Find out what I'm doing, Follow Me :)

Wednesday, June 27, 2012

A look inLeaside Leap Motion, the 3D gesture control that's like Kinect on steroids

Leap Motion's not the household name Kinect is, but it should be — the company's motion-tracking system is more powerful, more accurate, smaller, cheaper, and just more impressive. Leap CTO David Holz came by the Verge's New York offices to give us a demo of the company's upcoming product (called The Leap), and suffice to say we're only begrudgingly returning to our mice and keyboards.

 The Leap uses a number of camera sensors to map out a workspace of sorts — it's a 3D space in which you operate as you normally would, with almost none of the Kinect's angle and distance restrictions. Currently the Leap uses VGA camera sensors, and the workspace is about three cubic feet; Holz told us that bigger, better sensors are the only thing required to make that number more like thirty feet, or three hundred. Leap's device tracks all movement inside its force field, and is remarkably accurate, down to 0.01mm. It tracks your fingers individually, and knows the difference between your fingers and the pencil you're holding between two of them.

Holz showed off a number of different use cases for Leap Motion's technology. The simplest thing it can do is simulate a touch screen, so you can interact with any display as if it were touch-enabled — we were slicing pineapples in Fruit Ninja in seconds, without a moment of extra development or additional software.
Developers that do take advantage of the Leap's SDK will be able to do much more, however, and the possibilities appear to be limited only by your imagination. All kinds of different apps are being developed: some could improving remote surgery, others allow easier navigation through complex models and data, and others might put you square in the middle of a first-person shooter. It's like holding the Mario Kart steering wheel, but on a whole new level.

 ather than mapping particular gestures (cross your arms to close the app, draw a circle to open a new window), Holz said developers are being encouraged to provide constant dynamic feedback. No one needed to be taught what pinch-to-zoom meant — it's the natural thing to try and do on a touchscreen, and as soon as you start pinching or spreading it becomes clear what happens. That's the paradigm for the Leap, Holz says: you should always be able to just do something, and the app or device should respond.

 Leap Motion's plans are huge (Holz mentioned a few times wanting to totally upend traditional computing methods) but the company's playing its cards close. The Leap will cost $70 when it's released — sometime between December and February — and Leap Motion is also working with OEMs to embed its technology into devices. The Leap is about the size of a USB drive, but Holz says it could easily be no larger than a dime, so adding it to a laptop or tablet shouldn't be difficult.

Developers are apparently beating down the company's doors for access to the technology — Holz said thousands of Leaps will be given away in the next few months, before it's released to the public. That's no surprise: after only a few minutes of cutting fruit, scrolling around maps and webpages, and navigating through huge 3D spaces, all without ever touching a thing, we're pretty sure we've seen the next big thing in computing.
The natural comparison to any motion control is Minority Report, an imagined future everyone seems to desperately want to come true. We asked Holz about the comparison, and if Leap Motion's technology meant we'd all have Tom Cruise's awesome PreCrime dashboard in the future.
"No," he told us. "It'll be even better."

How To Remove Facebook Virus Posting On Your Friends Walls

If you are facing the problem with automatic (nude) video posts on your friends walls, it is being done through the extension installed on your browser.
So the solution to remove this facebook virus is to remove / uninstall the extension. Extension is named “YouTube Premium“.
Google Chrome: Goto Tools > Extensions and remove the extension  â€œyoutube premiumâ€�
Mozilla Firefox: Goto Tools > Addons > Extensions and remove the addon “youtube premium�
Hopefully this will resolve the issue of facebook virus posting nude video link on your friends walls from your name!
and yes next time think twice before clicking on such links.

Saturday, March 3, 2012

BackTrack 5 R2 released with new Kernel, added new tools

BackTrack 5 R2 has been released. BackTrack is a popular operating system which is used by hackers and security reseachers. This operating system comes with all the penetration testing and hacking tools so it gives an advantage to security researcher.
This new updated version added a new kernel with many bug fixes. It also comes with 42 new tools which is a good news for security researchers. his release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF, and many other tool upgrades.
Backtrack also following new tools to R2:

