Tuesday, May 31, 2011
WebSites Hacked by A Girl Hacker : TriNitY
URL
http://www.upes.edu.vn/trinity.htm
http://www.xzdm.gov.cn/trinity.htm
http://demo-l.jahoma.de/administrator/images/index.html
http://www.mlu-a.co.at/
http://mirror.sec-t.net/defacements/?id=28312
http://mirror.sec-t.net/defacements/?id=27353
SQL:
Target: http://www.mlu-a.co.at/index.php?gr_id=66'
DB Detection: MySQL error based
Complete Data :-
http://pastebin.com/tzKdRwYc
Nationalplacement.org & 7 more websites Hacked by NoTty_rAJ
Nationalplacement.org and 7 more websites Hacked by NoTty_rAJ & Minhal
Hacked website List -
http://nationalplacement.org/index.html
http://www.m5lcm.com/
http://co-occurring-directory.com/
http://co-occurring-intervention.com/
http://co-occurring-rehab.com/
http://cooccurringtreatment.com/
http://cooccurringtreatment.org/
http://dual-diagnosis-disorder.org/
http://dual-diagnosis-intervention.com/index.html
Monday, May 30, 2011
Livefreeamerica.org Hacked By Minhal Mehdi & NoTty_rAJ
Livefreeamerica.org Hacked By Minhal Mehdi & NoTty_rAJ
Hacked website - http://www.livefreeamerica.org/
Mirror- http://turk-h.org/defacement/view/383908/livefreeamerica.org/
Hacked website - http://www.livefreeamerica.org/
Mirror- http://turk-h.org/defacement/view/383908/livefreeamerica.org/
SQli Vulnerability Found On 10k Websites by Minhal & NoTty_rAJ
SQli Vulnerability Found On 10k Websites by Minhal Mehdi & NoTty_rAJ
You Can download list from here - http://www.megaupload.com/?d=58FVY23U
You Can download list from here - http://www.megaupload.com/?d=58FVY23U
Arraya Solutions Hacked by NoTty_rAJ & Minhal
Arrayasolutions is a site wich helps Other companies about the latest technology, It is IT based Agency . It Was Defaced by NoTty_rAJ & minhal , no data of that site is harmed only the page is uploded that comany will fix the site security.
hacked link -
http://www.arrayasolutions.com/jaihind.html
http://68.178.173.157/jaihind.html
It is too partnes with many World Known ComPAnies like IBM,Microsoft,VmWare,HP,DELL,Net APP,Symentec,Cisco n many more
check it : http://68.178.173.157/Partnerships.aspx
hacked link -
http://www.arrayasolutions.com/jaihind.html
http://68.178.173.157/jaihind.html
It is too partnes with many World Known ComPAnies like IBM,Microsoft,VmWare,HP,DELL,Net APP,Symentec,Cisco n many more
check it : http://68.178.173.157/Partnerships.aspx
Sonachaandi.us Hacked By Minhal Mehdi
Sonachaandi.us Hacked By Minhal Mehdi
Hacked website - http://www.sonachaandi.us/
Mirror - http://turk-h.org/defacement/view/383894/sonachaandi.us/
Hacked website - http://www.sonachaandi.us/
Mirror - http://turk-h.org/defacement/view/383894/sonachaandi.us/
Deface Mirror's Website Save-h.org Hacked !!
Deface Mirror's Website Save-h.org Hacked !!
Hacked website - http://save-h.org/
Mirror - http://turk-h.org/defacement/view/383887/save-h.org/
Hacked website - http://save-h.org/
Mirror - http://turk-h.org/defacement/view/383887/save-h.org/
XSS Vulnerablity Found In hackersafe.de By Minhal Mehdi
XSS Vulnerablity Found In hackersafe.de By Minhal Mehdi
Vulnerable Link -http://pastebin.com/M1Bvq9vT
Vulnerable Link -http://pastebin.com/M1Bvq9vT
American Construction Company "American Rustic Builders" Hacked by Minhal
American Construction Compney American Rustic Builders's Official website Hacked by Minhal
Hacked website - http://americanrusticbuilders.com/
Mirror- http://turk-h.org/defacement/view/383583/americanrusticbuilders.co..
Hacked website - http://americanrusticbuilders.com/
Mirror- http://turk-h.org/defacement/view/383583/americanrusticbuilders.co..
