I hope everyone has heard the story of fox under sheep hood in primary school, where fox wears a sheep skin to mingle among sheep and eat them without any suspicion. Well, same is the case with Googlebot disguise mechanism. But before getting into technical stuff, lets just look into WHY we need to disguise the browsers in the first place ?
Many websites and top forums for e.g. Webmastersworld have premium section’s where you need to pay or have need special rights to enter into those forums. But surprisingly enough, Google, the search engine giant can easily index all of those premium pages too. Does that mean Google signups (and pays) each of those sites?
NO !
The big brother has lot more important stuff to do than registering thousands of those forums or blogs. Actually, almost all of those sites have special setting on their server which allows all the HTTP_REQUEST from the major search engines (or bots) to read all of their files residing on the server irrespective of their content type [using robots.txt].
The following idea is actually exploitation of the same permission by disguising your browser into Googlebot [Google Search Engine indexing engine], so that those sites thinks your browser HTTP_REQUEST as Googlebots request and would easily allow to browse those privileged sections.
The parameter we have to change is called the User Agent. The user agent defines the browser and version that you use. For example it would show Internet Explorer as your browser if you are using this one.
You need to alter your settings to the following:
User Agent: Googlebot/2.1
Compatible: http://www.googlebot.com/bot.html
You can do so in Opera with ease. Firefox offers an extension which is downloadable from the official website.
For Internet Explorer you need to change registry entries.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent] @="Googlebot/2.1" "Compatible"="+http://www.googlebot.com/bot.html"
Save this as ua.reg and execute.
To revert the changes back, you need the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet Settings5.0User Agent] @="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Save as oua.reg and execute.
Voila !
You can know browse those pay sites without paying single penny !
Note All tips & tricks posted on this website is for fun & educational purpose only. Secinfinity bears no responsibility upon any damage caused by using those ideas.
It’s not been a month, iPhone was launched and its hackers are already breeding. The coolest gadget of 2007, iPhone, is already under attack by some teen enthusiasts, who want to do everything that the iPhone doesn’t allow them to do. Afterall, rules are meant to be broken.
A teenager, who is just out of high school (two weeks to be specific!) claimed to have reverse engineered the iPhone system. He along with his online community claims that they have successfully used iPhone with other smart cards and networks (not AT & T). The Online Wiki Community have already demonstrated how to use other cellular networks apart from AT & T, how to transfer/share files to the phone and from the phone irrespective of inherent security.
Just few hours ago, the online cummunity posted a major breakthough;
MAJOR BREAKTHROUGH: We have obtained serial access to the bootloader without opening the phone. Click here for instructions.
Whether you want to protect your computer data, or your online accounts you need a strong password for your assets to be safe. These days there are many passwords cracking tools available for free download.
To protect your computer from password crackers by creating a strong password, simply follow the tips listed below:
1. Never ever use things from your personal life as passwords, for e.g. your name, birthday etc.
2. Do not use password generators to create strong passwords because some password crackers might use a decrypting process to reverse it.
3. Make sure that your password is reasonably long. If you use Microsoft Windows, make sure that it is at least 15 characters long. This protects you against brute force attacks.
4. Make sensible use of special characters, upper case, lower case, and numbers to create your password. For e.g., MyP@ssw0rdisE@sy
5. Do not use Inversed words because they are not difficult to crack. For e.g. if you inverse a word “password” to “drowssap” that won’t be of much help.
6. If you have to write down a password, make sure that it is locked securely. Do not ever leave it exposed.
7. Use words and phrases that are easy for you to remember but hard for others to guess. For e.g. “Myn@me!sS@11y” is a password that originated from the sentence “My name is Sally”.
8. Avoid the words in dictionary.
9. Do not store your passwords online. If somebody ever gets access to the files in which you have stored your passwords, you can imagine the amount of damage he/she can do to you.
10. Change your passwords regularly. It is recommended that you change your password at least once every 42 days.
11. Use the password security meter from http://www.securitystats.com/tools/password.php to check the strength of your password.
Footprinting is the technique of gathering information about computer systems and the entities they belong to.
-Wikipedia
It is one of the phase in which the attacker gathers information about the target system before starting his attack. Footprinting can expose system weaknesses and help the attacker to exploit it. For example, an attacker might use a port scanner on the remote host to learn about the open ports. Another example would be visiting the organization’s web site to look for information that might be useful.
There are many techniques that can be used during footprinting. They are explained below:
1. Ping Sweeps: pinging a range of IP addresses to find out which hosts are running.
2. TCP Scans: Using port scanners on hosts to see which services are being offered.
3. Open Source Footprinting: Finding out information such as phone numbers, addresses, performing whois queries etc.
4. Network Enumeration: Performing various queries on the whois databases found on the internet. The hacker simply queries the domain registrar to find out the information they are looking for. There are five types of queries which are listed below:
Registrar query: This type of query gives information about the potential domains that matches the target.
Organizational query: This query searches many different domains associated with the company.
Domain query: This query can be used to find the company’s address, administrator and his/her phone number and the system’s DNS servers.
Network query: This query can be used to query ARIN (American Registry for Internet Numbers) for the IP Address blocks owned by the company.
