DNS Cache Poisoning attack on Google ,Gmail , Yahoo ,Youtube

Ha Hacker with nickname AlpHaNiX deface Google, Gmail, Youtube, Yahoo, Apple etc domains of Democratic Republic of Congo. Hacker use strategy so-called DNS cache poisoning. What is Cache Poisoning Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. When a Web...

Read more...

Mantra - Open Source Security Framework

Mantra - Mantra is a collection of hacker tools, add ons and scripts based on firefox . Firefox is an hacker friendly tool from starting , its rich assets are its addons they only work has an independent tools for hacking. A group of security professionals integrated all this add ons, scripts and made a framework called mantra. As of now Mantra is just a security toolkit rather than a full-fledged framework Some of the features of Mantra 1. Its...

Read more...

Maharastra Highway Police Website Got Hacked

                                   Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name "powerin10" take responsibility to hack Maharashtra...

Read more...

WPScan - Wordpress Security Scanner

 Wordpress Security Scanner WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. WPScan is written in Ruby The features of WPScan are :   It will enumerate the Usernames   Weak Password Cracking   Plugin Vulnerability Enumeration   Version Enumeration   Vulnerability Enumeration   etc ........ It can be free downloaded from http://code.google.com/p/wpscan/ OR It...

Read more...

Plecost - Wordpress fingerprint tool

Plecost A Wordpress finger print tool available in open source with Backtrack 5 Plecost retrieves the information contained on the Web site to be analyzed, and also allows a search on the results indexed by Google. It bases your analysis from information contained in the files of development included by WordPress and them plugins. The plugins list is generated based on the list of "Most populars" from wordpress.org, and linked with related...

Read more...

WafW00f - A Web Application Audit Tool

WAFW00F - Web Application Firewall Detection Tool WafW00f is written in  phython and is available freely on the net, the tool is developed By Sandro Gauci && Wendel G. Henrique. they mentions that Web Application Firewalls (WAFs) : can be detected, because they leave several signs can be bypassed by changing the attack in order to avoid rules To help detect and bypass WAFs, they released wafw00f WAFW00F allows one to identify...

Read more...

Google offers encrypted Web search by default

Google announced today that it will encrypt by default Web searches and results for users who are signed in. People who don't have a Google account or are signed out can go directly to https://www.google.com, the company said in a blog post. Encrypting the communications between an end user and the Google search engine servers will protect against snooping by anyone who might be sniffing on an unsecured Wi-Fi network, for instance. Secure Sockets...

Read more...

Mobile Malware Is on the Rise, but Is It a Real Threat?

Smartphones and tablets may be the hottest tickets in electronics today, but with that marquee status comes a dark side. Mobile viruses on the rise, and 2010 saw a huge increase in malware on mobile devices, up 46 percent from 2009, says a new threat report from security software maker McAfee. The increase in mobile malware isn't unexpected, as smartphones have become more popular in the last year, with smartphones recently passing PCs in sales...

Read more...

What Is Doxing? – Doxing And It’s Uses

Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company. You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information...

Read more...

How to Change MAC Address

In computer networking, the Media Access Control (MAC) address is every bit as important as an IP address. Learn in this article how MAC addresses work and how to find the MAC addresses being used by a computer... What Is a MAC Address? The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN. MAC addresses...

Read more...

White hat hacker exposes NASA servers' vulnerabilities

White hat hacker exposes NASA servers' vulnerabilities A Romanian "white hat" hacker has claimed to have broken into a site of the National Aeronautics and Space Administration (NASA), and published a screenshot of the compromised server on his site. White hat hackers are programmers who break into computer systems for the sake of exposing security flaws, instead of exploiting them for malevolent purposes. In this case, "TinKode" hacked a file transfer protocol (FTP) server related to NASA's Earth Observation System at Goddard Space Flight Center. "I don't do bad things. I only find...

Read more...

Private and Public IP Addresses

What are Private and Public IP Addresses Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand. What are Public IP Addresses? A...

Read more...

Surf Web Anonymously with TOR

What is TOR ? Tor-proxy is a free proxy-server service that Internet users can use to hide their IP address while surfing the Web. An IP address is a number used to identify computers on the Internet, and for reasons of safety and security, it may sometimes be desirable to hide the address. What is Vidalia ? Vidalia is a GUI (graphical user interface) implementation for Tor, It allows the user to start, stop, and view the status of Tor;...