Nigerian House of Representative Website Hacked
Nigerian House of Representative Website Hacked By NaijaCyberHactivists
Url - http://www.nassnig.org/nass2/portfolio/index.php?id=hon.uzorkalu
Url - http://www.nassnig.org/nass2/portfolio/index.php?id=hon.uzorkalu
Sunday, May 29, 2011
China's Most Popular TV channel KAKU's Official site hacked by Minhal
China's Most Populat TV channel KAKU's Official website hacked by Minhal Mehdi
Deface Link - http://www.kaku.tv/jaihind.html
Mirror- http://turk-h.org/defacement/view/383885/kaku.tv/
Deface Link - http://www.kaku.tv/jaihind.html
Mirror- http://turk-h.org/defacement/view/383885/kaku.tv/
Nigerian National Assembly Site hacked NaijaCyberHactivists
Nigerian National Assembly Site hacked NaijaCyberHactivists
URL :- http://www.nassnig.org/nass2/portfolio/index.php?id=hon.uzorkalu
Hacked by :- NaijaCyberHactivists
abasystems.gr Hacked By Prnix
abasystem.gr Hacked by Prnix
URL:- http://www.abasystems.gr/prinx.html
Mirror :- http://mirror.sec-t.net/defacements/?id=30189
URL:- http://www.abasystems.gr/prinx.html
Mirror :- http://mirror.sec-t.net/defacements/?id=30189
Hacked By Prnix
XSS on Java.com Found by NoTty_rAJ
XSS Vulnerablity Found in Java.com by NoTty_rAJ
Vulnerablity Link - http://www.java.com/en/download/help/error_26011.xml?ref=%22%3E%3Cscript%3Ealert%28%27Xssed%20by%20NoTty_rAJ%27%29%3C/script%3E
Vulnerablity Link - http://www.java.com/en/download/help/error_26011.xml?ref=%22%3E%3Cscript%3Ealert%28%27Xssed%20by%20NoTty_rAJ%27%29%3C/script%3E
XSS Vulnerablity Found in imageshack.us by NoTty_rAJ
,XSS Vulnerablity Found in imageshack.us by NoTty_rAJ
Vulnerable Link - http://imageshack.us/rater.php?loc=%27%22%3Cscript%3Ealert%28111%29%3C/script%3E
Vulnerable Link - http://imageshack.us/rater.php?loc=%27%22%3Cscript%3Ealert%28111%29%3C/script%3E
[ i ] Exclusive TODAY EUROPE IS GOING TO SUPPORT SPAIN!!! (PROTEST)
TODAY EUROPE IS GOING TO SUPPORT SPAIN!!! (PROTEST)
Please share this link Or Share this video and Help Spainish Revolutionists
Thanks to Ononny Muss
Please share this link Or Share this video and Help Spainish Revolutionists
Saturday, May 28, 2011
XSS vulnerability Found in Brothersoft.com By Minhal Mehdi
XSS vulnerability Found in Brothersoft.com By Minhal Mehdi
Vulnerable website - http://search.brothersoft.com/
Vulnerable Link - http://search.brothersoft.com/script-alert-xss-script/?stype=windows%22%3E%3Cscript%3Ealert%28%27XSSED-BY-MINHAL%27%29%3C/script%3E
Founded By Minhal
Vulnerable website - http://search.brothersoft.com/
Vulnerable Link - http://search.brothersoft.com/script-alert-xss-script/?stype=windows%22%3E%3Cscript%3Ealert%28%27XSSED-BY-MINHAL%27%29%3C/script%3E
Founded By Minhal
'PAKBUGS' hacked by "GOD"
Seems like PAKBUGS got a taste of their own medicine.Hacker who identifies himself by "GOD" hacked into their website & published database for download.Aha! thats interesting
Message by GOD:
"Pakbugs.com is a trash website Hacked by GOD. If you are a LAMMER like ZombiE_KsA, or if you have a LAMMER community, be patient, you will be hacked soon ;)
Only ethical hacking communities will remain intact, the rest, will be Hacked by GOD !!!"
Mirror : Use proxy like hidemyass if you are in india !!
Mirror Link:http://www.zone-h.com/mirror/id/13235495
Website: www.pakbugs.com
Certified Ethical Hacker Version 7 (CEHv7) has arrived !!
Certified Ethical Hacker Version 7 (CEHv7) has arrived !!
Read Modules Details :
https://eccouncil.org/Portals/0/CEHv7/Course%20Outline.pdf
Revolutionary Product
EC-Council releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and security researchers. CEH v7 is a revolutionary training program that combines class metrics, advance lab environment, cutting edge hacking techniques and excellent presentation materials. EC-Council has spent years in developing this version. Don't miss it click down the link to register for a preview class.
Internet threats
Websites, Computer systems and Networks of government bodies and organizations worldwide are under constant threat of hacking and intrusion. The attacks pose threat to security, integrity and confidentiality of information available on the databases stored on the affected systems. Hacking Attacks have evolved over the years and are growing in sophistication and precision. Easily available attack toolkits enable even a novice to initiate attacks and exploit vulnerabilities. Attacks allow hackers to gain unauthorized access and control of computers from a remote location within a few minutes. The success of Zeus Botnets in stealing authentication credentials demonstrates the complex modus-operandi used to deceive users.
CEH v7 is the only training program you will need to attend to battle cyber crimes on the internet.Don't miss this opportunity and register for this class.
Internet threats
Websites, Computer systems and Networks of government bodies and organizations worldwide are under constant threat of hacking and intrusion. The attacks pose threat to security, integrity and confidentiality of information available on the databases stored on the affected systems. Hacking Attacks have evolved over the years and are growing in sophistication and precision. Easily available attack toolkits enable even a novice to initiate attacks and exploit vulnerabilities. Attacks allow hackers to gain unauthorized access and control of computers from a remote location within a few minutes. The success of Zeus Botnets in stealing authentication credentials demonstrates the complex modus-operandi used to deceive users.
