Two biggest TRUTHS about hacking Facebook,Gmail,Yahoo,Hotmail etc

Tweet

Hello friends . I am writing this post just to bring about a general point of view in-front of my readers .
Every now and then I get mails and chats from different people who ask me to hack a facebook account or google account ,hotmail , yahoo etc . Its very annoying why people ask the same question again and again .

So I thought to write a post over it . Maybe you are reading this article because you searched on google "how to hack Gmail and facebook" or somthing similar to it .
So what you do is that you go to google and make respective search and you get lots of results -

Hack Google(Gmail) - about 67,000,000 search results

Hack Facebook -        about 48,900,000 search results

Hack Yahoo     -         about 10,500,000 search results

Hack Hotmail  -          about  8,750,000 search results

And the interesting thing is that all these around 135,150,000 results are CRAP.

The thing that I want to present here is that Facebook , google , yahoo , hotmail etc are the most secure servers on this planet. These sites totally depend on the confidentiality of their user data. So the first thing to keep in mind is

NO ONE CAN HACK THESE WEBSITES .


Yes thats absolutely true . These companies totally depend on security . Even if their website goes down for an hour then that can also cost them billions of dollars and can loose the faith of customers . So they work very seriously on their security measures.
When you search on google about how to hack facebook and yahoo then you will get millions of results claiming that they can do so for you . Some hackers will ask you for money , some will ask you for your own account information( and in turn they hack you) and some will ask you to download some software which upon installing makes your own system security compromised . Thats why I have mentioned the line in bold because I want my readers to note this thing and not to fall in the traps of such claims .
Later I will explain 2 most original ways to hack these website but with a constraint measure .
Now you must have heard some cases where the accounts are compromized or your own account might got hacked .
So how does this happen when I just said that these are the most secure sites.
This brings me to the second important point which i want to share

YOU GET HACKED ONLY BY YOUR OWN FAULT OR CARELESSNESS.


Yes that true again . The reason why some people's account gets hacked is their lack of internet knowledge or carelessness where people enter their login information into wrong or malicious pages.
The hackers create a fake login page and mail it to you and ask you to enter your information which instead of logging in sends your information to the hacker . In other cases the attacker makes you to click at some link or download software which in turn installs a trojan or keylogger in your computer and then record your information and mail it to the attacker . So it is very necessary for you to keep an eye on what you do over internet and make sure you do not fall into traps . The more you are alert the less are the chances of your account being hacked. So look twice before entering your login information .


So the most common and working ways to hack accounts of any site is
1. Phishing 
2. Keyloggers , backdoors , RAT's etc.

3.Social Engineering.

To know about how you can protect yourself , refer the following articles
4 gmail tips you should know
How to identify fake mails
protection against phishing


DARKLORD!!

Read More

Microsoft Office 2007 Blue Edition - Fully Activated !

Tweet

What exactly is Microsoft Office 2007 Enterprise Blue Edition? A hacker group named DiGiTAL has released a software package named Microsoft Office 2007 Enterprise Blue Edition, an edition of extremely popular 2007 Office Systems suite. The group claimed the Blue Edition as a secret edition that only available to original equipment manufacturers (OEM) and not to the general public. It further claimed that the released Blue version is the copy from the original disk which is only accessible to technicians of Microsoft. That’s why probably you’ve never heard of “Blue Edition”.

Since ‘Blue Edition’ is only intended for OEMs and not for retail sale, you can accurately anticipate that it’s also the only version where there is no need for a serial, and do not need an activation. Other than this, the Microsoft Office 2007 Enterprise Blue Edition resembles all the features of standard Office 2007 Enterprise Edition, the most complete Microsoft toolset provided for people who must collaborate with others and work with information efficiently, regardless of location or network status.

However, whether the “Blue Edition” actually existed is up for debate. The “Blue Edition” may be simply just a Office 2k7 Enterprise edition with integrated product key, thus eliminate the need to activate with crack, patch or keygen.

