Cookie Manipulation To View Unlimited Web-Cam

This summary is not available. Please click here to view the post.

Finding a Model’s Physical Location at Online Adult Web-cam site

This summary is not available. Please click here to view the post.

Learn to detect a Phishing Website

There is an Excellent website by VerySign Inc. I have found recently, which will teach you "How To Detect Phishing or Fake Website" through a Series of 10 quiz.
Here is the link: https://www.phish-no-phish.com/default.aspx

Defend from Keyloggers – Various Methods Explaied.

Every Windows users are now feared of Keyloggers. I am describing some methods to defeat Keyloggers from logging every key stroke you type.

Method 1.       KeyScrambler Personal

Official Homepage : http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

KeyScrambler Personal Mozilla Firefox Addon encrypts your keystrokes at the kernel driver level to protect what you type from keyloggers.

Starting with version 2.0, KeyScrambler protects everything you type into Firefox, including:

*          All login forms and dialogs, online shopping, webmail, forums, and more

*          The Firefox master password dialog

*          URL and search bar

*          Other Firefox add-ons and toolbars like RoboForm, Chatzilla, and Sxipper.

Link : https://addons.mozilla.org/en-US/firefox/addon/3383/

If you afford to Buy KeyScrambler     Premium you will be protected from every type of key logging like :

Browsers : Google Chrome, Opera, Safari, Maxthon, AOL Explorer, MSN Explorer, Avant, Seamonkey, K-meleon, Netscape, AOL 9, Yahoo Browser, AM Browser, SlimBrowser, Advanced Browser, SR Iron Browser, TheWorld Browser, Orca Browser, Comodo Dragon, Palemoon, and Lunascape

Email : Thunderbird, Outlook, Windows Mail, Outlook Express, Lotus Notes, Windows Live Mail, IncrediMail, Eudora, Pegasus,  PocoMail, Barca, The Bat!, Sunbird, PIMOne, Postbox, and Gmail Notifier

IM/VoIP : Live(MSN) Messenger, Yahoo! Messenger, AIM, AIM Pro, Pidgin, Skype, Windows Live Messenger, GoogleTalk, ICQ, Trillian, BitWise, PalTalk, TeamSpeak, Digsby, MySpace IM, Psi, Gadu-gadu, Instantbird, Simp Pro, Simp Lite (All versions), YahElite, and RnQ

Password Managers : RoboForm, Password Safe, Handy Safe, KeePass, eWallet, DataViz Passwords Plus, TurboPasswords, Password Agent, Subsembly Wallet, TypeItIn, SignupShield, Spb Wallet, IDGuard Desktop, PasswordCoffer, Password Manager XP, Password Vault, and Password Corral

Zip Programs : WinZip, WinRAR, 7-Zip, TUGZip, IZArc, FilZip, SecureZip, SecureZip Express, and PKZip

Text Editors : NotePad, WordPad, Notepad++, TextPad, UltraEdit, EditPad Lite, EditPad Pro, NotePad2, and EmEditor

Online Games : World of Warcraft, Runescape, Steam, EVE-Online, Turbine Launcher (Lord of the Rings Online, Dungeons and Dragons Online); and Station Launcher (Star Wars Galaxy, EverQuest, EverQuest 2, Pirates of the Burning Sea, PlanetSide, Vanguard). Full Tilt Poker, PokerStars, PokerRoom, PartyPoker, UltimateBet Poker, Bodog Poker, Doyle's Room, Microgaming Network, 24h Poker, Carbon Poker, PlayersOnly Poker, Titan Poker, CD Poker, Hollywood Poker, VC Poker, Pacific Poker, Everest Poker, and ChiliPoker

Office : Word, Excel, PowerPoint, Access, Frontpage, OpenOffice, StarOffice, MS OneNote, MS Publisher, MS Groove, MS InfoPath, Lotus Symphony, WordPerfect, Quattro Pro, Presentations, Microsoft Works, Papyrus Autor, Papyrus Office, YeahWrite, DiaryOne, EverNote, KeyNote, and Ashampoo Office

Finance : Quicken, MS Money, GnuCash, and Ebay Desktop.