CEH v7 is the only training program you will need to attend to battle cyber crimes on the internet.Don't miss this opportunity and register for this class.
Read Modules Details :
https://eccouncil.org/Portals/0/CEHv7/Course%20Outline.pdf
Google Chrome 11 Anti-XSS ByPass Vulnerability
During the creation of a hacking challenge about XSS we had to figure out how to bypass the new AntiXSS filter in
Google Chrome. It was included in the latest release and we were in the middle of a hacking challenge about XSS and
Sesion Fixation. We were thinking about to change the rules of the game, but, we managed to bypass the filter in an
easy way, so we didn´t change it and players were also able to discover it. This is the "how":
When a string that can execute any kind of javascript which it is injected, like could be
Chrome also has a function to fix or rewrite HTML source code that isn’t well-formed. If a website that contains a tag
like ‘’, it will try to rewrite the source code to construct a proper HTML code. For example, if we introduce a string
like
It can give to an attacker a vector to bypass the Anti-XSS filter, due to it applies first the filter and then checks
whether the HTML code is well-formed or not, modifying it if needed..
So, it’s possible to create a non-well-formed tag, that after being rewritten, it will be a properly XSS.
An example of it may be this one:
Which browser is the most secure, is that the question?
Over the past week I have been asked twice now for my opinion on the question “Which browser is the most secure?” Probably as a result of the release of Microsoft’s “Browser Choice” update. In my view, this choice that people are being prompted to make is leading most of us to ask the wrong question entirely. Your browser will not keep you safe, whoever made it, you need to take steps to keep *yourself* safe, whichever browser you choose.
This update no doubt exposes millions of users to a choice which they may not, in many cases, have even been aware they were able to make; the choice of which application to use when browsing the web. Many alternatives are available when making this important choice; Internet Explorer (natch), Mozilla Firefox, Safari, Opera, Google Chrome and seven others are on offer through the Microsoft pop-up.
Rightly security is many folks’ primary concern when browsing online these days, so they want to know which browser is the safest or will offer them the highest personal security. I’m not convinced though that “Which browser is the most secure?” is really the right question.
Every browser has its flaws, vulnerabilities and patches (or lack of them). In any case attacks are increasingly aimed not only at browsers but at application plug-ins like QuickTime, Flash or Acrobat that can be used in multiple different flavours of browser. Either that or they are simply attacks aimed at the individual using the browser (like phishing, pretexting and other social engineering attacks).
Better (and more useful) advice than “Which browser is most secure?” would be “How can I best secure my browser of choice?” Trend Micro offers free tools such as Browser Guard and the Web Protection Add On for Internet Explorer. Browser Guard detects and blocks popularly used exploit techniques (such as heap spray and buffer overflow as well as looking for shellcode) offering proactive protection against unknown threats. The Web protection Add-On blocksknown malicious sites. Many other tools and plug-ins for many other browsers are also out there such as AdBlock Plus or NoScript for Firefox just for example.
It’s different strokes for different folks and various security tools or techniques require varying degrees of familiarity with the browser, with technology or with threats in general in order to effectively protect you without ruining your Internet experience beyond redemption. Helpfully, different indpendent tests and opinions will give you conflicting advice, of course.
In most cases the best advice is stick with the browser you are most familiar with but take steps to secure it. If you suddenly jump into using a browser with which you are unfamiliar, just as a simple knee-jerk reaction your unfamiliarity may leave you less secure than you were before the change.
Sony says hacker stole 2,000 records from Canadian site
The problems keep coming for Sony. On Tuesday the company confirmed that someone had hacked into its website and stolen about 2,000 customer names and e-mail addresses.
Close to 1,000 of the records have already been posted online by a hacker calling himself Idahc, who says he's a "Lebanese grey-hat hacker." Idahc found a common Web programming error, called an SQL injection flaw, that allowed him to dig up the records on the Canadian version of the Official Sony Ericsson eShop, an online store for mobile phones and accessories.
The hacker got access to records for about 2,000 customers, including their names and e-mail addresses and a hashed version of users' passwords, said Ivette Lopez Sisniega, a Sony Ericsson Mobile Communications spokeswoman. "Sony Ericsson has disabled this e-commerce website," she said in an e-mail message. "We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers."
Other than the names and e-mail addresses, no personal or banking information was compromised, she said.
Sony Ericsson is a mobile-phone company run jointly by Sony and Ericsson.
Sony has been under continual cyber-attack since April, when its PlayStation Network was hacked and then pulled offline. Over the past week Sony BMG Japan, Sony BMG Greece, the Sony-run So-net Internet service provider, and a company server in Thailand all have been compromised, in what's becoming a free-for-all online attack on anything belonging to Sony.
Earlier this year Sony raised the hackles of hackers by suing George Hotz, a well-respected hacking enthusiast, who'd found a way to break Sony's controls and install Linux on his PlayStation 3. Sony eventually settled with Hotz, but to many it came off as a bully in the affair.
Now, increasingly, Sony looks like a company where security was merely an afterthought.
Earlier this week, Sony said the attacks will cost it at least US$170 million.