Microsoft Office 2007 Enterprise Blue Edition consists all everything comes with Enterprise Edition, listed below:

•Microsoft Office Access 2007
•Microsoft Office Excel 2007
•Microsoft Office Groove 2007
•Microsoft Office InfoPath 2007
•Microsoft Office OneNote 2007
•Microsoft Office Outlook 2007
•Microsoft Office PowerPoint 2007
•Microsoft Office Publisher 2007
•Microsoft Office Word 2007
Microsoft Office 2007

Once downloaded, unpack the file dgl-moebe.rar and then burn the file to CD or mount it in virtual CD-ROM drive to run the setup installation.

http://rapidshare.com/files/271633943/Office__BLUE__-_Der_Jager_Unlimite...
http://rapidshare.com/files/271637340/Office__BLUE__-_Der_Jager_Unlimite...
http://rapidshare.com/files/271633449/Office__BLUE__-_Der_Jager_Unlimite...

Read More

Understanding Kerberos and the authentication

Tweet

Recently wen i was reading the LM algorithm, like how it works , how the passwords are concatenated and encrypted and stored as Binary form in the SAM Database , i get stuck on with Kerberos , what is the role of in windows ? so i asked in fb page, friend called Vishal Sharma has said , Keberos mechanism used wen a client is connect to the domain or to the ACTIVE DIRECTORY, So i tried to read more abt that , and i found this is the best article i found on internet,thought of sharing with you, Must read for All Network Enginners and Admins.
You may not know it, but your network is probably unsecured right now. Anyone with the right tools could capture, manipulate, and add data between the connections you maintain with the internet. The security cat and mouse game isn’t one sided, however. Network administrators are currently taking advantage of Kerberos to help combat security concerns.


Project Athena

Project Athena was initiated in 1983, when it was decided by the Massachusetts Institute of Technology that security in the TCP/IP model just wasn’t good enough. A total of 8 long years of research passed before Kerberos, named after the three-headed Greek mythological dog known as Cerberus, was officially complete.

The result of MIT’s famous research became widely used as default authentication methods in popular operating systems. If you are running Windows 2000 or later, you are indeed running Kerberos by default. Other operating systems such as the Mac OS X also carry the Kerberos protocol. Kerberos isn’t just limited to operating systems, however, since it is employed by many of Cisco’s routers and switches.



What Does It Protect Against, Anyways?

If you have ever used an FTP program over a network, you are at risk. If you have ever used a Telnet program over a network, you are again at risk. These are just two examples of how little security some applications allow. FTP and Telnet use what are called plaintext passwords, or otherwise known as cleartext passwords. These passwords are ridiculously easy to intercept with the right tools.

Anyone with a simple packet sniffer and packet analyzer can obtain an FTP or telnet logon with ease. With that kind of sensitive information being transmitted, the need for Kerberos is obvious. This need doesn’t stop there, however. Sure FTP and Telnet related logons are easy to intercept, but then again so is every other connection any of your applications has to the internet.

Through a process of man in the middle attacks, any hacker can get most logon information for just about anything. From online bank passwords to private passwords on your computer, they are all generally vulnerable to this attack. A man in the middle attack generally occurs when the hacker acts as the “man in the middle” between two computers. The hacker attempts to pretend to each computer that it is in fact, the computer they have connected to. In reality, all the data is being routed to the hacker, who can then modify or add instructions to the data.



How Does It Work?

Kerberos operates by encrypting data with a symmetric key. A symmetric key is a type of authentication where both the client and server agree to use a single encryption/decryption key for sending or receiving data. When working with the encryption key, the details are actually sent to a key distribution center, or KDC, instead of sending the details directly between each computer. The entire process takes a total of eight steps, as shown below.

1. – The authentication service, or AS, receives the request by the client and verifies that the client is indeed the computer it claims to be. This is usually just a simple database lookup of the user’s ID.

2. – Upon verification, a timestamp is created. This puts the current time in a user session, along with an expiration date. The default expiration date of a timestamp is 8 hours. The encryption key is then created. The timestamp ensures that when 8 hours is up, the encryption key is useless. (This is used to make sure a hacker doesn’t intercept the data, and try to crack the key. Almost all keys are able to be cracked, but it will take a lot longer than 8 hours to do so)

3. – The key is sent back to the client in the form of a ticket-granting ticket, or TGT. This is a simple ticket that is issued by the authentication service. It is used for authenticating the client for future reference.

4. – The client submits the ticket-granting ticket to the ticket-granting server, or TGS, to get authenticated.

5. – The TGS creates an encrypted key with a timestamp, and grants the client a service ticket.

6. – The client decrypts the ticket, tells the TGS it has done so, and then sends its own encrypted key to the service.

