How To Scure Hacking Facebook And Twitter On Shared Computers.

    
Have You Ever accessed Facebook or Twitter in cyber cafe's or your office or your school? If Yes then there are chances that your Facebook or twitter account was hacked then and there. By the teacher, your boss or the cafe owner. 




I've discussed just this trick here. You don't need to be a programming expert from that, anyone with basic knowledge of computers can do it. 
                                                                                                           
First there's a thing maybe you have noticed already that whenever you open Facebook or twitter the web address is like "http://www.facebook.com"  and whenever you have browsed GMAIL note the difference. its like "https://www.gmail.com". So as you have seen Gmail uses a secure server to conncet to the net, while Facebook or twitter do not. 




So what you need to do is:
Download the below plugin from the below link
Download Plugin


Once Installed A sidebar would open on your Firefox browser. So that whenever people login into there account, you can easily login into there account too. The thing is that the computers must be connected through data-cable, Wifi like in cyber cafe's.
Enjoy this little hacking. And please pass comments.

Read More

Possible Ways To Hack And Crack A Website 2012

Hacking a website not only means taking the whole control of website but can be either changing the website datas or make the website down by making denial of service attack.Here in this article we will see some possible ways of attacking a website.A website can be attacked in any one of the following ways.

• Password Cracking
• Simple SQL Injection Hack
• Brute force attack for servers
• Denial of service

PASSWORD CRACKING

The first and foremost thing that every hacker must need to hack a website is the hosting IP address of the website.You can directly find the IP address of any website from your command prompt itself.

1. For that open command prompt (window + r) and type cmd and hit enter.

2. Type the following command followed by the URL of the website

nslookup URL address

For example

nslookup www.realhackings.com

and hit enter.you can see a window as shown below with the ip address of the website

Now you have got the IP address of the website.next step is to scan the IP we have got just now to see which protocols the Website at this IP is using

For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.

In the above image FTP is shown,That means this website is using FTP to access to its servers.just double click on the FTP to see a window as shown below

Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to do brute force attack

BRUTE FORCE ATTACK

In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters

Denial of service ( Ddos attack ):

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking


SQL INJECTION

SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work.

NOTE: This is only for the website owners to test their websites for different vulnerabilities and to enable maximum security.

Read More

Rahul Gandhi’s Websites Hacked

When it comes to hacking, even politicians are not spared. On April 8, a hacker broke into two websites belonging to Congress leader Rahul Gandhi. Passwords were illegally changed using the password email recovery account and tweaked the DNS to redirect visitors to a college website.

When officials noticed this suspicious activity, they filed an FIR, stating “officials found that amethi.net website is not accessible” and a case was registered under 66 Information Technology Act.

“The unknown hacker has cracked all of our domain management console passwords using password recovery email account amethi@hotmail.com and has made changes in DNS zone files so that it got redirected into some other websites,” the FIR said.
“Technically, the hacker has cracked the whole domain system of the server and used an email to get the passwords,” a senior officer who is part of the investigation said.
The official website, amethi.net redirected to pdmce.ac.in, the website of an engineering college in Bahadurgarh, Haryana.
The Delhi Police is now investigating into the attack.

Read More

Rahul Gandhi's Website Hacked By Pak Cyber Army..!!

Pakistan Cyber Army (PCA) again attack on indian great websites. Last time they attack was on CBI gov. Website. Now they start attack on Indian politician websites.
Rahul Gandhi website was hacked.
http://www.rahulgandhi.us/in-the-media-cms36

PCA gives the message on site, They said Biggest terrorist in the world are India, USA & Israel. And they talk about Kashmir, They warned to the indian hackers that India hackers does not secure indian politician websites.
On this type of message PCA does not stop to attack on indian biggest websites, They continuosly target on indian websites.
If this cyber war running like that then I think Cyber War does not stop to anyway.

On site The Message is given by PCA shown @ below...
"
Hacked by TriCk aka Saywhat? & TaZii -[ TeaMp0isoN - Pak Cyber Army ] -
We Warned Indian Script Kiddies Yet they ignored us, the outcome of them ignoring us is sonia gandhi getting hacked.