Sony's continued problems reflect a cavalier attitude toward computer security, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a Washington-based think tank that studies cyber-attacks. "It's a pretty obvious conclusion that they weren't managing their security well," he said.
MacOSX Gets Massive Security Update
This is kinda weird but safe for the users at the same time Apple have just launched the update for the Mac OSX with a severe patchment of 92 vulnerabilities. Well it have also breaked the previous record of the Mac OSX update released last year, when Apple 's largest patched 67 vulnerabilities .
The update brings Snow Leopard to version 10.6.3, making this the third major update to the OS that Apple launched in August 2009. Apple also addressed a list of nearly 30 non-security issues in the 10.6.3 update. Leopard users, meanwhile, received only the security patches ..
As a matter of fact, most of the patches were for the QuickTime player for the Leopard OS and it was expected as we have already been knowing many of the Mp4 Zero Day exploitations etc and due to the Pwn2ownage conference the exploits shown there was a big reason for this turn out.
"The sheer number, it's almost so daunting that you don't even want to look," said Andrew Storms, director of security operations at nCircle Network Security.
Today on 30th Apple came out with a update of 42 security fixes which is about the 40% of the total number of the security apple is working onn. The other thing which is kinda in favour of apple is that they don't rate/score there patches like some of the other giants like Microsoft and Oracle.
The other news we got for you is that RSnake and his friends have done some research on this and found some of the exploitations in the safari browser which is regarding the port number float/integer overflow which can cause alot of damage.
“Safari has a typical integer overflow in the way they look at ports. So if you add the number 65,536 to the port you want to connect to (in this case 25 + 65,536 = 65,561) you can bypass their port blocking.”
And the best thing to note here is that Apple beat with the blacklist of ports or even whitelist of ports as it can be used in mass exploitation for hackers. Well lets see whats next.
Charlie Miller, the researcher who cracked Snow Leopard's security defenses to take down Safari, said today that Apple had not patched the vulnerability he used last Wednesday.
"New patch doesn't fix pwn2own bug," Miller said via Twitter .
"Sorry suckers, gonna have to wait for the next patch."
XBox Live Hacked or Suffering Connection Issues
Today Xbox Live users are suffering some Connection Issues and this is excepted as yesterday only the Xbox live account of Xbox’s Live Programming director’s was Hacked. So this points to the Xbox Live is been hacked aka compromised.
It is more likely that the Xbox live is hacked as the account of one of the makers of the Xbox live account was hacked yesterday only. While this can be a Connection issues too as the Expansion pack of Modern Warfare : “Stimulus Package” is out today which may have caused problems for the Xbox live servers as of large incensement in the connections ...
Xbox Support’s Twitter account is loaded with communications with customers about the problem, and the official support website at www.xbox.com/support is being bombarded by users.
“We’re aware of the issue and it is being worked on. Stay tuned for updates.”
An error code of 80150019 have been shown to the users of the Xbox live users. As the users are like not happy with this situation and would be likely as the Microsoft is in problems again.
… Talking about the Hacked account of Major Nelson’s of Xbox Live, Shortly after the hack happened, the Web site Lightzz took credit for the hack, posting a video of it, along with the hacker's Skype name. He is offering to hack other accounts as well.
Well whatever is going we will update this post as soon as Microsoft figures it out is it hacked or connection issues.
ESET NOD32 releases Antivirus for Linux 4 !
ESET announced the availability of ESET NOD32 Antivirus 4 Business Edition for Linux Desktop and ESET NOD32 Antivirus 4 for Linux.
ESET NOD32 Antivirus 4 for Linux offers protection against cross-platform and emerging threats, enhancing the security of Linux platforms. The scanning engine automatically detects and cleans malicious code, including threats designed for Windows and Mac based systems.
ESET NOD32 Antivirus 4 Business Edition for Linux Desktop includes ESET Remote Administrator, which provides IT administrators with a management console to control an entire network from a single screen — supporting tens or thousands of heterogeneous computers.
Key benefits and features:
Detection and proactive cross-platform protection – Advanced heuristics technology delivers real-time, proactive protection from malware, hacker attacks and exploits. Product protects against Linux, Windows and Mac malware
Small system footprint – The unique build of ESET NOD32 Antivirus 4 for Linux has been optimized to perfectly match the system environment. ESET engineered a smart solution with one of the lowest system footprints on the market ensuring fast startup and smooth performance
Graphical user interface – Optional graphical user interface which delivers intuitive access to features includes full screen mode, informative graphs, statistics and scheduler
Security settings control – Defines which user accounts have the capability to change settings, so unauthorized users cannot disable or lessen protection
Streamlined management – Easy management and oversight of network security across all platforms, allowing for push tasks, updates and security policies to be applied from a single console (Business Edition only)
Removable media access control – Scans or blocks usage of USB, FireWire, CD/DVD devices to minimize risk of infection or data loss.
Facebook expected to roll out simple privacy settings within the next few weeks
Facebook is preparing to release simple privacy settings following a meeting last week with its staff.
According to the allfacebook.com website, Facebook’s public policy director Tim Sparapani spoke with American radio journalist Kojo Nnamdi and stated that the company would release simple privacy settings in the coming weeks.