7. – The service decrypts the key, and makes sure the timestamp is still valid. If it is, the service contacts the key distribution center to receive a session that is returned to the client.

8. – The client decrypts the ticket. If the keys are still valid, communication is initiated between client and server.

Is all that back-and-forth communication really necessary? When concerning speed and reliability, it is entirely necessary. After the communication is made between the client and server, no further need of transmitting logon information is needed. The client is authenticated until the session expires.


The authentication method described above seems a little one-sided. Kerberos provides support for mutual authentication, for a more secure protection against man in the middle attacks. Remember how the client no longer needs to send logon information after the authentication takes place? Well it sure would ruin everything if a hacker just intercepted our communication to the server and pretended to be us!

Kerberos isn’t the only encryption protocol available. There are multiple ways to encrypt data, and this holds true for many types of different applications. Email encryption protocols, for example, are a breed all of their own.

With a product that has been researched and developed for over 8 years, it is generally expected that the product should be well polished. Kerberos doesn’t fail to deliver, and this can be seen by looking at all the vendors who use it. Cisco, Microsoft, Apple, and many others rely on this faithful three-headed dog for network security.

As Greek mythology goes, you could get around Cerberus by gently lulling him to sleep with honey cakes. Rest assured it will take a lot more than that to get past the famous Kerberos security.

Read More

5 phases of Web Application attack - A HackingAlert Exclusive research!!

Tweet

Web applications are now the next big victim after games for hackers .
A recent research shows that 70% of vulnerabilities exist at the top layer of the web application.
The attackers use several techniques to hack web applications . I have been constantly monitoring different types of web attacks involving different methods but there ar some common steps which all hackers follow in order to perform their attack on applications. I am presenting a 5 phase method which covers from gaining information to maintaining the attack on the application . You can also read one of the most popular articles of this blog - How to hack a website/web server - a 3 step guide.

Phase 1: Silent reconnaissance
The attacker gathers as much information as possible identifying potentially vulnerable areas of the application. This is done discretely using tools such as Web debugging proxies to monitor the traffic between the browser and the Web server. The attacker traverses the site, much like a normal user, while collecting valuable information about how the application works. This activity goes undetected, because as far as the server is concerned, it represents the traffic of a legitimate user.
At this point, the attacker will stop interacting with the target server directly. The attacker will spend significant time reviewing the data collected by the debugging proxy and extracting useful facts about the environment. This may include the type of hardware and software in the network architecture, programming languages, libraries, source code and comments. This information will be leveraged during the later phases of the attack.



Phase 2: Attack vector establishment

This phase begins once the attacker has gained an understanding of the application design and the breadth of its attack surface. Until now, the interaction with the server has been fairly benign and undetectable, but in the next phase, things get a little louder. For this reason, the attacker will often start using an anonymous proxy to interact with the server.
The attacker may also employ other protective measures such as browser privacy controls, firewalls, antivirus and virtual machines. Once the attacker is confident that his traffic can no longer be traced, the real work can start.
With notes in hand, and a debugging proxy up and running, the attacker starts to seek out dynamic pages, especially those which accept form or query input. The attacker will then determine what the various input parameters are, and attempt to derive boundary cases for them. Boundary case values are sent to the application to provoke an unintended response from the server

The attacker repeats this activity on all dynamic pages that he is aware of. When finished, he has a list of all the parameters that are correctly validated by the server, and more important, the parameters that are vulnerable -- they produce calculation errors, fatal errors, or are blindly injected into the response without encoding or cleansing.
The attacker tailors the boundary cases so they do not match any known attack signatures, so this activity is almost always imperceptible to server administrators. The attacker still has to remain anonymous, because many applications keep track of errors and record the addresses of the clients responsible for generating them. Because of this, administrators could discover the activity later by inspecting logs with a security tool. However, this is typically long after the attacker has moved on to the next phase.
If the attacker was able to obtain a large number of potentially vulnerable inputs, the next step is to start testing each one to see if an attack vector is possible. For example, if the attacker received an SQL error when submitting a value of "my'username" in a login form, then there is probably an SQL injection vulnerability. The attacker will start supplying more structured SQL syntax into the input in an effort to shape the resulting error.



Phase 3: Implementation

This phase begins once the attacker has identified the vulnerabilities and their associated attack vectors. This is where the real damage starts. The scope of damage depends on the types of vulnerabilities that are exploited. For example:

• The attacker starts to mine the database for sensitive information, delete existing information, or insert new fraudulent information.