The Biggest terrorists in the world are India, USA & Israel -
Everyday 100s of innocent people are killed in kashmir for no reason,
india is supposed to be the new home of ICT yet you cant even secure
your politicians websites.. - Message to Indian Skids: We Hacked your
Prime Minister while your sitting at home using google dorks to find
sites to perform SQLi on,

We Are (TeaMp0isoN): TriCk aka Saywhat? - Luit - eXhAiL - Hex00010

Greets to: ZombiE_KSA - PakCyberArmy - TaZii - Code5 - Shak -
Net.Cracker - root@localhost - xTreMisT - ZHC - MindFreaK - Spider -
PAKhaxors - E.T.A - TheSin - p0ison.org - pakcyberarmy.net
"

.......we just say one thing "Stop This Cyber War" there is nothing to get........

Read More

Rahul Gandhi's email server hacked

A hacker breaks into Rahul Gandhi's email servers

NEW DELHI: This is one aam admi outreach Rahul Gandhi will not appreciate.

In April, when the Congress general secretary was in the thick of poll campaigns, hackers broke into two servers created by him for family constituencies in UP. Passwords were illegally accessed and the internet address tweaked to redirect users to an engineering college website. The web servers, amethinet and raebareli, are maintained from Rahul Gandhi's bungalow by his team of technical experts.

On April 8, some of them noticed suspicious activity in the computer systems. The site was getting redirected and the email accounts had been broken into. They immediately lodged an FIR, stating, "officials found that amethi.net website is not accessible". A case was registered under 66 Information Technology Act. The Special Cell of Delhi Police, which is handling investigations, is now on the lookout for the hacker.

"Technically, the hacker has cracked the whole domain system of the server and used an email to get the passwords," a senior officer who is part of the investigation said. The hacking reportedly took place between April 4 and 19.

Sources said the servers and websites at 12 Tughlak Lane had information on the constituencies of Rahul Gandhi and his mother, Congress chief Sonia Gandhi. The young MP's house is also a hub of policymaking for the Youth Congress and the systems store huge databases in terms of constituencies, individuals and trends, they said.

Amethinet and raebareli were created specifically to address the constituents, but the former, after hacking, opened onto www.pdmce.ac.in, the website of an engineering college in Bahadurgarh, Haryana. When Rahul's team checked the domain name system (DNS) of the website, it showed an IP address different from that of Rahul Gandhi's network. "Amethinet domain is registered with godaddy.com domain and when officials tried to log in to the domain management console, it was not working," the FIR said.

Email IDs created for password recovery was also hacked. "The login and password for the email was also not working," said the complaint. As experts reset the password for amethi@hotmail.com and accessed the account, they found several suspicious emails. "These emails were sent by domain management console, godaddy.com (of amethinet), to an unknown person on his request regarding password recovery," says the FIR.

Officials said the recovered emails revealed the times at which the IP address password recovery requests were generated by the hacker. "The unknown hacker has cracked all of our domain management console passwords using password recovery email account amethi@hotmail.com and has made changes in DNS zone files so that it got redirected into some other websites," the FIR said.

Read More

Cyber security plan proposed by White House

 

US officials have said government and private systems are attacked millions of times per day

The White House has proposed legislation to protect the country from cyber attacks by hackers, criminals and spies.