  • arduino
  • bluelog
  • bt-audit
  • dirb
  • dnschef
  • dpscan
  • easy-creds
  • extundelete
  • findmyhash
  • golismero
  • goofile
  • hashcat-gui
  • hash-identifier
  • hexorbase
  • horst
  • hotpatch
  • joomscan
  • killerbee
  • libhijack
  • magictree
  • nipper-ng
  • patator
  • pipal
  • pyrit
  • reaver
  • rebind
  • rec-studio
  • redfang
  • se-toolkit
  • sqlsus
  • sslyze
  • sucrack
  • thc-ssl-dos
  • tlssled
  • uniscan
  • vega
  • watobo
  • wcex
  • wol-e
  • xspy

Tuesday, February 7, 2012

How to fix TeamViewer (Commercial use)

I saw that many users having problem with Team Viewer commercial use, so i decided to make a post on how to fix this problem

Here are the quick steps to get rid of “Commercial Use Suspected” warning and continue to use the teamviewer as a free version. The instructions specified here, are intended for educational purposes only. Never use teamviewer for commercial purposes without proper license.

Teamviewer Commercial Use Suspected Warning Message : 

image_2313908.original.jpg (597×179) 

Step 1 : Close teamviewer if its running on your pc

Step 2 : Click Windows Start > Run and Type %appdata% now find teamviewer folder and delete it.

image_2313909.original.jpg (583×295) 

image_2313910.original.jpg (584×257) 

Step 3 : Beware, This step is very important and you have to follow instructions with caution. 
Click Windows Start > Run and enter “regedit” and click OK. 
Find the registry entry located at HKEY_LOCAL_MACHINE > SOFTWARE > teamviewer and remove the teamviewer registry folder.  
image_2313911.original.jpg (584×289)
image_2313912.original.jpg (582×275)

Now restart the computer, run teamviewer and connect with anyone else remotely.
There is no more pop-up's of Commercial Use Suspected warning and its gone now.
Enjoy !!

Monday, February 6, 2012

Root & Unroot Galaxy ace S5830

Getting the ROOT of the rights and removing them to the Galaxy Ace Samsung GT-S5830 IRoot Instructions for obtaining the right:
 1. Download the file
2. We throw it in the root of the memory card
3. Turn off your phone
4. Hold buttons simultaneously and hold until the Recovery: Central + volume up
5. Get into the menu, Recovery, consisting of 4 items:
    system reboot now (reboot phone)
    apply update from sdcard (install update)
    wipe data / Factory reset (reset to factory settings, removed all of the phone
    (memory card not touch))
    wipe cache partition (format the system partition / cache)
6. Choose item apply update from sdcard
7. Window appears select the update (memory card)
8. We choose our
9. Next Reboot system now (if, after installing reboot the phone itself, then this step is not necessary)
10. Done If all goes well, the menu icon should appear superuser

How to remove Root of rights:
1. Download the archive
2. We throw it in the root of the memory card
3. Turn off your phone
4. Hold buttons simultaneously and hold until the Recovery: Central + volume up
5. Get into the menu, Recovery, consisting of 4 items:
    system reboot now (reboot phone)
    apply update from sdcard (install update)
    wipe data / Factory reset (reset to factory settings, removed all of the phone 

    (memory card not touch))
    wipe cache partition (format the system partition / cache)
6. Choose item apply update from sdcard
7. Window appears select the update (memory card)
8. We choose our
9. Next Reboot system now (if, after installing the phone itself rebooted, 

    then this step is not necessary)
10. Done If all goes well, the menu icon should disappear superuser

 Zip files

Why Your Company Needs To Hack Itself more Remotely start your car using an Arduino
Credit: Blobug
This DIYer had a 1st generation iPhone lying around, so he decided to put it to good use.  You can use any phone to accomplish this, even a $10 prepaid phone.  An SMS to the iPhone goes through an Arduino which tells yours car to start or stop from anywhere.  There’s some custom circuitry and programming which is all included in the instructions. When a text message is sent to the iPhone, the iPhone tells the Arduino to start the engine, and the iPhone sends a message back reporting that the start has commenced.

An old jailbroken iPhone, an Arduino, iphone breakout board (I used a PodBreakout Mini) 4x 10k resistors, 1x TIP120, a 5 volt switching supply cell charger (easier than building one), some wiring ability and a general understanding of unix/perl/arduino.

The code:
You can get the code to make it all work here. (, com.SMSresponder.startup.plist and
SMSresponder is a perl script that runs in a loop. Every 30 seconds it checks for a new message since the last time it ran. place it in /var/root/bin/ (you’ll need to create that directory) as this is where the startup system looks for it. You can put it somewhere else, just edit the plist to match.