• The attacker seeds the application with malicious code by way of XSS vulnerabilities and reflected parameters.

• The attacker designs complex phishing scams that use the vulnerabilities to give the scam credibility.

The possibilities are only constrained by the potential vectors, and how they can be chained together to deliver more powerful payloads. Most of the damage has been done at this point.



Phase 4: Automation

Attacks such as input parameter abuse are often single request vectors. This means the damage happens within a single HTTP request. Sometimes, however, the execution of an attack vector provides incremental benefits each time it is performed. Generally, if the attack vector generates revenue for the attacker, the next step is to automate the attack. This enables the attacker to repeat the attack vector over and over again, multiplying the overall monetary gain.
Because the attacker must still cover his tracks in order to execute the automated attack, he will generally code the attack into a remotely controlled bot. This tactic poses serious challenges for the administrator, because even if the attack is identified, an IP-based block will no longer be sufficient. To accomplish this, attackers will often use a prefabricated "command and control" kit that allows them to quickly raise and command a bot army.


Phase 5: Maintenance

Finally the attack is complete. The hacker has extracted as much data as his experience and skill allows. He will go off and work on other projects until his automated bots start to fail. This will signal that some fundamental vulnerability in the attack vector has been patched or modified. If the attacker cares enough, he may repeat the entire process over again, focusing on the parts of the application that are essential for the bots proper functioning. He will find a work around for the new patch, create an entirely new attack vector, or move to a different target altogether.

These phases clearly encompass all the techniques involved in penentrating a web application. The difficulty of the attack can vary according to the sofistication of the application.
Hope this article pvoves helpful to my readers. Comments are most welcome.
 
 
DARKLORD!!

Read More

IP Spoofing - The Untracable HACK!

Tweet
The term IP spoofing is a combination of two different words IP + Spoofing .

IP refers to the connectionless protocol which is responsible for the process of routing up the data packets over the network . Since it is a connectionless protocol hence there is no acknowledgement received to the sender of the message that the it has been received without any flaw at the receiver end. The term spoofing means that the attacker sends the message to a computer indicating that it has came from a trusted source . Hence IP spoofing is the concept of spoofing the identity of a trusted source(victim) and to gain access at the same privilege at which the victim is.

Brief History of IP spoofing

In the April 1989 article entitled: “Security Problems in the TCP/IP Protocol Suite” ,

author S. M Bellovin of AT & T Bell labs was among the first to identify IP spoofing as a

real risk to computer networks. Bellovin describes how Robert Morris, creator of the now

infamous Internet Worm, figured out how TCP created sequence numbers and forged a

TCP packet sequence. This TCP packet included the destination address of his “victim”

and using an IP spoofing attack Morris was able to obtain root access to his targeted

system without a User ID or password.

A common misconception is that "IP spoofing" can be used to hide your IP address while

surfing the Internet, chatting on-line, sending e-mail, and so forth. This is generally not

true. Forging the source IP address causes the responses to be misdirected, meaning you

cannot create a normal network connection. However, IP spoofing is an integral part of

many network attacks that do not need to see responses (blind spoofing).



Detailed Overview of the attack

The heart of network connectivity over the internet is based on the TCP/IP protocol which collectively describes how a connection is established and how the data will be transmitted over the network . Here I will briefly tell the aspects of IP and TCP that are exploited in order to perform the attck.

Here are the models of TCP and IP headers.

Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.

Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijackig or host impersonating.

IP spoofing in brief consists of several interim steps;

• Selecting a target host ( or victim).

• The trust relationships are reviewed to identify a host that has a “trust” relationship

with the target host.

• The trusted host is then disabled and the target’s TCP sequence numbers are sampled.

• The trusted host is then impersonated, the sequence numbers forged (after being

calculated) .

• A connection attempt is made to a service that only requires address-based

authentication (no user id or password).

• If a successful connection is made, the attacker executes a simple command to leave a

Backdoor.

Some Common IP spoofing Attacks

Blind spoofing

It is the most sophisticated attack in which the sequence and acknowledgement number are to be determined randomly . The attacker tries to send random packets to the victim in order to examine the pattern of sequence numbers . Modern operating systems use random sequence number generation techniques which makes it very difficult to analyze the sequence and acknowledgement numbers by sending packets.



