China is a haven for hackers, crackers, spy ware nuts, and general bad apples: China is the world center for malicious computer use

China is the world center for malicious computer use. Computer security experts have exposed China as the base of operations for 30% of the world’s malicious email, making China a haven for hackers, crackers, spy ware nuts, and general bad apples. However, within China, there is the city called the cybercrime capital of the world, Shaoxing. This eastern Chinese city is responsible for 21.3 percent of all targeted computer attacks. One city is responsible for over a fifth of all the world’s hacker email activity!

In a country where the Internet is on lock down, you have to wonder if this is some sort of plan by the Chinese government. They wield the Internet like a bo staff in the hands of a Shaolin monk; are they working on an army of cybersoldiers? Or is this just some extracurricular capitalism? That’s too much concentration in one area for this not to be some sign of a bigger force at work.

Other cyber news related to China:

China Looks to Increase Capacity for Cyber War

Go Daddy to Stop Registering .cn Domain Names in China

Google To Shut Down Chinese Division In April | Leaving China On April 10th

Cyberwar: How China’s Hackers Threaten the U.S. Armed Forces

China paper slams US for cyber role in Iran unrest

People are Easier to Hack then Networks: Proves GoogleHack in China

read more "China is a haven for hackers, crackers, spy ware nuts, and general bad apples: China is the world center for malicious computer use"

Google Chrome Retains Its Lustre in Hacking Contest Pwn2Own | A yearly Competition event in Vancouver with princely sum of $10,000

The tech blog on Forbes.com reports that the Pwn2Own competition in Vancouver is a yearly event where software hackers attempt to circumvent and compromise some high profile scalps from the software world. This year the very popular Firefox, Safari and Internet Explorer earned their respective hackers the princely sum of $10,000.

Big news that for the second year running Google’s up-and-coming Chrome browser walked untroubled from the hacking-fest, detractors may try to play this down to the relatively small portion of the market that Chrome commands, but Safari has even less market share but found itself compromised by the researchers.

Google would no doubt vaunt Chrome’s inherently secure “sandboxing” structure as the reason for these back-to-back results, but this must really put a line in said sand for next years competition. Surely any hacker looking to make a reputation for themselves will look at this browser security figure head with aspirations of making their mark.

For home users this asks the question whether this is a good reason to swap browsers – in my opinion I would look whether the browser is actively being developed, if there are regular security updates then many of the issues that effect the average web user should hopefully be addressed.

..More information can be found on Forbes.com Firewall Blog and the Google Chrome homepage.

read more "Google Chrome Retains Its Lustre in Hacking Contest Pwn2Own | A yearly Competition event in Vancouver with princely sum of $10,000"

Xbox Live Director Got His Account Hacked

It has been confirmed that Larry Hryb, Director of Programming for Microsoft's Xbox LIVE online gaming network, has had his Xbox LIVE account hacked when he was attending the inaugural PAX East video game convention in Boston. The account hijacker even uploaded a video to its official site to demonstrate the access. Though the Microsoft's policy and enforcement director for Xbox Live, Stephen Toulouse has stated that Hryb's account had been restored and the hijacking was very specific and very targeted to Major, some interesting discussion still goes on.

To see the hacker's video, click here

read more "Xbox Live Director Got His Account Hacked"

Beware of Emails from Google, Hallmark, Twitter: New wave of spam attacks spreading variants of Vundo and Buzus trojan

 Be careful before opening emails from suspicious or unknown senders, as online security firm eScan has warned of malicious malware that are more potent that earlier variants. Security experts have said that the new variants are network aware and pose a great danger to corporate networks, as a single infection can lead to a network outbreak within an hour.

eScan has warned against opening emails or attachments with subject lines such as, "You have received A Hallmark E-Card!", "Your friend invited you to twitter!", "Thank you from Google!", "Jessica would like to be your friend on hi5!" and "Shipping update for your Amazon.com order 254-71546325-658732". These emails also carry zipped attachments that have been found to contain new variants of the malware.

The "You have received A Hallmark E-Card!", spam email comes with postcard.zip or a similarly named attachment. The payload in the zip file contains malware that has the capability to mass mail message(s) with the built-in SMTP client engine to the email addresses harvested from the local computer. The payload also contains a malware with the characteristics of Vundo (a.k.a VirtuMonde/VirtuMundo), a trojan horse that cause popups and advertises rogue antispyware programs. Vundo can infect a system when a browser just visits a website link contained in a spammed email. It is known to add itself to the startup registry, create a DLL file in the Windows system32 directory and inject it into system processes winlogon.exe and explorer.exe. The malware can also send downloads/requests to get other files from Internet and spread quickly by itself in a network.

Another email doing the rounds is taking advantage of the popularity of social networking sites such as "Twitter" and "Hi5" to spread. These spam emails carry a deadly payload of a variant of the Buzus worm that is a network aware bot creating trojan. On infection, it creates a startup registry entry and modifies the host files to prevent access to security websites.

To avoid such catastrophic scenarios, use reputed and genuine security software and have the latest security updates installed in your system.

read more "Beware of Emails from Google, Hallmark, Twitter: New wave of spam attacks spreading variants of Vundo and Buzus trojan"

5 More sites for budding hackers

Last time I wrote about 5 sites for budding hackers and shared websites which I visit regularly for knowledge and  queries.This time I m expanding it by sharing 5 more sites which in general are the best place to hangout and devote time if you are a budding hacker. Remember,as I repeat my words, NOBODY can make you a hacker, its your passion that makes you one. But for starters,here are some really good websites to have a look into.

Securityfocus
since its advent in 1999,securityfocus has focused on high quality original technical papers and original content.SecurityFocus was formed with the idea that community needed a place to come together and share its collected wisdom and  knowledge.The bugtraq here is of high volume and consists of full disclosure mailing list for detailed discussion and announcement of computer security vulnerabilities.

Packetstormsecurity
Packet Storm is a a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure networks on a global scale.It offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.

Rootsecure
Proclaimed as the Security News Site For Systems Administrators & Hackers,Rootsecure provides comprehensive hand picked links to the new security related news articles every day, along with a daily mailing list bringing the latest security news direct to your inbox every morning.

Irongeek
Adrian Crenshaw's information security site which specializes in videos and articles that illustrate how to use various pen-testing and security tools.

Darknet
Sited as one of the top 5 security blogs,its always updated with latest news in information security. It offers latest tools of trade,updates to security tools and comments on various security topics which are not mainstream otherwise. A great site to learn and bookmark.