Read more...

How Firewall Works

If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." How Firewall Works ? Firewalls are basically a barrier between your computer and the internet. A firewall...

Read more...

How to Surf web Anonymously with Proxies

Are you looking to surf the Internet without anyone knowing your location or details? Do you want to regain access to a banned website or forum? Well you’ve come to the right place as in this article I will answer the frequently asked question, How to Surf the Web Anonymously? , How to access restricted websites?There are many ways to surf the web anonymously. But the best way to surf the web Anonymously without spending a single penny is by using...

Read more...

RFI(Remote File Inclusion)

Remote File Inclusion Remote File Inclusion ( RFI ) allows the attacker to upload his file on a website server using a script. Remote File Inclusion is a common vulnerability found in many websites. Using RFI you can literally deface the websites, get access to the server. Here i am going to describe this. Searching the Vulnerability:Remote File inclusion vulnerability is usually occured in those sites which have a navigation similar to this: www.anywebsite.com/index.php?page=something If you want to find more website like this try is with google dork.inurl:index.php?page=After going...

Read more...

Google Hacking

Google hacking doesn't mean to hack Google. Google hacking term used when a hacker tries to find vulnerable targets or sensitive data by using the Google search engine.In Google hacking hackers use search engine commands to locate sensitive data and vulnerable devices on the Internet. Google supports a multitude of operators and modifiers that add a ton of power to google searchingI am going to explain some operators used in Google hackingintitle:Syntax: intitle:operator This will return all the pages that have word entered after the intitle (as we used operator here) in the title of the page....

Read more...

Block any Website on your computer without any software

There are many people who want some website inaccessible from their computer. Most of the parents want to block some websites on their computer system. Here i am going to write a well known an easy way to do this.Steps:1. go to C:\WINDOWS\system32\drivers\etc2. Find a file named "HOSTS"3. Open this file in notepad4. Under "127.0.0.1 localhost" Add 127.0.0.2 www.xyz.com , Now www.xyz.com site will no longer be accessible. You can add as many url of websites under this by increasing last no. of ip as 127.0.0.3 www.abcxyz.com127.0.0.4 www.xyzas.com an so on. To unblock these website only erase...

Read more...

NMAP Tutorial

I think everyone in the security field known this popular tool, recently evolved into the 5.x series. Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are...

Read more...

Websecurify - Free Web Application Vulnerability Scanner

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Websecurify is an integrated web security testing environment, which can be used to identify vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated...

Read more...

Cross Site Scripting

Previously I wrote about the OWASP top 10 vulnerabilities. However my GURUJI asked me to post each topic individually.Cross Site Scripting Robert ‘rsnake’ Hensen is considered as Guru of XSS .Lets learn about what the XSS is Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Cross-site scripting holes in general can be seen as vulnerabilities which allow attackers to bypass security mechanisms. By finding clever ways of injecting malicious...

Read more...

OWASP Top Ten 2010 Web App Risks

"OWASP was started in September 2000 with its mission to create an open source community where people could advance their knowledge about web application and web services security issues by either contributing their knowledge to the education of others or by learning about the topic from documentation and software produced by the project. At the time the web application security market was just emerging and certain vendors were pedaling some significant marketing claims around products that really only tested a small portion of the problems web applications were facing and service companies...

Read more...

Stratiform Makes Tweaking Firefox’s Looks Simple

Usually, changing your Firefox browser's looks requires a CSS tweak, an about:config switch, or specialized downloads. Stratiform is an all-in-one add-on that offers a variety of button, toolbar, and other visual element switches. Try out new themes and switch back without any hassle. As Stratiform's developer notes, these...

Read more...

How to Trace Mobile Phone Numbers

Today in India (Not only in india ) everyone from child to older man is having mobile phones. with the rapid growth if mobile phone usage in recent years, we have often observed that the mobile has become a part of many illegal and criminal activities. So in most cases tracing a mobile number is became a vital part in the investigating process. Also sometimes we just want to trace a mobile number for reasons like prank calls and blackmails and missed...

Read more...