IMPORTANT: All the information in this Blog is for research and academic purposes only! This information is not to be abused! I am not responsible for any damage that you may create using the information you got from this Blog!!
Thursday, September 16, 2010
Cookie Manipulation To View Unlimited Web-Cam
This summary is not available. Please
click here to view the post.
Finding a Model’s Physical Location at Online Adult Web-cam site
This summary is not available. Please
click here to view the post.
Friday, September 10, 2010
Learn to detect a Phishing Website
Here is the link: https://www.phish-no-phish.com/default.aspx
Sunday, September 5, 2010
Defend from Keyloggers – Various Methods Explaied.
Every Windows users are now feared of Keyloggers. I am describing some methods to defeat Keyloggers from logging every key stroke you type.
Method 1. KeyScrambler Personal
Official Homepage : http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm
KeyScrambler Personal Mozilla Firefox Addon encrypts your keystrokes at the kernel driver level to protect what you type from keyloggers.
Starting with version 2.0, KeyScrambler protects everything you type into Firefox, including:
* All login forms and dialogs, online shopping, webmail, forums, and more
* The Firefox master password dialog
* URL and search bar
* Other Firefox add-ons and toolbars like RoboForm, Chatzilla, and Sxipper.
If you afford to Buy KeyScrambler Premium you will be protected from every type of key logging like :
Browsers : Google Chrome, Opera, Safari, Maxthon, AOL Explorer, MSN Explorer, Avant, Seamonkey, K-meleon, Netscape, AOL 9, Yahoo Browser, AM Browser, SlimBrowser, Advanced Browser, SR Iron Browser, TheWorld Browser, Orca Browser, Comodo Dragon, Palemoon, and Lunascape
Email : Thunderbird, Outlook, Windows Mail, Outlook Express, Lotus Notes, Windows Live Mail, IncrediMail, Eudora, Pegasus, PocoMail, Barca, The Bat!, Sunbird, PIMOne, Postbox, and Gmail Notifier
IM/VoIP : Live(MSN) Messenger, Yahoo! Messenger, AIM, AIM Pro, Pidgin, Skype, Windows Live Messenger, GoogleTalk, ICQ, Trillian, BitWise, PalTalk, TeamSpeak, Digsby, MySpace IM, Psi, Gadu-gadu, Instantbird, Simp Pro, Simp Lite (All versions), YahElite, and RnQ
Password Managers : RoboForm, Password Safe, Handy Safe, KeePass, eWallet, DataViz Passwords Plus, TurboPasswords, Password Agent, Subsembly Wallet, TypeItIn, SignupShield, Spb Wallet, IDGuard Desktop, PasswordCoffer, Password Manager XP, Password Vault, and Password Corral
Zip Programs : WinZip, WinRAR, 7-Zip, TUGZip, IZArc, FilZip, SecureZip, SecureZip Express, and PKZip
Text Editors : NotePad, WordPad, Notepad++, TextPad, UltraEdit, EditPad Lite, EditPad Pro, NotePad2, and EmEditor
Online Games : World of Warcraft, Runescape, Steam, EVE-Online, Turbine Launcher (Lord of the Rings Online, Dungeons and Dragons Online); and Station Launcher (Star Wars Galaxy, EverQuest, EverQuest 2, Pirates of the Burning Sea, PlanetSide, Vanguard). Full Tilt Poker, PokerStars, PokerRoom, PartyPoker, UltimateBet Poker, Bodog Poker, Doyle's Room, Microgaming Network, 24h Poker, Carbon Poker, PlayersOnly Poker, Titan Poker, CD Poker, Hollywood Poker, VC Poker, Pacific Poker, Everest Poker, and ChiliPoker
Office : Word, Excel, PowerPoint, Access, Frontpage, OpenOffice, StarOffice, MS OneNote, MS Publisher, MS Groove, MS InfoPath, Lotus Symphony, WordPerfect, Quattro Pro, Presentations, Microsoft Works, Papyrus Autor, Papyrus Office, YeahWrite, DiaryOne, EverNote, KeyNote, and Ashampoo Office
Finance : Quicken, MS Money, GnuCash, and Ebay Desktop.
Tax : TurboTax, TaxCut, TaxAct 2008, and QuickTax 2008
Accounting : Quickbooks, and MS Office Accounting
Networking : PuTTY, SecureCRT, SecureFx, WinSCP, FileZilla, CuteFTP Lite, CuteFTP Home, CuteFTP Pro, Bitvise Tunnelier, and OpenVPN Client
Encryption : TrueCrypt, LockNote, Cryptainer LE, Cypherix LE, Cryptainer PE, Cypherix PE, Paragon Encrypted Disk, BestCrypt, AxCrypt, File Encryption XP, PGP Desktop, and GPG
File Managers : Directory Opus, Total Commander, FreeCommander, Xplorer2, Xyplorer, and Windows Explorer (Note: off by default; turn on in "Options -> Advanced")
Windows Logon : Windows Logon, Domain Logon, and Vista UAC prompts
Method 2. GuardedID
Official Homepage : http://www.guardedid.com/download.html
GuardedID® takes a proactive approach to stopping malicious keylogging programs by encrypting every keystroke at the point of typing the keys, and rerouting those encrypted keystrokes directly to your Internet Explorer browser through its own unique path. GuardedID® bypasses the typical places keyloggers normally reside, thereby helping to eliminate your vulnerability to keylogging attacks, which could compromise your personal information causing you financial losses.