Non- Blind spoofing

This type of spoofing attack can be performed when both the victim and the attacker are on the same subnet . Then there is a plus point for the attacker as the acknowledgement and sequence number can be sniffed , and hence the hard work of calculating and analyzing them manually is removed.



Man In the Middle Attack

This attack is well understood with its name itself . In this type of attack two trusted sources are involved in a communication when the attacker spoofs the identity of one of the trusted sources . The attacker then controls the flow of communication between the two trusted sources and can even fool the recipient to give confidential information. The attacker can also manipulate the data transfer that is taking place between the two trusted sources.



Countermeasures to IP spoofing

The countermeasures to spoofing will totally depend upon the type of attack and the network setup. Still some of the basic features that can be implemented to prevent IP spoofing attack are by providing encrypted authentication , packet filtering at the router and implementing application based authentication .

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

Read More

Create your own customized RUN command

Tweet

The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’s location and double-clicking the executable icon. However, it only works for some of the inbuilt Windows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands for accessing your favorite programs, files and folders? Well, read on to find out the answer.

Creating the Customized Run Command

Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.

1. Right click on your Desktop and select New -> Shortcut.

2. You will see a “Create Shortcut” Dialog box as shown below

3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive (usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.

4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.

5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.

6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.

In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.

To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windows folder as usual. Now just type this short name in the Run dialog box to open the program.

DARKLORD!!

Read More

Woman got 152 Facebook friends tattooed on her arm

Yes , a woman got her 152 facebook friends tattooed on her arm , don't you think that unfriending will be too painfull !! .


I found this article on a technology website TechCrunch . Though the article is not much related to hacking and network security but I found it quiet of intrst to post it here on my blog .
You can find the original post on tech crunch website. 
Here is what the article says :

Social networks have contributed to the Arab Spring, people getting arrested for jokes, you name it.

Now one Facebok user has taken the social network to heart – or rather to her body. A woman in the Netherlands has had 152 profile images of her Facebook friends tattooed onto her arm.

You Tube user Suzyj87 now has a permanent collection of her friends right to hand, as it were. Who need a smartphone?

Of course the question begs – how does she add new friends, and what happens when she unfriends someone? Laser removal?

She said it said took months to get all the profile pictures onto her arm. I daresay.

Rapper T-Pain has been credited with the trend after he got a Facebook tattoo on his arm that read, ‘You don’t have to like me’ with a Like logo on it.

DARKLORD!!

Read More

Cyber terror - The new face of Terrorism !!

Tweet

The word "terror" is a familiar word for us but when it combines with the word "cyber" then it adds a new dimension to it . "Cyber terror" is a new hand of terror which now has become a global threat 


Cyberterrorism is a phrase used to describe the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.

The vast and coordinated cyberattack on Google, Northrop Grumman and numerous other American companies demonstrates again that technology not only empowers us to create new and wondrous things but democratizes the ability to be nefarious and destructive. Governments and businesses across the free world must grasp the magnitude of the threat, aggressively retool to counter it and address it without compromising the individual freedom and privacy that the Internet has made possible.

Every day, thousands of malware variants attack and infiltrate our national cyberinfrastructure. The attacks on Google exposed a major problem of online globalization: Anyone can become a spy. 

Unlike in movies, a foreign government no longer needs secret agents to obtain valuable secrets. Today, teenagers armed with nothing more than a personal computer can cripple the networks of our governments, financial institutions and largest corporations, while eating pizza at a local Internet kiosk.  

For governments and businesses, the urgent challenge is to apply the technical infrastructure crucial to protect computer networks and their sensitive information. Technology that guards against cyberattacks requires two capabilities: rapid attribution analysis and response; and protection of privacy and civil liberties without compromising trade secrets or commercial interests.

There are already products that meet these requirements, but this vital infrastructure is missing from the organizations that need it most.

A key challenge of preventing and responding to cyberattacks is what experts call “attribution.” Security operations must determine, in a narrow time frame, who is attacking — and then be able to prove it. 

Cyberespionage can originate from a nation-state, a terrorist organization or a computer-savvy teenager sitting in his or her bedroom. Discovering the actors, or network of actors, responsible is often extremely difficult. However, it is essential in order to determine the appropriate response, and to the technology vendors asked to catalyze that response.

