OMG ! Bing stealing search results from Google !

There has been a rumor running around that Microsoft is using Google to improve Bing’s search results. The guys from Bing obviously denied everything and now, Google released their proof.
Google had created fake search results for some jibrish – never searched – queries and waited for Bing to eat the bait. And they did.
Here is one example where for the query “delhipublicschool40 chdjob” Google inserted a search result for a credit union:

A few days past and the same credit union showed up on Bing for that query:

Read More

Vulnerablity in wordpress : Giving Malware

Google up inurl:wp-content/1/ [Warning: just google it up, don't visit any of the site in the search results. They are full of activeX viruses!]. This is what I see now:

What you see is a list of sites that were hacked through the latest WordPress Vulnerabilitythat allows hackers to insert spam into your blog.

This is just great. WordPress is the most common blog software out there, and at this minute there are over 90,000 website that were spammed (still counting…) I’m sure that most of these sites owners never heard of this exploit and some of them will probably never will. The damage is enormous. This exploit made them look like spammers in Google eyes, and Google like Google – She never forgets anything. If you are a spammer, you are out of the index in one second.

In my opinion, the best way to deal with these hacks is Active Network Scanning. This kind of services are usually provided by an external company that scans your site for vulnerabilities on a daily basis (like Hacker Safe, but better). Once a new vulnerability is discovered to the world, it is automatically added to their scanning system and is tested on your site. This can definately help you sleep better.

Life shows that there is no way your web site can be safe. It is just the nature of software that it is full of holes. If only you scan your website for vulnerabilities, at least you know about it on time and hope there is something you can do about it…

Important comment: if you are not in this list, it does not mean that you are safe. There are lots of other URLS that were used for this attack… This IS fun!

update: (April 12 2008): Checked again the list, and it seems like most of the hacked pages were removed from Google’s index. It DOES NOT mean that the vulnerability is fixed, it just means that Google had identified that these pages as pages that should be ignored and removed from the index. This is semi good news for those that were hacked and afraid their ranking will go kaput. Just semi because they are still vulnerable and will surly be attacked again in the next wave…

It seems like the number of WordPress vulnerabilities is growing constantly. The most popular blogging software that exists is becoming a huge security hole. In fact, this post is written with WordPress and it feels less secure than ever. This makes me think about moving my blog to blogger or wordpress hosting site, instead of fighting the patches on my own server.

Read More

Learn How to Hack Facebook Password

Hacking Facebook Account Password: Facebook Phishing for Hacking Facebook

Facebook has evolved into one of the hottest social networking website in the world. Here is a simple tutorial that you can use to hack your friend's facebook password. Here i'm writting on hacking Facebbok password using Facebook Phisher.
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.[Read more about phishing on Wikipedia]




Facebook Phisher
Please Note: Phishing is legally offensive. I am not responsible for any action done by you.


Hacking Facebook password:

Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. I recommend the use of Phishing to hack facebook account since it is the easiest one.

1. First of all download Facebook Phisher

2. The downloaded file contains:

Index.html
write.php3. Upload both files to any of these free webhost sites:

www.yourfreehosting.net
www.drivehq.com
www.110mb.com
www.t35.com
www.esmartstart.com4. Now, send this phisher link (index.html link) to your victim and make him login to his Facebook account using your sent Phisher.

5. Once he logs in to his Facebook account using Phisher, all his typed Facebook id and password is stored in "passes.txt". This file is created in your webhost control panel as shown.


If you dont get passes.txt, try refreshing your page.Once you get passes.txt, you get Facebook password and can easily use it for hacking Facebook account.

6. Now, open passes.txt to get hacked Facebook id and password as shown.


Hope this tutorial was useful for you.

Source :- http://www.devilscafe.in/2011/09/learn-how-to-hack-facebook-password.html

Read More

Turkish hacking group “Turkgu­ven­Ligi” Hacked theregister, Dell,acer,ups,Vodafone & telegraph

At the time of writ­ing these web­sites are still defaced, with a black page writ­ten “Turkgu­ven­Ligi” and “4 Sept. We TurkGu­ven­ligi declare this day as World Hack­ers Day - Have fun ;) h4ck y0u”.

What do ups​.com, voda​fone​.com, thereg​is​ter​.co​.uk, acer​.com, bet​fair​.com, nation​al​geo​graphic​.com and tele​graph​.co​.uk have in com­mon? They all use Net­Names as their reg­is­trar. It appears that the turk­ish attack­ers man­aged to hack into the DNS panel of Net­Names using an SQL injec­tion and mod­ify the con­fig­u­ra­tion of arbi­trary sites, to use their own DNS (ns1​.yumur​tak​abugu​.com and ns2​.yumur​tak​abugu​.com) and redi­rect those web­sites to a defaced page.