Wired reported that Sparapani said: “Now we’ve heard from our users that we have gotten a little bit complex, I think we are going to work on that. We are going to be providing options for users who want simplistic bands of privacy that they can choose from and I think we will see that in the next couple of weeks.”
It claimed that proposed changes are unlikely to reverse its December policy changes to make large portions of a user’s profile ‘publicly available’ by ‘helping everyone find and connect with each other by keeping some information – like your name and profile picture’.
He told Nnamdi on Washington DC’s WAMU station that Facebook was dedicated to privacy. He said: “We have built a privacy setting for every new type of sharing [users] are allowed to have. What that means is that in fact we have come up with an extraordinary number of privacy settings.
“This should be compared to almost any other company out there where there are no privacy settings at all, so Facebook should be getting credit here for giving tools in the first place.”
Blogger Nick O’Neill, writing on allfacebook.com, said: “Given that the company has come under significant pressure over the past couple of weeks over new programs, including the highly controversial ‘Instant Personalisation’ program, it’s not surprising to hear Sparapani announce these features. What’s even more significant is that these ‘simple’ privacy settings sound as though they’ve most likely been in the works for a short period of time.
“What I’m still wondering is why Mark Zuckerberg or any other executive haven’t made a formal announcement stating that they are listening. While representatives of the company’s communications department have stated that the company is listening and will effectively do the right thing, no formal statement has come from Mark Zuckerberg.
“Perhaps this is a test of Mark’s ability to delegate some of the communication to the general public, however I’m pretty sure that most people want to hear that the company is listening from Mark’s own mouth (or at least a blog post under his name).”
Benjamin Cohen, technology correspondent at Channel4 News, claimed that Facebook clearly realises that not everyone understands the 50 privacy settings and 170 privacy options that users are currently presented with and are confusing users and not everyone has realised that their status updates are so public.
He said: “The company are still in discussions internally about how best to implement new changes, but it is clear that some simplification will occur soon. There was talk of big privacy options that change scores of privacy settings rather than having to set them individually.
“Facebook as a company are refreshing in their ability to actually respond to criticism. They don’t shy away from it as other technology giants have a tendency to. They are, I think still genuinely taken by surprise at the way that people use Facebook and more importantly the information they upload. Users are their lifeblood, if they upset them then they risk their whole future existence. They’ve realised that there’s unease and they will change things.”
Graham Cluley, senior technology consultant at Sophos, said: “If the reports are accurate, the question everyone will be asking is whether Facebook is really prepared to make the radical changes necessary to satisfy the growing number of users concerned with privacy on the site?
“Or will users believe that the changes are cosmetic and do not go far enough and, ultimately, quit the site altogether? Certainly, from my own point of view, Facebook needs to take a fundamental shift in its approach. Rather than asking users to ‘opt-out’ from sharing their information with more and more of the internet, they should ask their almost 500 million members to explicitly choose to ‘opt-in’.”
Tell us how you did it, Pakistan court to hackers !
Tell us how you did it, Pakistan court to hackers !Hackers would be granted bail if they taught judges how to do the job, Pakistan's Supreme Court said in a lighter vein as it heard the bail plea of two teenagers who had broken into the Supreme Court website last year. The Supreme Court then granted bail to the two teenagers who are accused of hacking its official website and placing derogatory material about judiciary and the chief justice on it, Dawn reported Tuesday.
The bench, comprising Justices Asif Saeed Khan Khosa and Amir Hani Muslim, was headed by Justice Javed Iqbal.
The judges said the hackers had done a "brilliant job".
Their counsel Iftikhar Hussain Gilani promptly said they had not hacked the site.
To which, the judges asked Gilani why he was not ready to accept praise for the hackers.
They then said in a lighter vein they would grant bail on the condition that the accused taught them how to do such a job.
The judges, however, observed that it was not just the issue of hacking, the hackers had also deprived the people and visitors to the website of general information and information regarding fixation of cases.
They also observed that highly objectionable material had been placed on the website.
Gilani claimed the site had not been hacked by the teenagers but by some Indians.
Written By A Porkish Hacker
Ankit Fadia | Certified Ethical Idiot
A bit of a background before I begin this post. Ankit Fadia is zis guy, an alumnus of Delhi Public School R K Puram, who *claims* he’s this hotshot hacker, over whom ‘certain undisclosed security agencies in the USA’ always call using the Bat-signal whenever Osama bin Laden sends an email ordering Viagra. This, from a guy who’s never written a single hacking tool or algorithm of his. So when I came to know that Career Launcher, of all places, was gonna start an ‘Ankit Fadia Certified Ethical Hacking Course‘ and was holding a seminar at Karnataka House (a stone’s throw away from my home), I couldn’t resist meeting the moron.
I might add, I *have* read some of his books. To the normal guy, he’ll be ultra-impressed; for the discerning reader, he’s a whore bore. There’s this book of his, where he actually gave the STEPS to view the source code of a bloody HTML page, and then proceeded to fill some THREE pages with the HTML source of Yahoo!’s home page. That, was touche in the long line of idiotic stuff. I don’t even WANT to start off discussing stuff like filling pages after pages on the ‘ping of death’, an issue which is practically obsolete in modern operating systems.