India and cyber terror

cyber terrorism is the next big form of terrorism that India is likely to face, says the Intelligence Bureau. Already, the agency has issued numerous warnings on cyber attacks. The first signs of tech-savvy terrorists came to light during the serial blasts that rocked the country a year ago. The question, however, is how geared up are we to face the threat?The immediate threat to India is from our immediate neighbours, Pakistan and China. According to the IB, China may try and destabilise our economy by launching attacks on our banking sectors. Pakistan, on the other hand, may attack essential commodity-related services instead. 

Reports indicate that for a terrorist organisation, the easiest way to launch an attack on India would be through the cyber route. It is high investment, but it saves them the trouble of manpower on the field and the impact such an attack could cause is immense.

IB reports also suggest that terrorist organisations could start an Internet war by hacking into websites and sending out viruses to destabilise the enemy nation. The forms of cyber assaults would include cyber vandalism, destruction of essential commodity-related sites (ESCOMs) and phishing.

The cyber war on India is likely to be fought in three stages. First the enemy would bring down the control systems of defence installations, Parliament, railways and airports. Secondly, they would look to attack financial services such as banks and stock markets. Finally, ESCOMs and other utilities services will be taken over.
It will surely create a lot of panic and if they succeed, it could cause a lot of destruction since it would take days before the services actually recover.

Although Pakistan-based terrorists will prove lethal, the worst attack could come from China through the use of the Distributed Denial of Services attacks. In a DDOS attack, the bandwidth of a targeted system is flooded. They keep attacking other systems by multiplying and creating a botnet.

India has had its share of such attacks, but they have not been on a large scale as yet. The sector that has been targetted the most through such an attack is the telecom sector, but they have managed to survive it thanks to a strong infrastructure. However, companies have to constantly upgrade to be one up on the enemy.

What India needs to do?

A combined effort is needed to counter the cyber threat, say experts. Also, cyber crime police stations need to be revamped soon.
 The Ministry of Finance too has upgraded its infrastructure to prevent cyber strikes. They have introduced a two token system, which mandates that a person carry with him a normal password and also a token that generates pin codes in real time. While logging-in the person will have to apply both.

Sources also point out that in key areas such as defence sectors, the use of a personal laptop has been banned. Only few laptops have been connected to both intranet and Internet.
There is a legal side to the problem too. Experts point out that if India needs to cater to this problem it cannot do so on its own. It will need the help of other countries. However, India is not a signatory to the 45-nation international convention on cyber crimes. Moreover, India still awaits a legal framework on cyber attacks.

Read More

Booting Operating systems from pendrive - An easy guide

Tweet

There is a common problem that we all face with our laptops is that the optical drives stop working . Almost all brands of laptops have a maximum span of 1.5 to 2 years for the optical drives ( evenless in many cases) .
So there is always a problem when you want to install a new operating system from a bootable disk .
I have been trying to install the BACKTRACK 5 operating system on my system but I too faced the same problem that my optical drive is not working and currently i m not in budget to replace it .
So i went on to try and boot up through the usb pen drive .

I am posting two different methods . First is for girls and lame users which is a ready made software that creates your pendrive bootable and copies all the files from the image onto the drive. All you have to do is to change the boot order of your BIOS to boot from the USB.

Second method is for the guys who want to know the indepth working of the entire process . We will create a bootable pendrive from command prompt .

First Method


Here is the software that will solve your purpose of making pen drive or flash drives bootable . 
Simply download it and follow the on screen instructions .
You should have an image file of the operating system you want to boot  and upon restarting your computer you will have to change the boot order to USB drive .


DOWNLOAD


Second Method


Now in this method we will create a bootable disk from command prompt . There are a series of commands that you have to follow to make ur pen drive bootable .
After this you can boot any operating system from your pen drive and install it or run as a bootable OS.

In this example i am considering that my pen drive name is disk i:

go to run and type "cmd" and right click it to "run as administrator"

start entering the following commands in a sequence

• diskpart
• list disk
• select disk 1  (considering that in the list of disks your pendirve is disk 1 or choose accordingly)
• clean
• create partition primary
• select partition 1
• active
• format fs=ntfs
• assign
• exit

After following these steps you just have to copy the setup files on your pen drive either from an image file or from where ever you have stored . Just restart and set the boot option to boot from USB drive.

Add your comments and troubles below.

DARKLORD!!

Read More