Tax : TurboTax, TaxCut, TaxAct 2008, and QuickTax 2008

Accounting : Quickbooks, and MS Office Accounting

Networking : PuTTY, SecureCRT, SecureFx, WinSCP, FileZilla, CuteFTP Lite, CuteFTP Home, CuteFTP Pro, Bitvise Tunnelier, and OpenVPN Client

Encryption : TrueCrypt, LockNote, Cryptainer LE, Cypherix LE, Cryptainer PE, Cypherix PE, Paragon Encrypted Disk, BestCrypt, AxCrypt, File Encryption XP, PGP Desktop, and GPG

File Managers : Directory Opus, Total Commander, FreeCommander, Xplorer2, Xyplorer, and Windows Explorer (Note: off by default; turn on in "Options -> Advanced")

Windows Logon : Windows Logon, Domain Logon, and Vista UAC prompts

Method 2.        GuardedID

Official Homepage : http://www.guardedid.com/download.html

GuardedID® takes a proactive approach to stopping malicious keylogging programs by encrypting every keystroke at the point of typing the keys, and rerouting those encrypted keystrokes directly to your Internet Explorer browser through its own unique path. GuardedID® bypasses the typical places keyloggers normally reside, thereby helping to eliminate your vulnerability to keylogging attacks, which could compromise your personal information causing you financial losses.       

Key Features:

*          Protects against new and existing keyloggers

*          Encrypts keystrokes between the keyboard and the browser

*          Encrypted keystrokes sent via a separate path that is invisible to keyloggers

*          Toolbar plug-in for Firefox(Windows), IE7, and IE6

*          Small memory footprint

*          Does not require any spyware database updates

*          CryptoColor Technology shows you that you are protected

*          Can automatically turn on when browser is launched

Method 3.        BlueGem Total Privacy

Official Homepage : http://www.bluegemsecurity.com/download.html

 The software provides an unlimited use keystroke encryption technology for your web browsers BlueGem Total Privacy creates an encrypted keystroke channel between the keyboard chip and the web browser, which creates a virtually impenetrable encrypted data channel right from the keyboard to the web browser. The unique advantages of BlueGem Total Privacy provide: (1) uses a 128 bit encryption algorithm to encrypt every keystroke, (2) NO REBOOT is required, (3) Once a keystroke is encrypted, it is routed through a virtualized data channel and is decrypted at the browser. (4) It provides protection deep in the kernel level against extremely stealthy malware. This technology is widely deployed by numerous global corporations and used as a key transaction security protection due to its powerful encryption technology and ease of use.

           

Key Features :

*          Secure all Internet activities.

*          Secure Internet Banking and Financial transactions.

*          Secure cloud apps such as Gmail, Google apps.

*          Encrypt every keysstroke you enter.

*          Protect your web screens from hackers.

*          Your antivirus software can no longer keep pace with today's fast-evolving threats.

Method 4.        Neo’s SafeKeys v3 [ Virtual Keyboard ]

Official Homepage : http://www.aplin.com.au/neos-safekeys-2008/neos-safekeys-2008-download

Neo’s SafeKeys v3 protects you from keyloggers, clipboard loggers and screenloggers in the following ways:

*          Drag and Drop passwords

*          Protected Password Field

*          Different password entry methods

*          Password and Visible Text

*          Improved protection against screen loggers

*          Keep password after drag-drop

*          Hide password in amongst random characters

*          Password Mask

Method 5.        SpyShelter

Official Homepage : http://www.spyshelter.com/description.html

SpyShelter can protect you against attacks that happen even when you do ordinary computer tasks like: typing into your computer, getting screenshots, opening files, and visiting sites. The SpyShelter monitors vulnerable and weak spots in your computer system to ensure that even the most advanced keyloggers are shut down even before these can launch a single dangerous attack against your computer.

