Internet Cafés

We all know what an Internet Café is. Still a lot of people using internet Cafés for browsing, Taking print outs, Chatting, Gaming etc etc. Generally the networking method used in the cafes are “Windows Work Groups”. They don’t have the budget for implementing a Server edition OS. We can use a internet Café for collecting many valuable information such as Personal details, Usernames, Resumes etc. Let’s jump to the fishing.

Packing the Backpack:

Remember in these days many Internet Cafes are using soft wares like “Deep Freeze” to erase previous changes that have been made to the computer. After the reboot all new files will be deleted and the system restored to its pre-stored state.
If there is Deep Freeze installed, then there is no way to recover previous login details. Just trust on your faith.
But there is an advantage for hackers, many Café owners does not Turn off their systems until
The shop closes.
Beware of anti-virus softwares. First of all disable the Anti-virus softwares.

Recovering Passwords:

From a computer of an Internet Café we can collect passwords of the previous users of that computer. Some users clicks Remember Me checkbox in the login page. If someone does the password and username will be stored in the system.
There are many tools to recover stored passwords (Gmail, Yahoo, MSN etc passwords) from a system.

Tool : Messen Pass

MessenPass can reveal passwords stored by messengers like Gtalk, yahoo messenger, MSN messenger etc

Tool : Mail Passview

By using the tool Mail Pass View we can recover the passwords stored by Email services like Gmail, Yahoo Mail, Msn mail, Reddiff etc

Security Instructions to block Recovering Passwords:

1. Never ever select the checkbox “Remember Me” in any Café computers or other systems.
2. Always Logout your Email or Messengers or other online accounts
3. After you done your internet activity Clear history, cache, and clear private data from your browser. Browsers like Internet Explorer, Opera, Firefox etc have the option to delete personal information, But in different menu’s.
4. Always use newer versions of Browser softwares
5. Make sure that the Anti-virus software of the Café is working and up to dated. Anti-Virus softwares protects you from attacks of Spy softwares or from other Trojans.
6. If you have any doubt that the Café management software itself a spyware do not use the Café.
7. Change your Passwords regurarly
8. If you used your valuable passwords to use your accounts in any Internet Café or other computers, change your passwords from a secure system.

To be continued...

Some Must See War movies

Here I'm describing about some War movies. From these movies we can see the cruel face of war.
In some World war II movies America states via their movies that they not like war and other countries like Japan and Germany made them for war. In some Japanees movies they states their feelings.
Anyway please try to watch some these movies. 

 Saving Private Ryan (1998)

Windtalkers (2002)
Pearl Harbor
Letters From iwo jima
LOC cargil
Hurt Locker

Sending Spoofed e-mails

Hi, I'm describing here about sending anonymous or fake emails. You can send fake e mails to anyone you want to. What about sending a mail to your friend which is came from Abdhul Kalam???
Isn't it funny???
But in the other hand it is very dangerous. Any one can fake anyone's email id. In the cyber world email ids are used to contact each other. If you got a thanks giving mail from "Bill gates", what you'll think???
The point is hackers can use these Technology for conduct "Phishing Attacks". They uses these Fake email providers for send emails to their victims and tries to collect sensitive information from them.
One Example is, A mail from Gmail Team asking about your personal information or password. Here is a site for send fake emails. Do not use this for do anything wrong.
http://anonymailer.net/

An email Sent from anonymailer.net/
But you have to pay for sending emails without their advt message. Look at the end of the email.

AA
02 Oct 09 20:13:54

Print
A


More Mails from this user
To : <4bhijith@in.com>
CC :
Abhijith is best





--- Message ID=6276---

This email was sent by AnonyMailer.net v2.0 for free...
Remove this footer advertisement for just $12/year

Here is some password breaking tools

Here is some password breaking tools. Don't use this for malicious purposes. Use it your own risk.
I'm not responsible for this.