Keep learning

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.


POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: hacking tools,links,security,rdhacker,prohack,securityfocus,5 sites for budding hackers,5 more sites for budding hackers,hackers,crackers,hacking sites

read more "5 More sites for budding hackers"

Hackers invade cell phone: A Hawaii Kai man's bill hits $5,000 for unauthorized calls after he answers a call from a phone number he did not know

 Hawaii residents apparently are falling victim to a scam triggered simply by answering their mobile phones.

Callers then hack into mobile phones and use the phone number to make long-distance calls and possibly gain access to other information.

"It's crazy. ... Now, with all these smart phones ... everybody has to be careful," said Hawaii Kai resident Kaulana Chang.

Chang has one piece of advice after his experience: Use caller identification and don't answer unless you know the telephone number of the caller.

Chang, 30, said he apparently answered a call on his BlackBerry from someone with a number in the 866 area code, which is normally set aside for toll-free numbers.

The caller was able to use a computer program to obtain enough information to use his phone number and charge $5,000 worth of international calls to his account.

Chang said luckily, his cell phone carrier, Sprint, was understanding and canceled the charges.

He said the illegal charges accumulated over a six-month period, and he notified Sprint of them.

Chang, who works as an event coordinator and magician, said that four or five times, he was unable to use his mobile phone when hackers were using it, and he lost business.

"It's not just me. I've had some people ... tell me stories," he said.

Cybercrime specialist Chris Duque, who worked for the Honolulu Police Department for nearly 30 years, said the scam has been happening for several years.

Duque said the 866 area code caller used a computer program to gather information to make third-party calls using Chang's number.

"It's pretty common," Duque said.

He said the scam usually originates in a foreign country, making capture and prosecution difficult.

Duque said these kinds of scams financially affect communications companies.

"The industry is taking a hit," he said. "It goes into the millions of dollars."

Duque said if you don't recognize who the caller is, don't respond.

"Personally, I don't answer calls if I don't recognize the number," he said.

Duque said he waits for callers to leave a message, and if he doesn't recognize them, he doesn't call back.

"You've got to be in control," he said. "You don't let the caller be in control."

He said phone users should be especially suspicious about numbers with the area codes 800, 888, 866 and 900.

HOW TO PROTECT YOURSELF

The Federal Trade Commission said to minimize risk of identity theft:


» Be wary of where you put your personal information, including your Social Security number, mother's maiden name, account numbers and other identifying information.

» Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization's Web site by typing its URL in the address line rather than cutting and pasting it. Many companies post scam alerts when their name is used improperly. Or call customer service using the number listed on your account statement or in the telephone book.

read more "Hackers invade cell phone: A Hawaii Kai man's bill hits $5,000 for unauthorized calls after he answers a call from a phone number he did not know"

Facebook Shores Up, Clarifies User Controls Over Privacy

Facebook is shoring up its privacy policy as the social media giant continues to expand its testing of thousands of games and applications, prepares for location-sharing and more of its 400 million users are able to interact with friends through third-party sites.

With a posting on its blog page today, Facebook is inviting users to submit comments on proposed revisions to its Privacy Policy and Statement of Rights and Responsibilities.

It is also announcing possible partnerships with websites that Facebook pre-approves “to offer a more personalized experience at the moment you visit the site.”

“In such instances, we would only introduce this feature with a small, select group of partners and we would also offer new controls,” wrote Michael Richter, deputy general counsel for Facebook.

As its popularity continues unabated, Facebook is facing mounting criticism from U.S. privacy advocates and foreign governments over its lack of privacy controls. It is also hearing warnings from the online security community about its vulnerability to hackers.

“It is important to note that, while we’re still developing many aspects of these products, user control over privacy remains essential to our innovation process and we’ll continue to develop new tools to help you control the things you share on Facebook,” Richter said.

Users can view the redlined deletions and additions to the policies. Most of them involve detailed elaborations on the privacy settings available to users.

One section explains in further detail the “Everyone” setting, which is designed to enable users to share content “as broadly as possible.”

“To enable this distribution, we allow others to see, access, display, export, distribute and redistribute content set to ‘Everyone’ and we’ve tried to make this even clearer,” Richter said.

In another revision, the following has been added:

”Your contact information settings control who can contact you on Facebook, and who can see your contact information such as your email and phone number(s). Remember that none of this information is required except for your email address, and you do not have to share your email address with anyone.”

Facebook has come under increasing criticism from European authorities who contend that Facebook users are posting content containing private information on non-users without getting proper consent.

The issue of privacy extends into the area of online security. Both Facebook and Twitter have come under well-publicized attacks in recent weeks by scammers using phishing emails to gain access to user passwords.

read more "Facebook Shores Up, Clarifies User Controls Over Privacy"

iPhone, IE, Firefox, Safari owned at Pwn2Own

At Vancouver this year,the best hackers flocked to show off their skills CanSecWest conference. Pwn2own 2010 as its called exemplified a platform for beating the best security protections of industry giants and like wise it turned out that it became another grim day for internet security at the annual Pwn2Own hacker contest Wednesday, with Microsoft's Internet Explorer, Mozilla's Firefox and Apple's Safari and iPhone succumbing to exploits that allowed for remote administration.

The rules were simple..use previously unknown exploits and undocumented vulnerabilities to to expose sensitive system data or allow the remote execution of malicious code. In its 4th year of organizing,Pwn2Own has come to highlight the alarming insecurity of most internet-facing software. The exploits were impressive as they bypassed state of art security protocols and mitigations designed by software giants with no sweat. Microsoft’s DEP or data execution prevention, ASLR, or address space layout randomization and the code signing by Apple were thrashed at Pwn2Own.

Halvar Flake, a security researcher for Germany-based Zynamics commented "Code signing by Apple is tough, though I'm not sure if they do it for security or just to lock people into their platform," . Flake compromised the iPhone using an exploit written by his colleague Vincenzo Iozzo. The iPhone's code signing mechanism requires code loaded into memory to carry a valid digital signature before it can be executed. To get around it, the researchers used a technique known as return-oriented programming, which takes pieces of valid code and rearranges them to form the malicious payload.

As a result, hackers were able to create a malicious website that when visited by iPhone allowed to compromise the sms database revealing the list of contacts as well as complete copies of messages that have been sent and received and even deleted ones (unless a user has deleted them manually ).