Key Features :

*          KeyLogger protection (kernel mode also)

*          Clipboard Logger protection

*          Webcam Logger protection

*          Screen Logger protection

*          System Defense

*          Internet security

*          Anti Sound logger (World first)

Method 6.        MyPlanetSoft Anti-Keylogger

Official Homepage : http://myplanetsoft.com/free/antikeylog.php

The world's smallest fully functional anti keylogger. Deactivates all system-wide hook-based keyloggers. Absolutely free. Ideal for use in any public environment such as internet cafes. No installation required, just download, unzip and run. Serves also as anti clipboard logger. Only ~40KB. For Microsoft Windows.

Method 7.        I Hate Keyloggers

Official Homepage : http://dewasoft.com/privacy/i-hate-keyloggers.htm

I Hate Keyloggers will prevent your typing from being recorded by malicious software such as key loggers, spyware, remote administration tools. The software will disable hook-based keyloggers so the keyloggers will not be able to capture your keystrokes. This way you can type sensitive information (passwords, email, credit card number, etc) with confidence. The log file of the key logger will be empty (your keystrokes are not recorded).

Method 8.        PSMAntiKeyLogger

Official Homepage : http://psmantikeyloger.sourceforge.net/prod02.htm

PSMAntiKeyLogger is a real-time protecting tool which protects you against not only Keyloggers but also Screen/Form capturers.

While PSMAntiKeyLogger is running, if any program tries to install Keyboard Hook, monitors the keyboard state or gets password in the password field then the PSMAntiKeyLogger will warn the user and ask user whether to enable that program or not.

Method 9.        Keylogging Defense System™

Official Homepage : http://www.legalclub.com/identity_theft_solutions-identity_theft.asp#1

Our program beats the keyloggers at their own game by encrypting every keystroke at the keyboard level and then reroutes those encrypted keystrokes directly to your browser. Our Keylogging Defense System bypasses the multiple communication areas that are normally vulnerable to keylogging attacks that could com-promise your vital information.

With our defense system, you can now email, access critical business applications, browse, shop and bank with confidence knowing that each and every keystroke is encrypted and not being transmitted to an awaiting Identity Thief. Our Keylogging Defense System basically renders any and all keyloggers useless.

Method 10.      NextGen AntiKeylogger Ultimate

Official Homepage : http://www.maxsecuritylab.com/nextgen-anti-keylogger/nextgen-anti-keyloger-overview.php

NextGen AntiKeylogger, as seen from its name, is the next generation anti-keylogger program which protects your data from all types of keylogging programs both known, unknown or being developed right now.

NextGen AntiKeylogger uses unique method of protection. It intercepts keystrokes at the lowest possible level, encrypts them and sends via its own protected path directly into the protected application. Thus, by using its own encrypted keystrokes path, NextGen AntiKeylogger defeats all types of software keyloggers.

NextGen AntiKeylogger stands out against a background of anti-spy software because of its unique features:

*          Constant and transparent "on-the-fly" protection.

*          No anti-virus signature database;

*          Protection against keystroke logging;

*          Ease of use.

Once installed, NextGen AntiKeylogger will guard your privacy

immediately,

transparently,

constantly,

silently

After all above always use Windows Updates and Updated Antivirus Programs with these any of the methods.

Cryptographic Algorithms used in Web Applications

Descriptions from wikipedia.

Md4 : MD4 (Message-Digest algorithm 4) is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits.

More on http://en.wikipedia.org/wiki/MD4

CRC : A cyclic redundancy check (CRC) or polynomial code checksum is a non-secure hash function designed to detect accidental changes to raw computer data, and is commonly used in digital networks and storage devices such as hard disk drives. A CRC-enabled device calculates a short, fixed-length binary sequence, known as the CRC code or just CRC, for each block of data and sends or stores them both together. When a block is read or received the device repeats the calculation; if the new CRC does not match the one calculated earlier, then the block contains a data error and the device may take corrective action such as rereading or requesting the block be sent again, otherwise the data is assumed to be error free (though, with some small probability, it may contain undetected errors; this is the fundamental nature of error-checking)

More on http://en.wikipedia.org/wiki/Crc32

SHA-2 : In cryptography, SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 consists of set of four hash functions with different digest sizes, with 224, 256, 384 or 512 bits respectively.