Under the plan, companies that run infrastructure like power plants and financial systems would get incentives to make sure their systems are secure.
The Department of Homeland Security (DHS) would also have the authority to impose its own security on industry.
Similar legislation is already being discussed by Congress.
US officials have said government and private systems are attacked millions of times per day.
Too weak? The plans are designed to counter threats such as foreign nations attempting to steal sensitive data and computer hackers attacking financial institutions.
The White House proposal would empower the DHS to step in and develop security systems for institutions like financial and energy firms, if US officials felt the companies failed to have adequate measures.
An independent organisation would then be brought in to evaluate the security measures.
Some business leaders have said they would prefer a voluntary programme rather than government mandates.
The administration hopes the bill will be passed this year.
But other critics say the plan is too weak and lacks a sense of urgency.
Former senior Homeland Security official Stewart Baker told the Associated Press news agency: "It tells even critical industries on which our lives and society depend that they will have years before anyone from government begins to evaluate their security measures."
Various House and Senate committees have been working on cyber security legislation for the past two years, waiting for the Obama administration to propose its own version.
The two proposals differ in that the House and Senate want the White House cyber co-ordinator to be subject to Senate confirmation, while the White House has rejected that idea.

Read More

CYBER CRIME INVESTIGATION CELL (MUMBAI)

Do and don't for mobile user

Don’ts

• Please do not click photographs without permission by your  mobile phones. You are invading the privacy.
• Do not send obscene/pornographic text, images. SMS.
•  Do not send obscene/pornographic text, MMS (multimedia messaging service)
•  Do not receive from or reply to sms/mms of strangers.
•  Do not transmit obscene/ pornographic material, as it is an offence under Information Technology act –2000.punishment         is 5 yrs imprisonment and 1lac rupees fine.
•  Do not call to the unknown phone/mobile numbers you get while chatting or exhibited on various profiles on Internet.  Which you are not familiar with. If you do you may be causing harassment on behalf of other person.
•  Do not keep your Blue tooth  open to all,  you may receive obscene/phornographic text, images and viruses.
•  Do not give your mobile numbers while chatting on INTERNET to avoid “STALKING”.
•  DO not handover your mobile phone to unauthorised service center, to avoid CLONING.

      Do’s

• Note down your IMEI number.
• Security pin code should be used to avoid misuse of your mobile phones.
•  mms/sms received should be checked before opening the message.
•  Delete obscene/phornographic text, images. SMS/MMS.from your mobile phones.
•  Anti-virus software should be loaded in the mobile phone.
•  Mobile phone keypad should be locked after every use.
•  Use your mobile phone when necessary

 

Read More

How to catch a cyber criminal? Do it yourself

Hii! This is Pc Hackers Guru Know Many about Hacking
Though law enforcement has come a long way in fighting e-crime, its efforts are still only scratching the surface and businesses are learning they must build cases against culprits themselves, says Ron Condon.
One big attraction for anyone getting into cyber crime is the slim chance of getting caught or punished. Many big companies that fall victim, notably the banks, often choose to sweep the event under the carpet rather than face the shame of admitting they have been hacked.
If they catch the culprit, they are likely to let him go free in exchange for keeping his mouth shut. If crimes are reported to the police, they have little chance of being successfully prosecuted. Law enforcement has much higher priorities, and its resources for chasing computer crime are limited.

Most successful prosecutions result from a large company putting in its own resources.