DEP and ASLR, which Microsoft began implementing with the release of Service Pack 3 for Windows XP, didn't fare much better as Peter Vreugdenhil, a Netherlands-based  researcher hijacked a laptop running IE 8 running on Windows 7 using an information disclosure exploit, a combination widely considered by white hat hackers as among the hardest to compromise.

Firefox running on Windows 7 and Safari were also smitten at Pwn2own.The iPhone hack fetched $15,000 and the browser exploits were awarded $10,000 each. 

The genius of a contest like Pwn2Own is that it exposes the insecurity of software that rarely gets exploited by criminals. Plenty of Linux and Mac fans cite the absence of real-world exploits on those platforms as proof positive that they are inherently safer than the prevailing Microsoft operating system. It's an argument that carried little weight in Vancouver.

"The problem Microsoft has is they have a big market share, said Vreugdenhil, the hacker who attacked IE. "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for opera. The web at the moment is pretty scary, actually."

 

The Register

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

 

Technorati Tags: hacking,security,microsoft,technology news,top articles,rdhacker,prohack,cansecwest,news,pwn2own

read more "iPhone, IE, Firefox, Safari owned at Pwn2Own"

YouTube – Service Unavailable: A YouTube spokesman confirmed the outage without throwing much light on what was happening

Trying to access YouTube this morning proved a little difficult prompting me to wonder if the site had been hacked or was experiencing a denial of service attack. According to the Register a YouTube spokesperson was quoted as saying, "We apologize for the inconvenience, but YouTube is temporarily unavailable. Our engineers are currently working to restore the site."

Though I cannot find any other reports, so this is pure speculation on my part: Last night I noticed that the Google Adsense network seemed to be down for about an hour around 1800-1900 PST. I first noticed that all of the Google advertisements on our site were mysteriously gone at around 1800 PST. I then surfed on over to at least a dozen other sites that I know have Google ads only to discover that there was none displayed their either.

Another round of pure speculation: During the same time last night when Google Adsense was not working, GoDaddy DNS seemed to be having a hiccup. The ACW domain is hosted at GoDaddy and I have a DNS redirect to our blogger site. Around 1800 PST last night, when accessing our site, I received a 'Service Unavailable' message from GoDaddy.

If I am right about the Adsense outage and the GoDaddy issues I was having, then that would make GoDaddy and two major Google services down in less than a twelve hour period. This just days after Google went on the offensive with China and a day after GoDaddy joined forces with Google.

This information has been provided by Mike Wright

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "YouTube – Service Unavailable: A YouTube spokesman confirmed the outage without throwing much light on what was happening"

3 Best Gmail Tips: How to Use Custom Gmail Addresses | How to Use Gmail as a Hard Drive | How to access GMAIL without Internet

Use Custom Gmail Addresses

You can make up an unlimited number of arbitrary email addresses to use. You can use all these addresses when making a purchase online or want to track a conversation or anything else.These email addresses you can create using plus-addressing.

Simply append a plus sign (+) and any string of letters or numbers (meaningful to you). For e.g. my mail id is [email protected]. Now I can create as many custom emails as I can. For all my online shopping’s, I am using [email protected] and to follow any comments stream online I am using [email protected]. I can further create subtags such as [email protected] & [email protected].

The magic of these email address is that all plus-addressed emails I am receiving to my mail id [email protected] itself only. Here I can use filters and labels in Gmail inbox as per my convenience.

Some of my favorite uses of plus-addressing are:

· Informing my mates for biking trip: I am inviting all my Venturous Bikers Team [email protected] and copying myself a copy to keep track. To finalize a trip, it takes around 20-30 days, so I can easily keep track all emails.

· Subscribing News Letters: All my newsletters I subscribed using unique mail ID. For e.g. [email protected] to subscribe www.quickonlinetips.com newsletter & using [email protected] to subscribe hacking sites news letter.

Use Gmail as a Hard Drive

GMail Drive (http://www.viksoe.dk/code/gmail.htm) provides 2+ gigabytes of storage allotted to your Gmail account right onto your desktop. It looks and feels just like a regular hard drive, and it’s not available locally of course. This drive is networked.

Open http://www.viksoe.dk/code/gmail.htm and in download section, you will see Gmail Drive. Download it and install.

Enter your Gmail username and password and click the OK button to log in. Your drive will be ready to use. Simply drag and drop the data and files to and fro between your local drive and GMail Drive.

NOTE: Mac OS X (10.3 or above) users should check out the freely available gDisk (http://gdisk.sourceforge.net) that adds a Gmail-powered drive to your desktop.

TIP: Using this Gdrive, no need to stick with pendrive or any other external drive. Go to your friend’s place, open Grive and copy paste the required data. Now come back to you system and open it. SO SIMPLE.

How to access GMAIL without Internet

Using this gmail tool, you can access all you gmail mails even when you are not connected with internet also. Similarly like we are using outlook for or official purpose, you can use gmail. All you mail you send while offline will be placed in you outbox and automatically send when you connected to internet.

Once you turn on this feature, you need to download gmail gears on your system. As long as you stay connected with internet, this gear will continuously synchronize the cache on local system with gmail server .

Just follow these steps to get started:

· Click Settings and click the offline tab in your gmail inbox.

· Select Enable next to Offline Gmail.

· Click Save Changes.

· A POP up window will open asking to install gmail gears on your system. Click install

· After your browser reloads, you'll see a new "Offline" link in green in the upper righth corner of your account, next to your username. Click this link to start the offline set up process and download Gears if you don't already have it.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "3 Best Gmail Tips: How to Use Custom Gmail Addresses | How to Use Gmail as a Hard Drive | How to access GMAIL without Internet"

France: Man Accused of Hacking Twitter Accounts of several high-profile people, including the official account of President Obama

After an investigation of months conducted jointly with the F.B.I., French authorities on Tuesday detained a 25-year-old Frenchman accused of hacking the Twitter accounts of several high-profile people, including the official account of President Obama and an account for Britney Spears, French media reported Wednesday. The man, known by the alias Hacker Croll, is accused of infiltrating the accounts on Twitter, a social networking Web site, in April 2009. French authorities have not revealed his real name. The man was released Wednesday but is set to face charges in court in June. He could be sentenced to up to two years in prison if convicted.

read more "France: Man Accused of Hacking Twitter Accounts of several high-profile people, including the official account of President Obama"

Go Daddy to Stop Registering .cn Domain Names in China

GoDaddy.com, the world's largest domain name registrar, will stop registering .cn domains in China after the government there has demanded personal information about people who have purchased domain names from GoDaddy in the past, the company said Wednesday during a hearing in the U.S. Congress.