More on http://en.wikipedia.org/wiki/Sha256

Adler-32 : Adler-32 is a checksum algorithm which was invented by Mark Adler in 1995. [1] Compared to a cyclic redundancy check of the same length, it trades reliability for speed. Adler-32 is more reliable than Fletcher-16, and slightly less reliable than Fletcher-32.

More on http://en.wikipedia.org/wiki/Adler32

Salsa20 : Salsa20 is a stream cipher submitted to eSTREAM by Daniel Bernstein. It is built on a pseudorandom function based on 32-bit addition, bitwise addition (XOR) and rotation operations, which maps a 256-bit key, a 64-bit nonce (number used once), and a 64-bit stream position to a 512-bit output (a version with a 128-bit key also exists). This gives Salsa20 the unusual advantage that the user can efficiently seek to any position in the output stream. It offers speeds of around 4–14 cycles per byte in software on modern x86 processors, and reasonable hardware performance. It is not patented, and Bernstein has written several public domain implementations optimized for common architectures.

More on http://en.wikipedia.org/wiki/Salsa20

RIPEMD : RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm (cryptographic hash function) developed in Leuven (Belgium) by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996. It is an improved version of RIPEMD, which in turn was based upon the design principles used in MD4, and is similar in performance to the more popular SHA-1.

There also exist 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. The 128-bit version was intended only as a drop-in replacement for the original RIPEMD, which was also 128-bit, and which had been found to have questionable security. The 256 and 320-bit versions diminish only the chance of accidental collision, and don't have higher levels of security as compared to, respectively, RIPEMD-128 and RIPEMD-160.

More on http://en.wikipedia.org/wiki/RIPEMD

Tiger : In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. The size of a Tiger hash value is 192 bits. Truncated versions (known as Tiger/128 and Tiger/160) can be used for compatibility with protocols assuming a particular hash size. Unlike the SHA-2 family, no distinguishing initialization values are defined; they are simply prefixes of the full Tiger/192 hash value.

More on http://en.wikipedia.org/wiki/Tiger_(cryptography)

HAVAL : HAVAL is a cryptographic hash function. Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths. HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash.

HAVAL was invented by Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry in 1992.

More on http://en.wikipedia.org/wiki/HAVAL

MD5 : In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32-digit hexadecimal number.

More on http://en.wikipedia.org/wiki/MD5

GOST : The GOST block cipher, defined in the standard GOST 28147-89, is a Soviet and Russian government standard symmetric key block cipher. Also based on this block cipher is the GOST hash function.

Developed in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. Shortly after the dissolution of the USSR, it was declassified and it was released to the public in 1994. GOST 28147 was a Soviet alternative to the United States standard algorithm, DES. Thus, the two are very similar in structure.

More on http://en.wikipedia.org/wiki/GOST_28147-89

Whirlpool : In computer science and cryptography, Whirlpool (sometimes styled WHIRLPOOL) is a cryptographic hash function designed by Vincent Rijmen (co-creator of the Advanced Encryption Standard) and Paulo S. L. M. Barreto first described in 2000. The hash has been recommended by the NESSIE project. It has also been adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as part of the joint ISO/IEC 10118-3 international standard.

More on http://en.wikipedia.org/wiki/Whirlpool_(cryptography)

Snefru : Snefru is a cryptographic hash function invented by Ralph Merkle which supports 128-bit and 256-bit output. It was named after the Egyptian Pharaoh Sneferu, continuing the tradition of the Khufu and Khafre block ciphers.

More on http://en.wikipedia.org/wiki/Snefru

Comparison of cryptographic hash functions:

http://en.wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions

http://www.e-x-e.dk/2010/07/03/choosing-hash-method-in-php/

DDoS/botnet mitigation & hosting online communities

This presentation was given by Rodent at 26th CHAOS Congress on Botnet.