John Lyons, formerly of the UK's National Hi-Tech Crime Unit, and now a security consultant, says: "Law enforcement is only able to take on the top three per cent or four per cent of the most serious crimes." And with jurisdiction limited by national borders, their ability to pursue overseas criminals often depends on personal contacts in foreign police forces, rather than any formalised system for sharing information.
But with organised criminal gangs making greater use of the internet to commit offences and launder the proceeds, there is a growing recognition that if we do not take action against them, they will make the internet unusable for legitimate users.
In a paper delivered in March last year to the United Nations Congress on Crime Prevention and Criminal Justice, Scott Charney, Microsoft's head of trustworthy computing, outlined the argument for a joint response from law enforcement and private industry.
The problem for traditional law enforcement in tackling cyber crime is, Charney said, the sheer scale and international nature of the task. "The government cannot be primarily responsible for defending against attacks in the virtual world," he said. "The potential avenues for abuse and the number of potential attackers are simply too many and too hard to identify."
On the other hand, private companies do not have the authority to act alone. He therefore proposed a joint approach with both sides playing an active role and co-operating at a number of levels.
The Botnet Task Force, which held its fourth meeting in Lyon, France, this month is a good example of the joint approach. Initiated by Microsoft in 2004, it now has the support of Interpol and acts as a means of building awareness and providing training for law enforcement.
The private-public approach to law enforcement is already taking hold at grassroots levels too, as companies realise they must take prime responsibility for gathering evidence.
Dave Jevans, who heads the US-based Anti-Phishing Working Group, says: "The main glimmer of hope is that the banks have realised they need to do something. Most successful prosecutions result from a large company putting in its own resources - for instance, a team of lawyers and IT guys and investigators - who liaise with law enforcement to make it happen. They find the names and addresses, and they track where the money goes, and they present the evidence to make a case. But there is only a handful of companies that can afford to do something like that."
Lyons says any company suspecting it is the victim of cyber crime should contact the police and work with them to agree a way forward. The police can advise on what evidence to gather and then the company can use its own investigators. "In this way, the police take an advisory role and you do the legwork yourself," he says.
Private investigation companies have the advantage of working across national boundaries, which can be useful, for instance, when following money stolen in phishing scams.
Alan Brill, managing director of Kroll Technology Services, says his agents work closely with local law enforcement and follow the same standards of evidence as the police themselves. "The police do a great job with limited resources and budget but they can only handle the really serious criminal activity," he says. "But with the FBI, state and local police involved, it can take weeks or months before they can handle the evidence you've assembled."
He counsels getting trained forensic investigators involved immediately, so they can take an image of infected machines. "You don't get a second chance to take a first look," says Brill, adding that he has had cases of lawyers powering up a machine and losing vital evidence. "You need to get the data imaged, and then you can start making decisions, and give yourself more options."
In another current case being handled by Verisign Security services on behalf of a UK bank, the company had to investigate fraudulent transactions carried out by workers at the bank's offshore call centre. A company spokesperson explains: "We did the forensics, all the process diagrams and put together the case material. We showed what went wrong, we got the money back and changed processes to make sure it didn't happen again." The evidence is now with local police for prosecution.
And yet, despite this activity, we still seem to be scratching the surface of internet crime. Earlier this month, the US Federal Trade Commission joined forces with 30 other countries in the OECD to propose international efforts to combat spam. This advocates greater co-operation between countries in investigations and prosecution.
How they hope to make that work is less clear. The US CAN-Spam Act has been roundly condemned as being ineffective and even encouraging the growth of spam, while EU legislation requires consumers to opt-in before they can receive direct email.
Without more agreement by the legislators, it looks as if the private efforts of organisations such as Spamhaus and the legal muscle of big ISPs are more likely to make a dent in the activities of the cyber criminals than the work of law enforcement.

Read More

CBI Website Hacker By 'Pak Cyber Army "

Hii! This is Pc Hackers Guru Know Many about Hacking
New Delhi:  In a major embarrassment, the website of the Central Bureau of Investigation (CBI) was hacked on Friday night by programmers identifying themselves as "Pakistani Cyber Army".

The home page of the CBI website had a message from the 'Pakistani Cyber Army' warning the Indian Cyber Army not to attack their websites.

The CBI website, supposed to be one of the most secure websites, is connected to the command centre of world police organisation - Interpol - 24x7.

The message from the hackers also spoke about the filtering controls provided by the National Informatics Centre (NIC), a body which mans computer servers across the country. It also claims to have hacked another 270 websites.

Intelligence agencies have been often warning the government that proper cyber security was not being ensured in government offices and that no security audit was being carried out.

The website has still not been restored. In a late night statement, the investigating agency said, "CBI is aware that its official website has been hacked and defaced. An inquiry has been launched and necessary remedial measures are underway to restore it."

Telecom Minister Kapil Sibal has said that the cyber attack on the CBI website is serious issue and that he would look into it. "These are important issues, we will look into it," Sibal said. (Watch)

Speaking on the issue, Supreme Court advocate and cyber law expert Pavan Duggal said the hacking of CBI website is an act of cyber war. "I think this is not a mere hacking incident. It is a step towards a cyber war," he said.
 

Read More