POC query: This query can be used to find out the number of IP Addresses that a host may have.
5. DNS interrogation: Using tools such as Nslookup, Agnet to query the DNS about the target. IT also involves performing DNS Zone transfer from improperly secured, unsuspecting DNS servers.
Once the hacker has footprinted the target system, the next step is usually the enumeration of services running on the target to find out the vulnerable places to break in.
Computer spies very cooly and suavely break security areas of users who are not aware of such happenings. A new bug has hit the computing world - SPYWARES. As if viruses, spam emails, phishing were not enough to cause millions of dollars of loss, this new breed of security attack evolved. Spyware has grown from an annoyance into a full-fledged threat to computer security.
These spywares and adwares install themselves on the computer without the user knowledge and thus, start working unknowingly.
Major Information Hijack Threats;
Coyly read your credit card numbers while you are typing somewhere else and relay it to the thieves.
Ecommerce portals already have enough threats from the hackers, who regularly attack their servers to garner client’s credit card numbers.
Now enters spyware, who steals your credit card numbers even before your number reaches to those ecommerce portal servers. These spywares capture your keystrokes while you are typing your credit card numbers and relay it to their boss without your knowledge.
Gather personal information like SSI, Bank Details, passwords
Some of the major destructive spywares are notorious for gathering your valuable private data. These spywares, just waits for you to login into your online bank accounts and whenever you do, they will log your keystrokes (a.k.a keyloggers) whatever you type and later relay to their cheif (thieves). You log into your online banking account to see whether you recieved your weekly paycheck this week or not?
You see the transaction and securely log out.
Then Baam !
Next day you see your account balance ZERO!!
Its not just bank account numbers, even your password to all kinds of online accounts be it mail, web server (FTP) or regular email accounts, everything will be on stake if you try to login from a spyware infected PC. We are well aware to login into our valuable accounts only in private, where no one could see what we are typing but unfortunately this invisible SPYWARE is still watching your moves.
Garner your web surfing habits and resell your profile them to online adverting companies
So for. e.g. if you surf porn regularly, then this information might be very useful to porn website owners, you are their perfect client. They may pay more than $10 per profile. Then from next day, you might be getting lots of porn email offers or telephone calls. And you thought, your wife might have been spying upon your dirty habits?
Duh !
A recent review states that almost nine out of every ten computers are affected with spyware. This is because most home users are unsuspecting and also freely use the internet for all purposes. There are numerous spyware scanner, cleaner and detector software available in order to protect your PC from these spywares.
Spyware cleaners immunize the system from harmful spyware, adware, Trojans and cookies. They continuously monitor and protect the computer from infections and tracking cookies. Spyware cleaners establish a barrier to prevent further spyware from entering the system. To escape being discovered most spyware programs keep changing their names often and also like viruses they keep constantly plaguing the computer.
Click here are the list of top free anti-spyware software.
In these days of high bandwidth connections, it is needless to say that hardening your computer from hackers is most important. In this blog, I will try to explain about network ports, their types and steps to securing your computer from being accessed by hackers through those ports.
What is a port?
To explain what a port is, I will use an analogy between the computer and the telephone. Port numbers and their associated IP addresses work something like telephone numbers and associated extension numbers. One can say that an IP address is like a telephone number which is unique. A port number is like an extension number that is used to identify a single telephone set within an organization. Different organizations use the same extension numbers inside their primary phone number. Similarly different PCs use the same range of port numbers for different purposes.
In a computer, there are multiple ports which host services of different kinds. For example TCP (Transmission Control Protocol) port 80 is for hosting web services,
Port 25 is for sending email, port 23 is for remote login through telnet etc. When you give somebody access to your computer, either you can give access to all the ports or you may give access to a particular port, depending on the type of service you want to host or his/her requirements.
What are port types?
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151.
The Dynamic and/or Private Ports are those from 49152 through 65535
1. To determine the open ports in your computer, download a freeware called FreePortScanner from www.nsauditor.com and run it.
2. Use a firewall program to block all inbound traffic and only open the ports for necessary outbound traffic like FTP(21), HTTP(80), HTTPS(443), DNS(53) etc. The benefit of allowing outbound traffic for well known ports only is that if viruses, worms or Trojans try to establish outbound connections through unknown ports, they will be blocked as well.
A nagging test which always seems like extra burden even after you have paid for your windows is Microsoft Genuine Windows Test. Whenever you try to install or update any of the microsoft windows related software, Microsot download centers first requests you to pass this test. It’s an automatic validation of your OS.
Today, one Ubuntu Lunix user tried something strange. With the help of emulation program (Wine) and browser (IE4Linux). The user tried to download Microsoft Windows Defender and tried running Genuine Advantage test. Surprisingly, he passed the test. He had even recorded those steps and have placed on free file sharing server. Click here for more information.
Whether you want to protect your computer data, or your online accounts you need a strong password for your assets to be safe. These days there are many passwords cracking tools available for free download.
Computer spies very cooly and suavely break security areas of users who are not aware of such happenings. A new bug has hit the computing world - SPYWARES. As if viruses, spam emails, phishing were not enough to cause millions of dollars of loss, this new breed of security attack evolved. Spyware has grown from an annoyance into a full-fledged threat to computer security.