Zero-Day Vulnerability Allows USB Malware To Run Automatically

Posted by Graham Cluley, Jul 16, 2010 10:36 AM   AS on Darkreading. 

A newly discovered piece of malware has created a buzz in the security industry.

The Stuxnet rootkit can infect a Windows PC from a USB drive automatically, even if Windows Autoplay and Autorun are disabled.

That shouldn't, of course, be possible, but it appears that the malware is exploiting a previously unknown vulnerability in the way that Windows handles .LNK shortcut files, allowing the malignant code to execute automatically if the USB stick is accessed by Windows Explorer. Once the rootkit is in place, it effectively enters "stealth-mode," cloaking its presence on the infected PC.

.htaccess Generator Online

.htaccess

 In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator. The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc. Read More 

There is an online .htaccess file generator which I have found recently. Visit : http://www.htaccessredirect.net/index.php

What CMS is Running Behind?

Chris Sullo the inventor of popular website vulnerability scanning tool "Nikto" made another tool "CMS Explorer" to analyse what CMS is in the backbone of a Website.
Visit : http://security.sunera.com/2010/03/cms-explorer-or-whats-that-cms-running.html

Already there is another Mozzila FireFox Add-on Called "Wappalyzer" which can do the same. Check it out at http://wappalyzer.com/

Credit Card, National IDs, Address, Tele Phone No, Fake Identity Generator and Validator

Credit Card/ACH Generation & Validation

Graham King's Credit Card Generator
This package is extremely well written and can provide a wide variety of credit card types, including MasterCard, Visa, American Express, and Discover.

Author's website
Online version
Download: JavaScript, Java, PHP, and Python

FNG's Credit Card Validator
Our very own home grown credit card validator. Feel free to send us comments and suggestions.

Online version
Download: PHP

ABA Number Lookup
Use this free site to validate ABA/ACH/routing numbers. Search by bank or aba number. A free API is also provided — many sites charge $0.25 per search for this service.
Online version

National ID Number Generation & Validation

FNG's CA Social Insurance Number (SIN) Generator & Validator
Our very own home grown Canadian social insurance number generator and validator. Feel free to send us comments and suggestions.

Online version
Download: PHP

FNG's UK National Insurance Number (NINO) Generator & Validator
Our very own home grown UK national insurance number generator and validator. Feel free to send us comments and suggestions.

Online version
Download: PHP, JavaScript

FNG's US Social Security Number (SSN) Generator & Validator
Our very own home grown social security number generator and validator. Feel free to send us comments and suggestions.

Online version
Download: PHP

Address & Telephone Number Validation

Braemoor's UK Telephone Number Validator
Verifies a telephone number against the Ofcom specification.

Author's website
Online version
Download: JavaScript, VBScript, and PHP

Braemoor's UK Postal Code Validator
Verifies a postal code against the official specification.

Author's website
Online version
Download: JavaScript, VBScript, and PHP 

Identity Generator
Instantly generate a large list of random identities using this free name generator.

Online version

Another

ABA Number Lookup
Lookup ABA/ACH routing numbers to find out what bank they belong to, and to determine if they are valid. Additionally, a free API is available.

Online version

PIC/CIC Code Database
PIC/CIC codes allow you to have your long distance calls handled by the carrier of your choice. Look up all the PIC and CIC codes at the Allred Tech CIC database site.

Online version

Group Policy Settings Reference for Windows OS

These spreadsheets list the policy settings for computer and user configurations included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy objects (GPOs).

Detect Mobile Phone Browser

As its website name suggests this website uses a open source script written by Chad Smith detects mobile phone or PDA browsers.

If anybody browses this website using any mobile phone or handheld device, this website detects its user-agent and some information about the device.

There is also scripts are freely available to download and use on Apache, ASP, ASP.NET, ColdFusion, C#, JSP, JavaScript,PHP, Python and Rails platform.

Visit : http://detectmobilebrowser.com