In the past, Turkgu​ven​Ligi​.info defaced secu​nia​.com, HSBC Korea and the reg­istry Directi with this method.

You can browse the list of their attacks here:

http://​www​.zone​-​h​.org/​a​r​c​h​i​v​e​/​n​o​t​i​f​i​e​r​=​t​u​r​k​g​u​v​e​n​l​i​g​i​.info

Read More

Google Pack : Collection of Free Softwares

Google Pack is a software package that allows users to discover, install, and maintain a number of application programs. It was announced at the 2006 Consumer Electronics Show, on January 6. Google Pack is currently only available for Windows XP, Windows Vista, and Windows 7.

All the software in the Google Pack is free no trial or spyware. Some programs may offer paid versions that provide additional features or ongoing updates, but you’ll never have to install the paid versions, and your free version will continue to work as long as you have it installed. Google also include updater, that can be used for : Monitor the status of your installation, Run software that’s been installed and Uninstall software.

You can choose software applications which you want to install. If the application is already installed, Google Updater checks to see if the user has the latest version and upgrades it, if necessary.

The software applications available vary based on which language and locale is selected, and operating system. The U.S. Windows XP version of Google Pack offers all of the current applications listed below.

It contains following software applications:
Google Toolbar for Internet Explorer - It autofills the forms on webpage and block Popups.
Spyware Doctor Starter Edition - Detect and remove spyware, adware, trojans and keyloggers.
Picasa - Share and edit photos.
Google Photos Screensaver- Display photos from your PC and photo sharing sites.
Google Talk - Chat with friends via IM.
RealPlayer - Play popular media formats, organize music and videos.
Google Earth - Find maps, driving directions, hotels, restaurants, and more.
Norton Security Scan - Protect from viruses.
Mozilla Firefox with Google Toolbar - Web browser.
Adobe Reader - View, print, and search PDF files via a redesigned interface.
Skype - Make free voice and video calls to anyone else on Skypee.
StarOffice - Word processing, spreadsheet, presentation, and more.


Click here to get Google Pack

Source : http://www.devilscafe.in/2011/09/google-pack-collection-of-free.html

Read More

OS X Lion bugs : change local user passwords

The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple's part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.

Originally reported by Defence in Depth blogger Patrick Dunstan, the root of the newly discovered problem in Mac OS X 10.7 is tied to the user-specific shadow files used in modern OS X platforms. These files are essentially hash databases and contain, among other things, the user's encrypted passwords. Ideally, they should be accessible only via high-privilege accounts.

According to Dunstan, Apple dropped the ball in terms of how Lion handles privilege. "Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data," Dunstan wrote. "This is accomplished by extracting the data straight from Directory Services."

Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path -- for example, $ dscl localhost -read /Search/Users/bob (where "bob" is the username). This causes Lion OS X to spew out the contents of Bob's shadow hash file, including data that can be used to crack Bob's password with a simple script, such as a Python script written by Dunstan.

Making matters worse, running such a script wouldn't necessarily be required to gain access to Bob's account. Using Directory Services, a user could change a logged-in user's password -- without requiring authentication -- using this command: $ dscl localhost -passwd /Search/Users/bob

Notably, the targeted user's account could just as easily include admin privileges.

In order to pull off this hack, the perpetrator would require local access, though an outsider using social engineering could dupe a user to surrender the information. Additionally, a malicious insider could use his or existing information and wreak havoc if an admin left a machine without first logging out. Further, the user would need to access Lion's Directory Services -- another feat that would not be overly difficult in an environment with relatively lackluster security.

MacFixIt blogger Topher Kessler offered advice on how organizations can avoid being subject to these vulnerabilities. They include disabling automatic log-ins in Mac OS X; enabling sleep and screensaver passwords; disabling guest accounts (as well as accounts not in use); and better managing user privileges, such as allowing no greater permissions than necessary.

Read More

Hackers Says : Facebook tracking your cookies even after logout

According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browser logged out of Facebook, whenever I visit any page with a Facebook like button, or share button, or any other widget, the information, including my account ID, is still being sent to Facebook.'

After explaining the cookies behavior he also suggested a way to fix the tracking problem: 'The only solution to Facebook not knowing who you are is to delete all Facebook cookies.'
Give firefox addon for auto delete FB cookies after logging out.

Read More