GoDaddy's decision, announced at a Congressional-Executive Commission on China (CECC) hearing, comes after the Chinese government has demanded that the registrar provide photo identification, business identification and physically signed registration for all .cn domains registered through GoDaddy.com in the six years the company has been operating in China, said Christine Jones, executive vice president, general counsel and corporate secretary for the Go Daddy Group, GoDaddy.com's parent company.

"We're concerned about the security of the individuals affected by [the] new requirements," Jones said. "Not only that, but we're concerned about the chilling effects we believe the requirements could have on new domain name registrations, and therefore, the free exchange of ideas on the Internet."

Previously, China's domain-name authority, CNNIC, had only required GoDaddy to collect the name, address and e-mail address of .cn customers, and that information is commonly provided when people register domain names worldwide, Jones said. CNNIC requested the additional personal information for all domain owners in February, and it appeared to GoDaddy that the Chinese government was trying to gain more control over who registers domain names, she added.

CNNIC told GoDaddy that if it did not provide the additional information, "the domain names were going to stop working," Jones said. "We have 40 million domain names under management. We've done this a lot. This is the first time any registry has ever asked use to retroactively obtain information on individuals who have registered domain names through our company."

GoDaddy.com's decision to scale back its Chinese business comes two days after Google stopped censoring search results, news information and photos in China. Members of the CECC praised both companies for taking a stand against Chinese censorship and surveillance.

FOR MORE CLICK HERE

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Go Daddy to Stop Registering .cn Domain Names in China"

The Conservatives party in Britain has been embarrassed after hackers attack on a party website: Visitors redirected to pornography website

The site, called “Cash Gordon”, was intended to highlight the Labor party’s ties to the trade union Unite, with the slogan: “Charlie (Wheelan) gives the cash, Gordon gives the power.” The page was designed to spread the campaign via social networking sites such as Facebook and Twitter. However, hackers discovered that basic security measures weren’t in place on the page.

Visitors to the site found themselves being redirected to pornography websites, or the Labour home page. One of the sites key features was to display any message posted on Twitter if it included the term “#cashgordon”. But pranksters soon took advantage of this by writing anti-Conservative tweets including the campaign hashtag, all of which appeared in a box on the Conservative Party website. One tweet read, “So are the Tories really displaying an unmoderated Twitter stream on a campaign website?” while another said, “Tories can’t work the internet. Wouldn’t trust them to run a tuck-shop.”

Later on Monday it was discovered that the developers who built the Cash Gordon website had not included a standard security device to protect the message facility from outside users. By writing Twitter messages containing “#cashgordon” and their own piece of web code, Internet users they were able to redirect visitors to any other site on the Internet. While some visiters were sent to hardcore pornography websites the “code injection” attacks sent other users to a video of Never Gonna Give You Up, the Rick Astley pop song, in a well-known Internet joke known as “Rickrolling”.

The Conservatives were forced to take down the website so the security loophole could be fixed and so far the problems appear to have been fixed. A party spokesman said, “There was an attempt made to redirect #CashGordon users to other websites. We’ve made the necessary adjustments to the site and the #CashGordon campaign has now led to many thousands people hearing about Unite’s funding stranglehold over the Labour Party.”

Source: Xinhua/Agencies

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "The Conservatives party in Britain has been embarrassed after hackers attack on a party website: Visitors redirected to pornography website"

Halo Custom Edition – Relentless wild fun for Free !!

Some games never lose their charm…They are supposed to be played over and over with friends and foes alike till your fingers start aching and mind gets numb,and no,I m not exaggerating. Halo:Combat Evolved was launched in 2001 by Bungie and it redefined the fps genre then. When it was launched on PC, it gave new horizons on fps genre,making an already good game to an insanely good one. Its been 9 years and the killing has continued. Although not on same level as Counter strike, but still, just jump into a Halo game and you will find plenty of servers out there.Then came Halo Custom Edition..released in 2004 by Gearbox software,its a multiplayer only, standalone unsupported version of Halo on the PC. Halo CE includes several new multiplayer features and options, the most notable of which is the ability to play user-created content.The point of Halo: Custom Edition is to allow game modders and fans to create their own content such as new maps and mods which will hopefully result in a more varied game experience and extend the lifetime of Halo and it succeeds entirely. Along with the ability to mod the game Gearbox Software also fixed a number of bugs and graphical issues that can still be found in Halo: PC.

 

  

I spend my entire weekends having a blast while playing Halo CE with my friends,and trust me, its a blast you wont forget :P You can also find a portable edition with some googling around.

You can download it here

You might wanna also look at Halo Tips and tricks and Learn how to mod it..or you can join me at Xfire :)

 

Cheers

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: halo,gaming,downloads,game downloads,reviews,rdhacker,prohack,halo custom edition

 

read more "Halo Custom Edition – Relentless wild fun for Free !!"

JSKY - Free Vulnerability Scanner

With hordes of vulnerability scanners and frameworks launching everyday (mostly commercial) Jsky makes an impressive attempt to set itself apart by keeping it free and keeping it real by packaging everything in a small package. Don't be fooled by its small size, it packs quite a punch when compared to other professional packages considering its release  version.Good vulnerability scanner ? check ! Web backdoor and SQL Injection? Check ! Directory traversal,sensitive directory and file scan? check ! Jsky is quite promising in its features..

Jsky packs powerful web spider and multi-threaded scanner which crawls hundreds of thousands of pages with ease & allows to extract links from JavaScript and flash.It uses Pangolin as its engine and allows for advanced and in-depth SQL injection,and hence can detect these vulnerabilities exactly with no sweat unlike others which using method of Pattern Matching.Supported databases include Oracle, MSSQL, Mysql, Informix, DB2, Access, Sqlite, Sybase, PostgreSQL and even more. Jsky has a modular design which allows for everybody to code and share their custom modules. Also a XML-based vulnerability file system and an integrated a Web vulnerability executive parser means you can design a vulnerability just by editing the XML file, no need to code any program.
The best part ? ITS FREE !

