Sunday, January 27, 2013

APPSC and UPSC Books

Hi Folks,

I downloaded Indian History and Indian economics pdf from other websites .
Here I am providing you the links to download those books.


http://www.mediafire.com/view/?movnzlwwkpm3m5e
http://www.mediafire.com/view/?n07krifh1h1e5v7



Note : I don't think so it is comes under DMCA act, that's I was posted the direct download links.If you feel this is comes under DMCA ,please mail me.


thx,
ksk

Sunday, January 20, 2013

How To Use Google Chrome For Hacking?





Up till now, firefox was widely used by hackers and pentesters for their day to day job due to tremendous plugins that would make their work much easier for them. However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.

Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.

How To Use Google Chrome For Hacking - Extensions

XSS Rays

Xss rays would certainly be at the top of my list,  XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it's really handy in detecting XSS attacks. It's a perfect replacement to XSSME that is used in firefox for detecting XSS attacks.

Official Description

XSS Rays is a security tool to help pen test large web sites. It's core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don't have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.

Websecurify Scanner

Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to CSRF attacks. However it's really handy in detecting XSS attacks. It's fully awesome automated and very user friendly.

Usage

1. All you need to do is to install the websecurity scanner from the link above and visit the following page:

https://suite.websecurify.com/foundation

2. Just enter the URL and it will automatically start scanning.


HPP Finder

HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS, SQL injection. However the one that's available is very handy.
  




Official Description

HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP. 

XSS CHEF

XSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome, XSS chef will ease your exploitation process. I will write a complete tutorial on it.


Cookie Editor


Cookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performingsession hijacking attacks.



I hope you have liked my list of favorite google chrome extension for hacking, Depending upon the response, If i get more than 25 comments on this post, I will write up a part 2 of this post "How To Use Google Chrome For Hacking".

Feel free to ask, if you have any questions.

Saturday, January 19, 2013

New SSL/TLS attack for Hijacking HTTPS Sessions


CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS.

The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable.

Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devised by security researchers Juliano Rizzo and Thai Duong, is able to decrypt them.
Hijacking HTTPS Sessions

The CRIME attack code, known as an agent, needs to be loaded inside the victim's browser. This can be done either by tricking the victim into visiting a rogue website or, if the attacker has control over the victim's network, by injecting the attack code into an existing HTTP connection.CRIME doesn't require browser plug-ins to work; JavaScript was used to make it faster, but it could also be implemented without it, Rizzo said.

The attacker must also be able to sniff the victim's HTTPS traffic. This can be done on open wireless networks; on local area networks (LANs), by using techniques such as ARP spoofing; or by gaining control of the victim's home router through a vulnerability or default password. CRIME was tested successfully with Mozilla Firefox and Google Chrome.

4 Smartphone Security Risks To Be Aware Of



If you’re anything like me, you’re pretty attached to your smartphone. I use mine almost constantly, checking for emails while I’m out and about; I play games on it, research work, chat, interact with social networks and enjoy videos. I also use the camera extensively to photograph family and friends.
I’m sure I’m not alone in this wide use of my handheld multimedia computer and communication device. But do you have security software installed? Are you even aware of the risks to your smartphone?
There seems to be a sort of general malaise among users – the tech savvy and everyday users alike – that because your computer fits in your pocket, it can’t be infected by malware, Trojans, worms or other threats. This is, of course, ridiculous, and perhaps stems from the age-old misunderstanding of the nature of malware transmission.
The benefits afforded to us by smartphones are immense; the threats they can introduce into our lives if left unprotected are considerable.

Threats from SMS

Remarkable as it may seem, the old school SMS text messaging service is a popular choice for rogue programmers working for hacking gangs around the world. SMS spam is bad enough, but have you considered that it might be a form of Smishing?
This term is used to name phishing attempts sent via SMS, and is used to fool victims into giving up personal data, perhaps to a fake delivery company. Smishing can be achieved either wholly through a return message or by being prompted to call a number where the information is recorded.
Once recorded, this information can be used to create a fake bank account.
The answer, of course, is to delete any such messages, whatever they’re offering.

Wi-Fi and Bluetooth Security Risks

Free Wi-Fi hotspots always look attractive, but they can prove to be both rife with malware and provided by scammers looking to capture your personal data such as passwords, credit card data and other user-identifiable information. If you find free Wi-Fi in a public place that isn’t provided by a reputable business, avoid it. Similarly, if you are using your smartphone as a mobile hotspot, make sure you have set a secure password. You should change this each time you use the hotspot feature.
Another threat is War Texting, in which smartphone-connected car systems can be hacked by sniffing the authentication codes sent from phone to car. The best outcome of this is that you are tracked; the worst is that your car is stolen, without a key.
As such systems become more popular and widespread in cars, so many more people will become targets – as things stand, few cars can be activated in this way.
Any password that you use on your phone, whether it is for unlocking, accessing voicemail or setting up Bluetooth, should be changed from the device to something memorable. Failure to do this can lead to all sorts of problems.