LC4 www.atstake.com/research/lc

NTFSDOS Professional www.winternals.com

NTAccess www.mirider.com/ntaccess.html

John the Ripper www.openwall.com/john

TSCRACK softlabs.spacebitch.com/tscrack/index.html
pwdump2 razor.bindview.com/tools/desc/pwdump2_readme.html

NetBIOS Auditing Tool www.securityfocus.com/tools/543

Crack ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack

Brutus www.hoobie.net/brutus

Pandora www.nmrc.org/project/Pandora

TSGrinder www.hammerofgod.com/download/tsgrinder-2.03.zip

I'll post more tools next time

Mobile Number Spoofing

Hi friends,
Is anyone heard about Mobile number spoofing?
Mobile number spoofing means faking someone's mobile number to make call to someone. More clearly I can call you from your Dad's phone number, or can call you from a number of film stars. Think about it, howz that??

But someone with very bad intentions can use this technology for very very bad things.
I tested it successfully. But i can't describe that here bacause of security reasons.
If u have any doubts just put a comment on me!!

Password Stealing

Password Stealing and Security

Password is the key to access our digital life.
A password is a first line of defense to systems and personal information.
Password stealing is used by the hackers to exploit user credentials.
It allows attackers to access personal information from the system and modify your credentials.
It may cause serious data loss from the system.

How to steal Passwords
Password can be observed during entry.
When password is given away voluntarily
Writing down the password somewhere and the piece of paper gets stolen
It can be guessed
It can be so short that an exhaustive search will quickly find it
Can be stolen by using password stealing tiils
Password can be stolen using techniques like Social engineering and Shoulder surfing
When password stored somewhere in clear text that can be copied
Password which is encrypted using very weak encryption algorithm


Password stealing Techniques

1.    Social Engineering
Social Engineering is a kind of non technical attack. These attack aims people to get their personal information. There is no cure for human stupidity, so social engineering can make advantage of it.
An unknown person takes user credentials by using an email or by asking questing over the phone.

2.    Phishng
Phishing is a kind of Internet scam where the user is convinced to give their valuable information. It acts like a trusted mail or website and force the user to give their personal credentials.
It’s purpose is to get access to the user’s bank accounts, password, and other personal information.

3.    Guessing
Guessing is the easy way to conduct password stealing. Many users choose weak passwords which are vulnerable to password guessing attacks.
The attacker collects personal details of the victim such as phone number, DOB, vehicle number etc. And tries to guess the password by using various combinations of these personal information
Weak password may be the words like ‘password’, ‘I love you’, ‘passcode’, or it may be the user’s name, parents name, pet’s name, mobile number, girlfriends’/boyfriend’s name , etc
Some of the password combinations are,
 Victim’s name+date of  birth
House name+number
Girl/Boy friend’s phone number

4.    Shoulder Surfing
Shoulder surfing is done using observation techniques, it is conducted by looking over someone’s shoulder(Means hands, key pad), when they enter a password.
Shoulder surfing is an effective way to get valuable information. Because it is easy to stand next to someone and watch their activities such as entering passwords, typing personal information etc. Shoulder surfing can be done with using vision enhancing equipments like binoculars and video capturing devices.

5.    Spying

Spying means spying on the victim using Spy softwares like key loggers. The attacker can monitor each and every process of the computer and easily track the passwords. The spy softwares can record key strokes, take screen shots and send that to the attacker via email.


Instructions for Improving password security

Don’t do’s
1.    Don’t use Any word that appears in the dictionary
2.    Don’t use any personal information
3.    Don’t use your name or anything that belongs to your personal information.
4.    Don’t use the same password for all of your online accounts and local system
5.    Don’t write your password anywhere. Some one writes down their passwords and pin numbers into their wallet diary. Its too dangerous.


Do’s
1.    Use lengthy passwords, Lengthy passwords are not too easy for Brute force
2.    Change your passwords regularly.
3.    Use different passwords for different purposes. Most people use the same password for all of their accounts. So if one password is compromised then the attacker can get in to all of your accounts.
4.    Include Numbers (0 – 9), Special characters (!, &, * etc), upper and lower letters in your passwords.
5.    Use strong passwords for Administrator accounts
6.    Terminate unwanted processes and unknown services
7.    Change the password periodically
8.    Use strong encryption to encrypt the password hash files like SAM