Key Features:
* Protects against new and existing keyloggers
* Encrypts keystrokes between the keyboard and the browser
* Encrypted keystrokes sent via a separate path that is invisible to keyloggers
* Toolbar plug-in for Firefox(Windows), IE7, and IE6
* Small memory footprint
* Does not require any spyware database updates
* CryptoColor Technology shows you that you are protected
* Can automatically turn on when browser is launched
Method 3. BlueGem Total Privacy
Official Homepage : http://www.bluegemsecurity.com/download.html
The software provides an unlimited use keystroke encryption technology for your web browsers BlueGem Total Privacy creates an encrypted keystroke channel between the keyboard chip and the web browser, which creates a virtually impenetrable encrypted data channel right from the keyboard to the web browser. The unique advantages of BlueGem Total Privacy provide: (1) uses a 128 bit encryption algorithm to encrypt every keystroke, (2) NO REBOOT is required, (3) Once a keystroke is encrypted, it is routed through a virtualized data channel and is decrypted at the browser. (4) It provides protection deep in the kernel level against extremely stealthy malware. This technology is widely deployed by numerous global corporations and used as a key transaction security protection due to its powerful encryption technology and ease of use.
Key Features :
* Secure all Internet activities.
* Secure Internet Banking and Financial transactions.
* Secure cloud apps such as Gmail, Google apps.
* Encrypt every keysstroke you enter.
* Protect your web screens from hackers.
* Your antivirus software can no longer keep pace with today's fast-evolving threats.
Method 4. Neo’s SafeKeys v3 [ Virtual Keyboard ]
Official Homepage : http://www.aplin.com.au/neos-safekeys-2008/neos-safekeys-2008-download
Neo’s SafeKeys v3 protects you from keyloggers, clipboard loggers and screenloggers in the following ways:
* Drag and Drop passwords
* Protected Password Field
* Different password entry methods
* Password and Visible Text
* Improved protection against screen loggers
* Keep password after drag-drop
* Hide password in amongst random characters
* Password Mask
Method 5. SpyShelter
Official Homepage : http://www.spyshelter.com/description.html
SpyShelter can protect you against attacks that happen even when you do ordinary computer tasks like: typing into your computer, getting screenshots, opening files, and visiting sites. The SpyShelter monitors vulnerable and weak spots in your computer system to ensure that even the most advanced keyloggers are shut down even before these can launch a single dangerous attack against your computer.
Key Features :
* KeyLogger protection (kernel mode also)
* Clipboard Logger protection
* Webcam Logger protection
* Screen Logger protection
* System Defense
* Internet security
* Anti Sound logger (World first)
Method 6. MyPlanetSoft Anti-Keylogger
Official Homepage : http://myplanetsoft.com/free/antikeylog.php
The world's smallest fully functional anti keylogger. Deactivates all system-wide hook-based keyloggers. Absolutely free. Ideal for use in any public environment such as internet cafes. No installation required, just download, unzip and run. Serves also as anti clipboard logger. Only ~40KB. For Microsoft Windows.
Method 7. I Hate Keyloggers
Official Homepage : http://dewasoft.com/privacy/i-hate-keyloggers.htm
I Hate Keyloggers will prevent your typing from being recorded by malicious software such as key loggers, spyware, remote administration tools. The software will disable hook-based keyloggers so the keyloggers will not be able to capture your keystrokes. This way you can type sensitive information (passwords, email, credit card number, etc) with confidence. The log file of the key logger will be empty (your keystrokes are not recorded).
Method 8. PSMAntiKeyLogger
Official Homepage : http://psmantikeyloger.sourceforge.net/prod02.htm
PSMAntiKeyLogger is a real-time protecting tool which protects you against not only Keyloggers but also Screen/Form capturers.
While PSMAntiKeyLogger is running, if any program tries to install Keyboard Hook, monitors the keyboard state or gets password in the password field then the PSMAntiKeyLogger will warn the user and ask user whether to enable that program or not.
Method 9. Keylogging Defense System™
Official Homepage : http://www.legalclub.com/identity_theft_solutions-identity_theft.asp#1
Our program beats the keyloggers at their own game by encrypting every keystroke at the keyboard level and then reroutes those encrypted keystrokes directly to your browser. Our Keylogging Defense System bypasses the multiple communication areas that are normally vulnerable to keylogging attacks that could com-promise your vital information.
With our defense system, you can now email, access critical business applications, browse, shop and bank with confidence knowing that each and every keystroke is encrypted and not being transmitted to an awaiting Identity Thief. Our Keylogging Defense System basically renders any and all keyloggers useless.