• SQL Injection
• XSS
• Unsecure object using
• Local path disclosure
• Unsecure directory permissions
• Server vulnerabilities like buffer overflow and configure error
• Possible sensitive directories and files scan
• Backup files scan
• Source code disclosure
• Command Execute
• File Include
• Web backdoor
• Sensitive information

 

I was lying about its bbest part..The best part is that it can also be used to launch and test exploits.. A must have for any security professional :)

Download it from Here

 

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: hacking tools,security,software downloads,rdhacker,prohack,scanner,vulnerability scanner,jsky

read more "JSKY - Free Vulnerability Scanner"

Hackers target Facebook accounts: Beware email comes with a subject line - Facebook password reset confirmation customer support

In an attempt to steal passwords and other vital information, hackers seemingly have released a virus-tainted spam that falsely gathers information, anti-virus software maker McAfee Inc. reported.

The anti-virus maker further added that the spam informs the recipients that the password on their Facebook accounts have been reset urging them to click on an attachment to obtain new login credentials. As the recipient opens the spam harmful software gets downloaded letting the program install on itself.

Facebook claimed that hackers have already tried several times to attack the site and dig out crucial information and alerted users to beware of such spam.

Dave Marcus, McAfee's Director of Malware Research and Communications said that email comes with a subject line - Facebook password reset confirmation customer support.

SOURCE: www.topnews.in

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Hackers target Facebook accounts: Beware email comes with a subject line - Facebook password reset confirmation customer support"

John the Ripper – Password cracking at its best

If you are into password cracking then you probably know about it,John the Ripper is one of the most popular password testing and breaking program available. JTR, as its fondly called ,combines multiple password cracking packages into one package,includes auto detection of hashes and is a fast password cracker. It is currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS and supports 15 different platforms . Its primary purpose is to detect weak Unix passwords ( no..I m kidding,Its primary purpose is to break passwords :P ).It can natively detect and crack various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. JTR has an active community and multiple third party patches have been added to increase its functionality to include MD4-based password hashes and passwords stored in LDAP, MySQL and others unsupported hashes. JTR is the penultimate when it comes to password cracking in windows (Cain and Abel is the ultimate :P), but for Linux and open source,its the best you can get your hands on.Fire it up with a wordlist and you are good to go
Here is a sample output of JTR in Debian environment (shamelessly taken from Wikipedia)

root@0[john-1.6.37]# cat wpass.txt
user:AZl.zWwxIh15Q
root@0[john-1.6.37]# john -w:password.lst wpass.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
example         (user)

guesses: 1  time: 0:00:00:00 100%  c/s: 752  trying: 12345 - pookie

You can download JTR from here

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.





POSTED BY XERO ALL RIGHTS RESERVED.

Technorati Tags: rdhacker,prohack,hacking tools,linux,microsoft,windows,jtr,password,password cracking,john the ripper

read more "John the Ripper – Password cracking at its best"

Google To Shut Down Chinese Division In April | Leaving China On April 10th

Google and China have been going back and forth for two months over the Chinese government (allegedly) hacking Google’s servers with the intent of attempting to acquire information on certain Chinese civil rights activists. In retaliation for the attacks, Google said they would cease censoring search results on Google.cn, or cease doing business in China. Now, according to a report from Bloomberg, they’ve packing up and leaving the world’s biggest market.

According to Bloomberg, Google is expected to officially announce its departure from China sometime today, citing information from a Google China employee. The leak comes from an alleged Google China ad sales agent, although Google wouldn’t confirm anything when Bloomberg called. Google’s great Chinese pull-out will allegedly happen on April 10th.

To recap, in January, Google made a posting on their official corp blog, alleging that they had been tracking China attempting to hack their servers to access Gmail accounts of Chinese civil rights activists, ones both in and out of China. At the time, Google say that while their servers were secure, the hackers did manage to get some information from their targets via social engineering. As for retaliation for the attacks, Google said they would cease censoring search engine results in the country (for example, results on Tiananmen Square, Tibet, etc.)

This may, or may not, have an effect on Android phones being sold in China. Google managed to delay the launch of some Android phones in China, and some have speculated that the “Android Experience” in China would be crippled if Google apps and services were blocked in China. Case in point, Motorola changed the default search engine from Google to Bing on all Android phones in China.

China is the world’s most populous country and definitely a powerful market for any country. Bloomberg talked to Peter Lui, Google’s former financial controller for Google China and he said “[Google has] burnt bridges and they’ve burnt the Google brand in China. There is no way Google can ever come back.” If he’s right, being banished from the world’s biggest country probably isn’t a good thing, even for the unstoppable Google.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Google To Shut Down Chinese Division In April | Leaving China On April 10th"

Hackers attacked 20 district websites operated by the Prime Minister's Office

The hackers who claimed to be Indians threatened Bangladesh with a cyber war if any Pakistani terrorist enters India through Bangladesh.

Home Secretary Abdus Sobhan Sikder said they have already restored the websites and cyber-crime experts in Rab and Special Branch of Police are working to detect the hackers.

"Earlier such incidents took place but the hackers were detected. Now we are also hopeful of tracing the hackers," he told The Daily Star last night.

After the sites were hacked they flashed some Hindi letters and "JAI HIND!".

The text on the hacked sites reads, "Secure border between INDIA and BANGLADESH If any terrorist send by Pakistan came via Bangladesh route then I will be danger to YOU Cyber War will be started this is demo We don't want more 26/11 in India. GOVERMENT LOOK AT IT ELSE CYBER WAR WILL START ....WE ROOTED AND ----- YOUR ISP ! " "EMIL INDIAN HACKER HackeD Your System [sic]."

"Mission is now complete. Who will be next," reads a message on one of the hacked sites. The message also reads, "If you need help contact me: [email protected]."

In instant reactions, Yeafesh Osman, state minister for science and ICT, told The Daily Star that the related body has started working to get the sites back up.

He said the hackers broke into the system--apparently to get "secret information".

Lt Col Ziaul Ahsan, director intelligence wing of the Rapid Action Battalion, said, "We have been informed of the matter and are working to track down the hackers."

The government recently launched websites for 64 districts in a move to achieve Digital Bangladesh by 2021. Access To Information (A2I) project of Prime Minister's Office maintains the websites.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Hackers attacked 20 district websites operated by the Prime Minister's Office"

Online Security Firm Warns Of Rogue Gambling Sites

Continuing to our post Another DDOS Attack against a gambling portal Casinomeister.com

With March Madness gambling right around the corner, many online gambling sites are expecting a surge in Internet gamblers. Unfortunately, many are uneducated to the potential dangers of choosing the wrong online gambling site, and an Internet security provider has recently issued a caution to those who might turn to Internet to place their wagers.