Anyway, I turn up at the venue (it has a nice restaurant there too, BTW, maybe I’ll write about it some other day); to find nobody to guide people around. Mystified, I found my way around and made it to the auditorium. Surprised to find it almost packed, full of college students, portly gents and behenjis, and people who seemed to have been hired on-the-spot by Career Launcher at the Karnataka Restaurant just to fill up the space. Anyway, I was lucky enough that I found a seat right behind the Moron in the second row.
After making everyone wait for about 30 minutes beyond the schedule time, this CL guy Harpreet Dhody goes on stage, and makes cheesy lines like (my commentary in square braces)…
The dude himself
Anyway, he got on with great relish to start explaining about how privacy is a big issue; and told the case of some woman staying in one-room apartment in Mumbai four years ago who had broadband Internet (Eh? Broadband, FOUR years back? Must’ve been Sify, who still call 64 kbps ‘broadband’), and how some Big Bad Wolf turned on her webcam 24×7 or something. Then he took another case…
He moved on to talking about hiding IP addresses, which he made pretty interesting for the general audience, I must admit. After that, and after mentioning about proxy servers, proxy bouncing, etc; he decided to speak on anonymising…
…and then how he saved paying Australian $20-30 at some Sydney hotel because he found unsecured hotspots nearby…
He went on to say that the way to solve the problem of people war driving (and guess what, he didn’t even KNOW about tools like NetStumbler; hell, there’s a whole Linux distro dedicated to this called WarLinux) and fucking (my language) around with your Wi-Fi network is to…
Next up was email spoofing, where he didn’t even bother to show the theory behind it. Instead, he opened this page; and proceeded, with utmost pride, to show that he knew how to fill an HTML form, explaining each and every step (“press tab to shift focus to the next field” – sounds hi-fi, doesn’t it?), and then finishing with “all you need to do now is click submit”, on a laptop which didn’t have an Internet connection.
After that, he showed steganography, which is basically encrypting images in innocent looking photos (like that of Avril Lavigne, which he used). Now what he claimed then (and has for quite some time is) that after the 9/11 attacks in USA ‘certain undisclosed security agencies in the USA’ intercepted messages from Al-Qaeda and sent them to our dear friend because they couldn’t figure out what it was. Our dear friend, as he says, couldn’t figure out anything for 3 weeks, and in the 4th week (yay, Google search!) it struck him that it could be this. Our dashing young frood then told his masters in the US, and got the license to have his martini shaken AND stirred. I might add here that the sarcasm + wisecracks here are by me, lest you think he’s a (non)sense of humor.
Amazing story, except for the fact that NO publication except the USA Today ever spoke of US agencies intercepting ‘such messages’ – and I might add that the guy (Jack Kelley) who wrote the story was later fired in 2004 for ‘fabricating false stories and sources’. Hmm.
Mr Fadia then proceeded with a ‘live hacking demo’, where he had installed a trojan (NetBus, in case you’re curious) on his OWN laptop and ‘connected’ to it on his own laptop, and showed its various features (he can be a good salesman). He then proceeded on how India has been losing out in the cyber war against Pakistani hackers…
The session was (thankfully) coming to a close. He now switched laptops with the CL guy Harpreet (this one had a net connection), and after doing the boilerplate…
With that, we came to and end, and I asked for his autograph; which, BTW, I was not supposed to get unless I’d joined his course, but I haven’t come across too many people who refuse autographs…
Ankit Fadia’s autographThe absolute fun part was at the end, when the ‘horkud’ using crowd descending on him, including a portly gent who said he was an ‘ISO 9001 certified hacker too’. All that is left now is for some bright entrepreneur to to shrink-wrap ‘ISO 9001 hackers’ and start selling them on eBay. Anyway, Ankit was fully cornered by the crowd, and asked questions like…
This, from a guy who is consulted by ‘undisclosed US security agencies’ to ‘hunt down bin Laden’ (his words, not mine).
Now I *have* to admit at the end that Ankit Fadia is stunningly brilliant at explaining dry-as-Egyptian-mummies (for general people) topics like proxies to portly gents in an easy manner. He’s also pretty good at keeping audiences engaged with such boring stuff. I’d therefore say…
My rating of how useful Ankit Fadia’s Certified Ethical Hacker Course will be for a normal Joe: 5.9 / 10
As I said, geeks won’t find anything here they don’t know; and the title is pretty pretentious anyway. Yes, for normal people however I’d say this course would be pretty good to get them stuffed with basic knowledge on what the fuck exactly is going on when they use the Internet and HOW they might be conned. However, it WILL sorta give them the feeling that they’re top class hackers now, which they aren’t. That false sense of security isn’t something very good on the Internet.
In fact, I wouldn’t have had so much to say about Ankit had it not been for the huge amount of unsubstantiated claims that he keeps on making every now and then. So basically, they should STOP calling it a ‘certified hacker’ course, and simply call it an ‘Internet Security Bootcamp’ or something; that way, Ankit can stay credible while being an icon for the masses at the same time. Calling it ‘Certified Hacker’ is, IMHO, an exaggeration.