Method 10. NextGen AntiKeylogger Ultimate
Official Homepage : http://www.maxsecuritylab.com/nextgen-anti-keylogger/nextgen-anti-keyloger-overview.php
NextGen AntiKeylogger, as seen from its name, is the next generation anti-keylogger program which protects your data from all types of keylogging programs both known, unknown or being developed right now.
NextGen AntiKeylogger uses unique method of protection. It intercepts keystrokes at the lowest possible level, encrypts them and sends via its own protected path directly into the protected application. Thus, by using its own encrypted keystrokes path, NextGen AntiKeylogger defeats all types of software keyloggers.
NextGen AntiKeylogger stands out against a background of anti-spy software because of its unique features:
* Constant and transparent "on-the-fly" protection.
* No anti-virus signature database;
* Protection against keystroke logging;
* Ease of use.
Once installed, NextGen AntiKeylogger will guard your privacy
immediately,
transparently,
constantly,
silently
After all above always use Windows Updates and Updated Antivirus Programs with these any of the methods.
Saturday, September 4, 2010
Cryptographic Algorithms used in Web Applications
Descriptions from wikipedia.
Md4 : MD4 (Message-Digest algorithm 4) is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits.
More on http://en.wikipedia.org/wiki/MD4
CRC : A cyclic redundancy check (CRC) or polynomial code checksum is a non-secure hash function designed to detect accidental changes to raw computer data, and is commonly used in digital networks and storage devices such as hard disk drives. A CRC-enabled device calculates a short, fixed-length binary sequence, known as the CRC code or just CRC, for each block of data and sends or stores them both together. When a block is read or received the device repeats the calculation; if the new CRC does not match the one calculated earlier, then the block contains a data error and the device may take corrective action such as rereading or requesting the block be sent again, otherwise the data is assumed to be error free (though, with some small probability, it may contain undetected errors; this is the fundamental nature of error-checking)
SHA-2 : In cryptography, SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512) designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 consists of set of four hash functions with different digest sizes, with 224, 256, 384 or 512 bits respectively.
Adler-32 : Adler-32 is a checksum algorithm which was invented by Mark Adler in 1995. [1] Compared to a cyclic redundancy check of the same length, it trades reliability for speed. Adler-32 is more reliable than Fletcher-16, and slightly less reliable than Fletcher-32.
Salsa20 : Salsa20 is a stream cipher submitted to eSTREAM by Daniel Bernstein. It is built on a pseudorandom function based on 32-bit addition, bitwise addition (XOR) and rotation operations, which maps a 256-bit key, a 64-bit nonce (number used once), and a 64-bit stream position to a 512-bit output (a version with a 128-bit key also exists). This gives Salsa20 the unusual advantage that the user can efficiently seek to any position in the output stream. It offers speeds of around 4–14 cycles per byte in software on modern x86 processors, and reasonable hardware performance. It is not patented, and Bernstein has written several public domain implementations optimized for common architectures.
RIPEMD : RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a 160-bit message digest algorithm (cryptographic hash function) developed in Leuven (Belgium
There also exist 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. The 128-bit version was intended only as a drop-in replacement for the original RIPEMD, which was also 128-bit, and which had been found to have questionable security. The 256 and 320-bit versions diminish only the chance of accidental collision, and don't have higher levels of security as compared to, respectively, RIPEMD-128 and RIPEMD-160.
Tiger : In cryptography, Tiger is a cryptographic hash function designed by Ross Anderson and Eli Biham in 1995 for efficiency on 64-bit platforms. The size of a Tiger hash value is 192 bits. Truncated versions (known as Tiger/128 and Tiger/160) can be used for compatibility with protocols assuming a particular hash size. Unlike the SHA-2 family, no distinguishing initialization values are defined; they are simply prefixes of the full Tiger/192 hash value.
HAVAL : HAVAL is a cryptographic hash function. Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths. HAVAL can produce hashes in lengths of 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash.
HAVAL was invented by Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry in 1992.
MD5 : In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. However, it has been shown that MD5 is not collision resistant; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. An MD5 hash is typically expressed as a 32-digit hexadecimal number.
More on http://en.wikipedia.org/wiki/MD5
GOST : The GOST block cipher, defined in the standard GOST 28147-89, is a Soviet and Russian government standard symmetric key block cipher. Also based on this block cipher is the GOST hash function.
Developed in the 1970s, the standard had been marked "Top Secret" and then downgraded to "Secret" in 1990. Shortly after the dissolution of the USSR United States
Whirlpool : In computer science and cryptography, Whirlpool (sometimes styled WHIRLPOOL) is a cryptographic hash function designed by Vincent Rijmen (co-creator of the Advanced Encryption Standard) and Paulo S. L. M. Barreto first described in 2000. The hash has been recommended by the NESSIE project. It has also been adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as part of the joint ISO/IEC 10118-3 international standard.
Snefru : Snefru is a cryptographic hash function invented by Ralph Merkle which supports 128-bit and 256-bit output. It was named after the Egyptian Pharaoh Sneferu, continuing the tradition of the Khufu and Khafre block ciphers.
Comparison of cryptographic hash functions:
Subscribe to:
Posts (Atom)