Location-based Threats

Thanks to wireless networks, cellphone triangulation and GPS, it is possible to take advantage of many location-based tools for smartphones and tablets. These might be sat-nav tools or social ones, but there are many threats to be aware of too.
One of these is geotagging, a default option on many smartphone apps that you should disable if you wish your current location to remain a secret.
Social network check-in features can also be used to track you. When a criminal knows your whereabouts he or she might be planning to assault you or use your absence from your home or car to cause criminal damage or theft.

The Danger of Rogue Apps

There are rogue apps on any platform. On Android they can usually be spotted pretty quickly thanks to the reviews of others (although on iPhone and Windows Phone such apps are unlikely to be permitted to be listed) but it could be too late if you’ve already installed the app. This is why you should only install apps from trusted repositories.
This can be a particular problem for Android users, mainly because there are several online marketplaces from which software can be installed. It’s no surprise that the number of threats for Android has increased over the past few years. One example is Android.Spyware.GoneSixty.Gen – discovered in 2011, this malware if installed, sends important information from your phone to a remote server and uninstalls itself within a minute.
You’ll never know it was ever there – frightening stuff.
On the subject of apps, you should also be aware that shortened URLs in Twitter and email can be dangerous. This is as important on smartphones as on desktop computers, as the resulting links can be effortlessly tailored to serve malicious code depending on the device that is connecting.

So You Want to Stay Safe?

If you would rather your smartphone or tablet didn’t become a key to steal your car, a listening or tracking device or a means to send all of your personal data to a band of criminals specializing in ID theft, there are certain steps you should take.
  • Apply a lock-screen password. This is particularly important if you’re using a modern Android device where the drag-to-start feature looks amazing. What you should do is forget about how good it looks and how responsive it is, and employ a password.
  • Don’t Jailbreak your iPhone or root your Android. The advantages to users requiring particular types of app are excellent on a rooted device, but this process also gives access to intruders, either through apps or directly over the Internet. Many of the MakeUseOf team are fans of unlocking their phones, but this shouldn’t be done without considering the implications and taking the necessary steps for protection.
  • Avoid non-secure access points. If you’re out and about using a smartphone or tablet (or even a laptop) then you should be using either your own portable wireless access point (provided by your phone) or a secure, password protected point. Open networks can prove to be a hive of malware!
  • Avoiding untrusted apps. This is wise for several reasons, not least because the peer review on offer in online app stores is unparalleled. Google Play is a good example, and is so successful despite competing Android app stores partly because of this reason. As there is no real need to install untrusted or poorly regarded apps, avoid! Also look out for fake apps that appear to be genuine, as these can often be dangerous.
  • Employing backup tools and security software. There’s no reason anyone receiving emails and storing data on their handheld computers (as this is what smartphones essentially are!) should not have either a backup tool OR anti-malware software installed (preferably both).

Overall: Be Aware

There are plenty of threats that you should be aware of, ready to strike your phone over Wi-Fi, Bluetooth, SMS, from app stores or via location tracking.
Naturally, you can’t be aware of every specific threat, but with the help of the tips above you can be aware that threats exist, and that there are steps that you can take to minimize the risks.
Once you recognize this, you should act on it – and protect your smartphone, your data and your personal security.

Sunday, January 13, 2013

Run Windows Software on Linux


Tuesday, January 8, 2013

What is BitTorrent


BitTorrent is a Peer-to-Peer (P2P) file sharing protocol designed to reduce bandwith overhead and decentralize the distribution of files. BitTorrent is one of the most common protocols for transferring large files on the Internet today and the most frequently used P2P protocol. Estimates regarding how much Internet traffic is driven by BitTorrent activity at any given moment range from 40-70% of the total global Internet activity.
The core of the BitTorrent system is decentralized file distribution. Under a centralized model, users download data from a single location. If you’ve ever visited a company’s tech support page to download a single driver or other file then you’ve experienced this model–you formed a single temporary link to the company’s web site to transfer a single file directly from their server to your hard drive and then the connection was terminated. BitTorrent instead organizes individual into clouds of data where every member of the cloud is capable of sharing bits of the whole file with every other member.
How does this play out in the wild? Blizzard, the company behind the popular World of Warcraft franchise, uses BitTorrent to quickly distribute updates to World of Warcraft. Every individual World of Warcraft installation includes a barebones BitTorrent client. When a patch is released, Blizzard spreads the load of distributing the patch to millions of World of Warcraft players via BitTorrent so that each individual player is effectively sharing the patch with a large potential pool of other players. When you go to update your World of Warcraft installation you’re not forming a one-to-one connection with a Blizzard server, you are instead making dozens (and potentially hundreds) of connections with other players to download chunks of the patch. In this fashion Blizzard is able to distribute the patch quickly and with little strain on their servers. This same method of distribution is frequently employed by Linux development teams to help distribute new releases of Linux without overburdening individual servers.