I might add, I *have* read some of his books. To the normal guy, he’ll be ultra-impressed; for the discerning reader, he’s a whore bore. There’s this book of his, where he actually gave the STEPS to view the source code of a bloody HTML page, and then proceeded to fill some THREE pages with the HTML source of Yahoo!’s home page. That, was touche in the long line of idiotic stuff. I don’t even WANT to start off discussing stuff like filling pages after pages on the ‘ping of death’, an issue which is practically obsolete in modern operating systems.
Anyway, I turn up at the venue (it has a nice restaurant there too, BTW, maybe I’ll write about it some other day); to find nobody to guide people around. Mystified, I found my way around and made it to the auditorium. Surprised to find it almost packed, full of college students, portly gents and behenjis, and people who seemed to have been hired on-the-spot by Career Launcher at the Karnataka Restaurant just to fill up the space. Anyway, I was lucky enough that I found a seat right behind the Moron in the second row.
After making everyone wait for about 30 minutes beyond the schedule time, this CL guy Harpreet Dhody goes on stage, and makes cheesy lines like (my commentary in square braces)…
If you got an opportunity to meet Einstein or Stephen Hawkins [yup, THAT's what he said], will you give it away? No! Same for Ankit Fadia…blah…blah……a premonition of how bad the evening was gonna be. Anyway, the show must go on, and Mr Fadia came on stage…
The dude himselfHow many use the Internet? Stop using it, it’s unsafe……and RIGHT there on the screen, in the presentation we had…
How many use Google? Stop using it [yay!], because it keeps logs [duh, they need to make money]…
How many use web mail like Yahoo, Hotmail or Gmail? Stop using it, they keep records too…
Ankit FadiaIt seems that although he’s studying at Stanford, they didn’t deem it necessary to give him a stanford.edu ID; because of which the poor guy is forced to stick to Gmail. Too sad that it was a dark hall, and the pictures didn’t come out well for me to show you guys this. Interestingly, his site is www.hackingmobilephones.com; which seems the result of the fact that he forgot to pay the bill on his older ankitfadia.com domain. Aw, I forget, ankitfadia.com was hacked (LOL, by a person named SkriptKiddie no less) pretty soon after it was put up.
fadia.ankit@gmail.com
Anyway, he got on with great relish to start explaining about how privacy is a big issue; and told the case of some woman staying in one-room apartment in Mumbai four years ago who had broadband Internet (Eh? Broadband, FOUR years back? Must’ve been Sify, who still call 64 kbps ‘broadband’), and how some Big Bad Wolf turned on her webcam 24×7 or something. Then he took another case…
…NASA’s systems were hacked by an 11-year old Russian teenager, who diverted a rocket around in space after it was launched…caused billions of dollars in damage as the spacecraft was lost…Point one: an ELEVEN year old is NOT a TEENager (read the words carefully). Point two: I’ve never heard of this incident, neither is there any mention of it online anywhere. I don’t deny NASA has been hacked – it has, and various of its bodies’ sites have been defaced. There was a case when a hacker even delayed transmissions during a space shuttle mission once, but a Russian KID hacking in and resulting in loss of a space mission – never heard of it. Someone please enlighten me if I’m wrong.
He moved on to talking about hiding IP addresses, which he made pretty interesting for the general audience, I must admit. After that, and after mentioning about proxy servers, proxy bouncing, etc; he decided to speak on anonymising…
…and then how he saved paying Australian $20-30 at some Sydney hotel because he found unsecured hotspots nearby…
He went on to say that the way to solve the problem of people war driving (and guess what, he didn’t even KNOW about tools like NetStumbler; hell, there’s a whole Linux distro dedicated to this called WarLinux) and fucking (my language) around with your Wi-Fi network is to…
…use encryption standards like WEP…For the slightly intelligent people out there, you’d probably be knowing that WEP was a standard dropped WAY back in favour of newer stuff like WPA and WPA2; because WEP has flaws which enables stuff like AirSnort and AirCrack to prise open the Wi-Fi clamshell in a short time. Boy, is this guy outdated…
Next up was email spoofing, where he didn’t even bother to show the theory behind it. Instead, he opened this page; and proceeded, with utmost pride, to show that he knew how to fill an HTML form, explaining each and every step (“press tab to shift focus to the next field” – sounds hi-fi, doesn’t it?), and then finishing with “all you need to do now is click submit”, on a laptop which didn’t have an Internet connection.
After that, he showed steganography, which is basically encrypting images in innocent looking photos (like that of Avril Lavigne, which he used). Now what he claimed then (and has for quite some time is) that after the 9/11 attacks in USA ‘certain undisclosed security agencies in the USA’ intercepted messages from Al-Qaeda and sent them to our dear friend because they couldn’t figure out what it was. Our dear friend, as he says, couldn’t figure out anything for 3 weeks, and in the 4th week (yay, Google search!) it struck him that it could be this. Our dashing young frood then told his masters in the US, and got the license to have his martini shaken AND stirred. I might add here that the sarcasm + wisecracks here are by me, lest you think he’s a (non)sense of humor.
