes down their passwords and pin numbers into their wallet diary. Its too dangerous.
Do’s
1. Use lengthy passwords, Lengthy passwords are not too easy for Brute force
2. Change your passwords regularly.
3. Use different passwords for different purposes. Most people use the same password for all of their accounts. So if one password is compromised then the attacker can get in to all of your accounts.
4. Include Numbers (0 – 9), Special characters (!, &, * etc), upper and lower letters in your passwords.
5. Use strong passwords for Administrator accounts
6. Terminate unwanted processes and unknown services
7. Change the password periodically
8. Use strong encryption to encrypt the password hash files like SAM
Password is the key to access our digital life.
A password is a first line of defense to systems and personal information.
Password stealing is used by the hackers to exploit user credentials.
It allows attackers to access personal information from the system and modify your credentials.
It may cause serious data loss from the system.
How to steal Passwords
Password can be observed during entry.
When password is given away voluntarily
Writing down the password somewhere and the piece of paper gets stolen
It can be guessed
It can be so short that an exhaustive search will quickly find it
Can be stolen by using password stealing tiils
Password can be stolen using techniques like Social engineering and Shoulder surfing
When password stored somewhere in clear text that can be copied
Password which is encrypted using very weak encryption algorithm
Password stealing Techniques
1. Social Engineering
Social Engineering is a kind of non technical attack. These attack aims people to get their personal information. There is no cure for human stupidity, so social engineering can make advantage of it.
An unknown person takes user credentials by using an email or by asking questing over the phone.
2. Phishng
Phishing is a kind of Internet scam where the user is convinced to give their valuable information. It acts like a trusted mail or website and force the user to give their personal credentials.
It’s purpose is to get access to the user’s bank accounts, password, and other personal information.
3. Guessing
Guessing is the easy way to conduct password stealing. Many users choose weak passwords which are vulnerable to password guessing attacks.
The attacker collects personal details of the victim such as phone number, DOB, vehicle number etc. And tries to guess the password by using various combinations of these personal information
Weak password may be the words like ‘password’, ‘I love you’, ‘passcode’, or it may be the user’s name, parents name, pet’s name, mobile number, girlfriends’/boyfriend’s name , etc
Some of the password combinations are,
Victim’s name+date of birth
House name+number
Girl/Boy friend’s phone number
4. Shoulder Surfing
Shoulder surfing is done using observation techniques, it is conducted by looking over someone’s shoulder(Means hands, key pad), when they enter a password.
Shoulder surfing is an effective way to get valuable information. Because it is easy to stand next to someone and watch their activities such as entering passwords, typing personal information etc. Shoulder surfing can be done with using vision enhancing equipments like binoculars and video capturing devices.
5. Spying
Spying means spying on the victim using Spy softwares like key loggers. The attacker can monitor each and every process of the computer and easily track the passwords. The spy softwares can record key strokes, take screen shots and send that to the attacker via email.
Instructions for Improving password security
Don’t do’s
1. Don’t use Any word that appears in the dictionary
2. Don’t use any personal information
3. Don’t use your name or anything that belongs to your personal information.
4. Don’t use the same password for all of your online accounts and local system
5. Don’t write your password anywhere. Some one writes down their passwords and pin numbers into their wallet diary. Its too dangerous.
Do’s
1. Use lengthy passwords, Lengthy passwords are not too easy for Brute force
2. Change your passwords regularly.
3. Use different passwords for different purposes. Most people use the same password for all of their accounts. So if one password is compromised then the attacker can get in to all of your accounts.
4. Include Numbers (0 – 9), Special characters (!, &, * etc), upper and lower letters in your passwords.
5. Use strong passwords for Administrator accounts
6. Terminate unwanted processes and unknown services
7. Change the password periodically
8. Use strong encryption to encrypt the password hash files like SAM
Subscribe to:
Posts (Atom)