Wednesday, January 2, 2013

Don’t Have a False Sense of Security: 5 Insecure Ways to Secure Your Wi-Fi


rusty-broken-lock

You’ve got WEP encryption enabled, your network’s SSID is hidden, and you’ve enabled MAC address filtering so no one else can connect. Your Wi-Fi network is secure, right? Not really.
Good Wi-Fi security is simple: Enable WPA (ideally WPA2) and set a strong password. Other common tricks for increasing a Wi-Fi network’s security can easily be bypassed. They may deter more casual users, but a strong WPA2 password will deter everyone.
Image Credit: Nick Carter on Flickr

WEP Encryption

There are several different types of wireless network encryption, including WEP, WPA, and WPA2. Routers being sold today still ship with option to use WEP encryption – this may be necessary if you have very old devices that can’t use WPA.
WEP can be cracked very easily. WEP prevents people from directly connecting to the network, so it’s superior to using an open Wi-Fi network. However, anyone that wants access to your network can easily crack the WEP encryption and determine your network’s password.
Instead of using WEP, ensure you’re using WPA2. If you have old devices that only work with WEP and not WPA – such as the original Xbox or Nintendo DS – they’re probably due for an upgrade.

Hidden SSID

Many routers allow you to hide your wireless network’s SSID. However, wireless network names were never designed to be hidden. If you hide your SSID and connect to it manually, your computer will constantly be broadcasting the network’s name and looking for it. Even when you’re on the other side of your country, your laptop will have no idea if your network is nearby and it will continue trying to find it. These broadcasts will allow people nearby to determine your network’s SSID.
Tools for monitoring the wireless traffic in the air can easily detect “hidden” SSID names. SSID names aren’t passwords; they just tell your computers and other devices when they’re in range of your wireless network. Rely on a strong encryption instead of a hidden SSID.
We’ve busted this myth in the past. For more, read: Debunking Myths: Is Hiding Your Wireless SSID Really More Secure?

MAC Address Filtering

Every network interface has a unique ID known as a “Media Access Control address,” or MAC address. Your laptop, smartphone, tablet, game console – everything that supports Wi-Fi has its own MAC address. Your router probably displays a list of the MAC addresses connected and allows you to restrict access to your network by MAC address. You could connect all your devices to the network, enable MAC address filtering, and only allow the connected MAC addresses access.
However, this solution isn’t a silver bullet. People within range of your network can sniff your Wi-Fi traffic and view the MAC addresses of the computers connecting. They can then easily change their computer’s MAC address to an allowed MAC address and connect to your network – assuming they know its password.
MAC address filtering can provide some security benefits by making it more of a hassle to connect, but you shouldn’t rely on this alone. It also increases the hassles you’ll experience if you have guests over who want to use your wireless network. Strong WPA2 encryption is still your best bet.

Static IP Addressing

Another questionable security tip making the rounds is using static IP addresses. By default, routers provide an integrated DHCP server. When you connect a computer or any other device to your wireless network, the device asks the router for an IP address and the router’s DHCP server gives them one.
You could also disable the router’s DHCP server. Any device connecting to your wireless network wouldn’t automatically receive an IP address. You’d have to enter an IP address by hand on each device to use the network.
There’s no point in doing this. If someone can connect to the wireless network, it’s trivial for them to set a static IP address on their computer. In addition to being extremely ineffective, this will make connecting devices to the network more of a hassle.

Weak Passwords

Weak passwords are always a problem when it comes to computer security. If you’re using WPA2 encryption for your Wi-Fi network, you may think you’re safe – but you may not be.
If you’re using a weak password for your WPA2 encryption, it can easily be cracked. Passwords like “password”, “letmein” or “abc123” are just as bad as using WEP encryption – if not worse.
Don’t use the minimum password length of 8 characters. Something between 15 to 20 characters should probably be good, but you can go all the way up to 63 characters if you like. You can also create a longer password by using a “passphrase,” or password phrase – a sequence of words, like a sentence.