According to BitDefender, a provider of award winning anti-malware security solutions, has issued a statement surrounding rogue gambling sites, phishing attempts, and similar attempts at electronic crime. Most of this crime was designed to steal personal data.

E-mail spam is a chronic problem for most people, and phishing attempts are turning to online gambling offers in order to pull credit card numbers and personal information. A rule of thumb states that if you did not sign up for a newsletter or mailing list, ignore all offers from these online gambling sites, as they are likely a rogue business seeking to harvest personal data. Only the most trusted USA Online Gambling sites should be used.

Fake online gambling sites are becoming more popular over the past few months. According to the press release, February saw a surge of these fake gambling sites, which are attempting to hook players in in order to facilitate identity theft.

Part of the vulnerability USA online gamblers face is that of the lack of regulation of the market in the United States.

“Online gambling exists in a murky grey area and casual gamblers can easily become victim to different types of cybercrimes – of which money and identity thefts are the most common,” stated Catalin Cosoi, BitDefender Senior Researcher.

The need for the regulation of online gambling is at an all time high, as only through the protection of the industry can players truly be safe from thievery. Greed will always be a problem in the entertainment industry, and those who are simply seeking to place wagers will either have to stick only to those gambling sites that have earned trust or find another way to wager without the risk of a thief’s implications.

Written by: Glen on March 17, 2010.

SOURCE: http://www.usaplayers.com

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Online Security Firm Warns Of Rogue Gambling Sites"

New Cisco Ethernet switches to play broader video, security roles: CISCO also includes energy efficiency, location-awareness into Ethernet switches

Cisco Wednesday is unveiling new Ethernet access switches and enhanced routers designed to take on more of the jobs frequently handled by separate devices, such as those dedicated to handling video traffic or ensuring network security.

Cisco's latest offerings fit into its Borderless Networks strategy, a concept it introduced with its ISR branch routers last fall. Those routers, dubbed ISR G2 , are optimized for video and virtual services, Cisco said at the time.

Also read: Cisco says new monster CRS-3 router paves way for more powerful Internet

This week, Cisco extended video enablement among its Catalyst fixed configuration access Ethernet switches. Cisco also expanded the energy efficiency and security capabilities among some of its switches and routers.

"The days of the standalone appliance that sits alongside a network are over," says Zeus Kerravala, an analyst at the Yankee Group. "Much of this stuff should belong in a network device. The value proposition is that it's much easier to automate a lot of the process that goes into making those modifications" for video, power and security.

"The idea of Borderless Networks…gets away from the traditional idea that the network has to have a ‘hard' edge," says Steve Schuchart of Current Analysis.

Even so, both analysts say Cisco switching rival HP shouldn't be in any rush to try and match or exceed what Cisco's announced. The company will have its hands full closing the 3Com deal and digesting the company; after that, it can focus on what its customers demand in video, power and security support , they say.

As for Cisco customers, they may have a hard time comprehending and literally buying into the company's Borderless Networks scheme.

For full story click here

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "New Cisco Ethernet switches to play broader video, security roles: CISCO also includes energy efficiency, location-awareness into Ethernet switches"

Learn how to hack a PC or remote system using Trojan & Backdoor: Download LOST DOOR RAT all versions here for free

Lost Door is a backdoor trojan horse family of more than 10 variants which can infect Windows operating systems from 95 to XP. It was created by OussamiO and built using Visual Basic. It uses the typical server, server builder, and client backdoor program configuration to allow a remote user, who uses client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor). The server component (75,053 bytes) when running, connects to a predefined IP address on TCP port 2185, awaiting commands from the remote user who uses the client component can execute arbitrary code at will on the compromised machine.

Features

Lost Door allows many malicious actions on the victim's machine. Some of its abilities include:

• Reverse connection
• Webcam shot
• Date and time manager
• printer
• Control panel
• PC control
• Executor
• Dos command
• Windows manager
• Screen shot
• Remote server manager
• Server remover
• Ip Grabber
• Server Downloader
• Icon Changer
• Audio Streaming
• Encrypt Settings
• Volume Control
• Connection Logs
• Installed Application
• Infect All USB
• Multilanguage
• Services Viewer
• Remote passwords
• MSN Controller
• Remote Shell
• Chat with server
• Send fake messages
• files manager
• Find files
• Change remote screen resolution
• Information about remote computer
• Clipboard manager
• Internet Explorer options
• Running Process
• Online key-logger
• Offline keylogger
• Fun Menu

Infection Method

Lost Door has a server creator with features that allow it to be undetected by antivirus and firewall software, and also allow it to stealthily run in the background. The software only runs completely (including rootkit) in Windows XP/2000. Such features include disabling security software, removing and disabling system restore points, and displaying a fake error message to mislead the victim.

CLICK HERE TO DOWNLOAD ALL AVAILABLE VERSIONS FOR FREE

Few of our reader reported us that the above link is down. Please click here to download PRORAT TROJAN and its demonstration tutorial

This version is now detectable by ESET NOD32 Antivirus. For other AV's, I have not checked.

Server

Dropped Files:

c:\WINDOWS\system32\dlllhost.exe

Size: 129,808 bytes

Added to Registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Winupdate"

Data: C:\WINDOWS\system32\dlllhost.exe

REFERENCES

• http://www.checkpoint.com/defense/advisories/public/2009/cpai-30-Mar.html
• http://www.megasecurity.org/trojans/l/lostdoor/Lostdoor_all.html
• http://www.techmantras.com/content/lost-door-32-rat

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Learn how to hack a PC or remote system using Trojan & Backdoor: Download LOST DOOR RAT all versions here for free"

Another DDOS Attack against a gambling portal Casinomeister.com

Yesterday's story on a Distributed Denial of Service attack on the Internet gambling information portal Casinomeister.com has been followed by reports of a similar if less severe attack over the weekend on the Online Casino Reviewer website.

The two websites are idependent of one another and have different owners. In neither case were the attacks accompanied or followed by extortion attempts.

OCR webmaster Dave Sawyer reported that, like Casinomeister's Bryan Bailey, he was away over the weekend when he became aware that his site had gone down. Sawyer was able to interact quickly with his host company, which is not the same firm as that used by Casinomeister, confining the downtime to only five hours.