Amazing story, except for the fact that NO publication except the USA Today ever spoke of US agencies intercepting ‘such messages’ – and I might add that the guy (Jack Kelley) who wrote the story was later fired in 2004 for ‘fabricating false stories and sources’. Hmm.
Mr Fadia then proceeded with a ‘live hacking demo’, where he had installed a trojan (NetBus, in case you’re curious) on his OWN laptop and ‘connected’ to it on his own laptop, and showed its various features (he can be a good salesman). He then proceeded on how India has been losing out in the cyber war against Pakistani hackers…
…they hack 50-60 Indian sites daily, while we can only do 10-20 of theirs…Thanks to the 9000 Ankit Fadia Certified Ethical Hackers till now! Anyway, there’s this interesting aside where a Pakistani hacker group once challenged Ankit to patch an Indian government site from being hacked within two days, which they eventually did.
The session was (thankfully) coming to a close. He now switched laptops with the CL guy Harpreet (this one had a net connection), and after doing the boilerplate…
Don’t try this at home, this IS breaking cyber law, but since it’s Harpeet’s laptop, he’ll be legally responsible if anything is caught……during which time that CL guy’s EXPRESSION was (MasterCard) priceless. Anyway, he opened up BSNL’s admin page, and proceeded to do his ‘live hacking demo’, where he entered username as admin and password as ‘=’ OR ‘=’, which he referred to as the *magic code*. Even on being asked multiple times by some people in the audience. Nothing ‘magic’ about it, it was a simple SQL injection attack.
With that, we came to and end, and I asked for his autograph; which, BTW, I was not supposed to get unless I’d joined his course, but I haven’t come across too many people who refuse autographs…
Ankit Fadia’s autographMy company is blocking peer-to-peer software, and traffic can only be sent via port 80. Now you talked about proxies, how do I get to use a proxy to send it via some other port, while keeping in mind the fact that I need to keep the proxy settings for my company’s internal LAN?Confused question, but I hope you get the point. To this, our networking guru Mr Fadia said…
Er, iske bare me mujhe itni zyada jankari nahi hai…
This, from a guy who is consulted by ‘undisclosed US security agencies’ to ‘hunt down bin Laden’ (his words, not mine).
Now I *have* to admit at the end that Ankit Fadia is stunningly brilliant at explaining dry-as-Egyptian-mummies (for general people) topics like proxies to portly gents in an easy manner. He’s also pretty good at keeping audiences engaged with such boring stuff. I’d therefore say…
My rating of how useful Ankit Fadia’s Certified Ethical Hacker Course will be for a normal Joe: 5.9 / 10
As I said, geeks won’t find anything here they don’t know; and the title is pretty pretentious anyway. Yes, for normal people however I’d say this course would be pretty good to get them stuffed with basic knowledge on what the fuck exactly is going on when they use the Internet and HOW they might be conned. However, it WILL sorta give them the feeling that they’re top class hackers now, which they aren’t. That false sense of security isn’t something very good on the Internet.
In fact, I wouldn’t have had so much to say about Ankit had it not been for the huge amount of unsubstantiated claims that he keeps on making every now and then. So basically, they should STOP calling it a ‘certified hacker’ course, and simply call it an ‘Internet Security Bootcamp’ or something; that way, Ankit can stay credible while being an icon for the masses at the same time. Calling it ‘Certified Hacker’ is, IMHO, an exaggeration.
Pranav Mistry SixthSense Technology is thrilling potential: Real Hacker from India
Pranav Mistry SixthSense Technology is thrilling potential: Real Hacker from India
SixthSense Technology : Interactions between the real world and the world of data
At TEDIndia, Pranav Mistry demos several tools that help the physical world interact with the world of data -- including a deep look at his SixthSense device and a new, paradigm-shifting paper "laptop." In an onstage Q&A, Mistry says he'll open-source the software behind SixthSense, to open its possibilities to all.
In my opinion, this person Pranav Mistry is a real Indian hacker, who is exploring the limits where any of our SO CALLED INDIAN hackers not even think. All such bogus so called black hat hackers still limited to outdated third class method very well known as website defacement. WAKE UP GUYS...I JUST GIVE A DAMN. I personally recommend to all my readers....rather then wasting your precious time on various time waste forums...have a look on such latest technology talks. It will really open your eyes and tell you the clear picture. Have a look and check your self exactly where you stands in front of this.
Just have a look on below demonstration video of SIXTHSENSE technology
Pranav Mistry: MIT grad student, is the inventor of SixthSense, a wearable device that enables new interactions between the real world and the world of data.
Before his studies at MIT, he worked with Microsoft as a UX researcher; he's a graduate of IIT. Mistry is passionate about integrating the digital informational experience with our real-world interactions.
Some previous projects from Mistry's work at MIT includes intelligent sticky notes, Quickies, that can be searched and can send reminders; a pen that draws in 3D; and TaPuMa, a tangible public map that can act as Google of physical world. His research interests also include Gestural and Tangible Interaction, Ubiquitous Computing, AI, Machine Vision, Collective Intelligence and Robotics.
Try innovate in your own boundaries bring productivity. Small Example given below. Might inspire all of us.
His official website is