"The attack was similar to that used on Casinomeister, although not as widely distributed," Sawyer said. "I am working closely with our hosting company to ensure that OCR is adequately protected against any future attacks.

"The manner of the attacks was quite crude and unsophisticated. They basically iframe your site via a third party site and send a lot of traffic that way."

The second attack has triggered more speculation on the possible perpetrators by the many players who frequent both sites. The consensus appears to be that the originators of the attacks are likely to be among the several online casino operators that have come under scrutiny and exposure as questionable or 'rogue' operators.

Casinomeister remained down as we went to press Tuesday morning.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Another DDOS Attack against a gambling portal Casinomeister.com"

Iran takes down human rights websites – accuses them of espionage

The Tech Herald recently got the opportunity to speak with Ahmad-Batbi, a spokesman for HRA-Iran.org, and hear his side of the story surrounding the events reported below.

According to Ahmad-Batbi, the recent takedown of 29 Iranian human rights related websites and arrest of 30 suspects, as reported by the IRGC, was not due to hacking, but torture.

The Islamic Revolutionary Guards Corps (IRGC) announced that its cyber teams hacked 29 websites linked to US espionage. In addition, 30 people were arrested on charges of waging a US-backed cyber war. Translation: These sites help dissidents so we took them down.

The official IRNA news agency reports that a number of organized “US-backed war networks” were broken, and 30 people were arrested in connection to the takedown.

The IRNA cited a statement from the Tehran Public and Revolutionary Prosecutor Office, which ties the sites to a CIA operation launched in 2006, operating on a budget of $400 million USD, designed to “destabilize Iran” by working with “elements of anti-revolutionary [groups] like MKO (Mojahedin-e Khalq Organization), monarchists and others…”

The statement from the Tehran Public and Revolutionary Prosecutor Office outlined the war network plans, noting that it was designed to gain access to Iran’s information banks, as well as penetrate and sabotage Iran’s Internet sites, fight against filtering in the country, create security for Internet users, and create a secure telephone and data communication ground for making interviews with Radio Farda, Radio Zamaneh, Voice of America and other western media.

Sadly, aside from a statement, there is no proof of the claims.

The FARS news agency backs the IRNA report and links to a statement from Gerdab, an organization linked to the IRGC’s Center for Combating Organized Crimes, that claims the “hacked websites acted against Iran's national security under the cover of human rights activities.”

Out of the 29 websites listed in the statement from the IRGC, two of them are parked on GoDaddy, and one site, hra-news.org, was listed twice. The duplicate domain shows some interesting statistics, which only account for Sunday and Monday. Seven of the domains are 404, including hra-iran.org, which has 16 of the listed domains pointing to it.

Two other domains, lc-hra.com and hrairan.org, are working normally, and appear unaffected by the “the destruction of organized networks of espionage and cyber-war” as reported by the IRGC in a translated statement. [Source] Looking at the results, it would appear that - hacked or not - the IRGC did manage to take a handful of sites offline.

The question remains, were the domains espionage related, or were they in place to help those who are against current policies in Iran? Would Iran’s government even differentiate between human rights organizations and espionage?

Based on the published rhetoric, the US and “the other arrogant powers” are spreading anti-Iran propaganda, going so far as to call the plan the Iranophobia project. [Source A & B]

“The US is seeking to create an atmosphere of Iranophobia in the region through stationing networks of anti-missile batteries in the Persian Gulf littoral states to secure interests of the United States the Zionist regime of Israel,” said Mohammad Karim Abedi, a member of the Iranian parliament's National Security and Foreign Policy Commission.

So with those statements in mind, the actions taken by the IRGC seem like a political move and an attempt to silence protestors, more than an attack on foreign intelligence. After all, the sites show no links to the CIA or any other government agency. There is no evidence in the cached pages to show anything other than anti-censorship and human rights activism, and most of them link to a single domain.

Yet, to back all their recent claims to the world press, the Iranian government closes the sites and arrests the activists while calling them spies, essentially wrapping things up in a nice tidy package.

Also, there is no real proof that the sites were hacked. IX Webhosting, which until it was taken offline hosted hra-iran.org, would not respond to requests for comments on why the site was taken down. We were told by one IX employee that they could not discuss the domain at all.

The fact is, reading over the news postings from the last few days on FARS and IRNA, Iran sees little difference between those who support Internet freedoms or human rights, and those who are conducting intelligence operations. If you stand against their government policies, you’re a threat to the state.

http://www.thetechherald.com

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Iran takes down human rights websites – accuses them of espionage"

Dot-com (.com) marks 25th anniversary today on March 15

These days, when everyone seems to have a Facebook friend, is LinkedIn or can Google themselves, it's hard to remember the old days, before the dot-com revolution.

It was 25 years ago -- March 15, 1985 -- that the first dot-com domain name -- Symbolics.com -- appeared on the Internet, ushering in the commercial age of the World Wide Web.

Having a domain name made it simpler for the average person to access a Web site. Instead of having to remember a long series of numbers and dots, you could type in ATT.com, IBM.com or CNN.com.

Development was slow, at first. It took more than two years for the first 100 sites to go online and by 1995, the number had grown to 18,000.

But from those humble beginnings the Internet has grown to more than 80 million dot-com domain names, according to the Information Technology & Innovation Foundation (ITIF).

Crunching the numbers, 99.9 percent of all Internet growth has occurred over the past 15 years.

"The global diffusion of the commercial Internet has occurred with astounding speed," says the ITIF report "The Internet Economy 25 Years After .Com." "Every country on Earth, developed and developing alike, has adopted the Internet."

The impact on the U.S. economy of the Internet sector is estimated at $300 billion or about 2 percent of the total, according to a report issued by Hamilton Consultants and the Harvard Business school last year.

The expansion of the Internet hasn't been without its growing pains. The dot-com bubble burst in the early 2000s, taking billions of investor dollars with it, and fraud has been growing, tripling over the past five years, according to Internet Crime Complaint Center.

In 2005, losses attributable to Internet fraud were estimated at $183 million based on more than 230,000 complaints. By 2009, the number was nearly $560 million on 337,000 complaints.

"The figures contained in this report indicate that criminals are continuing to take full advantage of the anonymity afforded them by the Internet," said Donald Brackman of the National White Collar Crime Center. "They are also developing increasingly sophisticated means of defrauding unsuspecting consumers. Internet crime is evolving in ways we couldn't have imagined just five years ago."

The scams range from the ubiquitous e-mail scheme where someone needs help getting money out of countries such as Nigeria to nondelivery of online purchases.

But despite the downside, the ITIF sees a bright future for the Web.

Not only for conducting business, but for the sharing of information, provided online security is maintained and the Internet is expanded throughout the globe.

"So to the commercial Internet, congratulations on hitting your 25th birthday; you're just starting to enter the prime of your working years," the ITIF said.

SOURCE: www.cnn.com

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Dot-com (.com) marks 25th anniversary today on March 15"

How to bypass anti virus? Make Keylogger and Trojan Fully Undetectable (FUD) using Xenocode

This article has been posted by our fellow members Mr.Amey Anekar, Mr.Rahul and Mr Sachin.

Well making a trojan is very easy now-a-days by using tools such as lostdoor, poisonivy, etc. But the real challenge is to pass the trojan a system's antivirus. Here's a post on the same. Here we used a virtual application creator, Xenocode, which is famous for creating portable applications. It kinda encrypts our trojan and further if we bind our trojan with another exe, it is bound to be executed by the victim. I'll surely post on binding in my next post.

The encrypted trojan does not match with the virus definitions in the antivirus and hence is rendered undetected.

Also I would like to tell you that we are working on making our own video tutorials. We have already downloaded Camtasia Studio for that purpose.. So very soon we'll be posting video tutes narrated in by me. I'll surely mail you the link as soon as we upload any such tut.

The video tutorial for how to use this tool is available here

Make Trojan Fully Undetectable (FUD) using Xenocode

A few weeks before, we had posted on how you can make your trojan using LostDoor. But the problem with the so formed trojan is it being detected by almost all AV softwares. We know that after learning to make your own trojan, the next thing you must've exhausted your bandwidth searching for is: "How to make a Trojan undetectable?" Well here is the answer.

First of all you'll have to download Xenocode (Never heard of it? Google it. This may help you..http://www.xenocode.com/Technology/)

Xenocode is a set of application virtualization and portable application creation technologies developed by Code Systems Corporation. Applications are packed into single executable files that can be executed instantly on any Windows desktop (so called "portable apps"). The technology therefore emulates only the operation system features that are necessary for the application to run. Applications can be deployed using existing infrastructure, software deployment tools, the web or USB keys. The virtualized application runs independently from other software that is installed on the host PC so there are no conflicts between different versions or DLL files.

Well, reading the above introduction must've got you acquainted you with xenocode application. You might be wondering, how this application will help you in making your Trojan undetectable.

Xenocode creates a virtual operating system for processing the files you have virtualized and hence it completely overwrites your code. As you may know, AV softwares use virus signatures to identify viruses. There are ways in which you can make a trojan undetectable by modifying the Hex code, but it is very tedious. Using xenocode alleviates the pain to a negligible level. The only pain you will have is to grab a full version of the application. Keep in mind that trial version xenocode does not create virtual applications. When you will click on the build button, it will prompt you to purchase license. We hope you understand what we mean to say implicitly.

After you download xenocode, give your trojan as the input. Now click on the build button and then specify the location where the output file must be saved. The so formed file is your undetecable Trojan. You can try scanning it with your local AV. Or if you wanna see how far you've gone, upload the file on http://scanner.novirusthanks.org/. It will provide you results after scannig your file with 20 different AV. Our score for this test was 0 outa 20. No AV detected it and the file still works fine.

Full Version Xenocode download link :- http://bit.ly/djy2ol

Mirror download link

The video tutorial for how to use this tool is available here

If you face any problem while using this tool OR find any broken link on this blog, report it to us on [email protected]. You can also leave a comment here.

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "How to bypass anti virus? Make Keylogger and Trojan Fully Undetectable (FUD) using Xenocode"

Is The India Ready For A Cyberwar ?? All major sectors like government, military, infrastructure and international businesses contains huge RISK

The year is 2017 and two rival countries - India and China - are fighting a war. The conflict is not being fought with guns, tanks and aircraft but computers, bots, viruses and Trojans. The soldiers are not troops, but hackers.

The scenario was enacted by the Indian military last year in a cyber-warfare simulation called the "Divine Matrix". Officially, the likelihood of a Chinese cyber-strike has since been played down. This is a big mistake, experts say, given the poor state of India's cyber-security.

Cyber-attacks rise globally, India is emerging as an easy hunting ground. Worse, the vulnerability not only poses a threat to the government, military, and infrastructure, it also carries a huge risk for international businesses that have outsourced IT operations or bought software in India.

India could be used as a route to attack the IT systems of other countries, since it is linked to important networks like the United States' financial sector. "Cyber-criminals could take advantage of the vulnerability in the IT security systems here and cripple financial services there.

Greg Walton, one of the researchers at The Citizen Lab at the University of Toronto that created a sensation last year by discovering the existence of GhostNet, a global cyber-spy network that allegedly originated in China, said India was particularly vulnerable.

"If you look at the statistics of the institutions or the targets that were attacked by GhostNet when it attacked global systems, India was by far the hardest hit by that operation," he said. "India is a software superpower yet for some reason the country can't seem to get its cyber-security act together."

Legally, India is also seen as an easy target. "The Indian IT act and related local laws are oriented towards primarily addressing fraud and copyright violations; they are not security oriented," said Gurmeet Kanwal, founder-director of The Center for Land Warfare Studies, an autonomous think-tank on strategic studies and warfare.

The other major issue is cost. Indian is touted as a low-cost outsourcing destination and "security is always an expensive proposition. Often Indian service providers cannot adopt security measures that on a par with international standards."

This article has been posted by Indrajit Basu on http://www.atimes.com. Indrajit Basu is a correspondent for Asia Times Online based in Kolkata.

You may also like below posts:

U.S. would lose cyber war: Warning from former intelligence chief, John Michael McConnell

Cyberwar: The Next National Security Threat And What To Do About It

U.S. would lose cyber war: Warning from former intelligence chief, John Michael McConnell

British Not Prepared for Cyber Attack: A Serious Issue raised by Cyber Security Operations Center (CSOC)

Too lazy to say Thanks or comment here? Why not too lazy to read my post?? If you like this post and want us to post similar articles, Pls give us a feedback and leave a comment here.

read more "Is The India Ready For A Cyberwar ?? All major sectors like government, military, infrastructure and international businesses contains huge RISK"