PHP security patch creates critical vulnerability
The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform.
The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP.

SecurityFocus classifies the issue as a design error because it was accidentally introduced while fixing a separate denial-of-service (DoS) vulnerability in early January. It affects a number of Web development platforms including PHP, ASP.NET, Java and Python and can be exploited in a so-called hash collision attack. The PHP development team addressed CVE-2011-4885 in PHP 5.3.9, which was released on Jan. 10.

Friday, February 3, 2012

Display a banner each time Windows boots

  1. Start -> Run
  2. Type regedit
  3. Go to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon
  4. Create a new string value in the right pane named LegalNoticeCaption and enter the value that you want to see in the menubar
  5. Create a new string value and name it LegalNoticeText. Modify it and insert the message you want to display each time Windows boots.

How Websites Get Hacked With FileUpload Vulnerability?

The vulnerability which we are about to demonstrate in my opinion is the number 1 reason why websites hacked and are exploited further to the server level. When a hacker performs a SQL Injection attack on a website he needs a way to get shell level access and install the PHP backdoor so he can touch other files on server or compromise the server itself if it's vulnerable. If we could secure our uploads and restrict our upload area so that they don't allow it does not allow the upload of other files instead of images we can protect our upload area.

However there is a problem, The PHP files can still be uploaded by various methods. The most common method is by renaming the PHP backdoor to the following and then uploading the shell.

However there is also a method to block the upload of the above files. But there is also another way to bypass it even if the uploading of the files name with the above extension is blocked. We will use tamper data for this purpose.

Step 1 

Install http live headers firefox extention, then go to the upload section. Open Live HTTP Headers and upload shell. Now if you try to go to the link where you have your shell uploaded it will give you error (only on some websites) so we will have to change that hidden .php.jpg extension into the .php.

So as we uploaded the shell and opened the Live HTTP Headers you should find where you have uploaded your shell. You will have to find the line where ti writes that you uploaded the shell. Select it and then click on button reply.

Step 2 - 

After uploading, find the directory where your fle uploaded, example if you uploaded it in images then it will be in http://website/images/shell.php. The rest of the steps are self explanatory.

How To Protect Your Website from the FileUpload Vulnerability?

That's a separate topic and will be explained in a separate post. However for now I would recommend you to install a third party fileuploading service, Where the file get's uploaded the fileuploading service's server not yours.

Bring Back Default IE logo

Your browser logo shows something other than the IE logo. Maybe you have installed your ISP software and you have a different logo on the top right. How do you remove it?
  1. Close all browser windows
  2. Start -> Run
  3. Type RunDLL32.EXE IEdkcs32.dll,Clear
  4. Click on OK, and start Internet Explorer. You should find the old spinning IE logo.

Shutting down Windows the fastest way

  1. Start -> Run
  2. Type rundll.exe user.exe,exitwindows

Thursday, February 2, 2012

Local File Inclusion Vulnerability Demonstration - Shell Upload

Local file inclusion is a very popular web application attack, It was very common few years back. However now a days you will rarely find websites vulnerable to this attack. However a single vulnerability can result in getting your website compromised. We have already written an article on Directory transversal attack. Therefore I believe that we need no to go in details about the attack. You might know avinash by now the author of the previous article How Hackers Are Hacking Into Websites On Shared Hosts. However in this article he will demonstrate a local file inclusion vulnerability and he will enhance the attack by uploading a shell on the website.

Here are some of the common parameters which are vulnerable to local file inclusion or remote file inclusion attacks.



1) A Vulnerable Website
2) Remote shell ( )
3) User-Agent switcher ( )
4) Mozilla Firefox

The first thing which a hacker will do while finding a LFI vulnerability is to locate the /etc/passwd file. This file indicates that a local file inclusion vulnerability is present in the website. The image below explains the whole story “root” is the username, followed by “x” which happens to be the password, however here it’s shadowed, which means that it’s present is /etc/shadow file. Which is only accessible when you have root privileges.

Next the hacker will check for /proc/self/environ. So change your path to /proc/self/environ/. The /proc/self/environ/ page should look something like this if the file exists, not all sites have it.

Once the local file inclusion vulnerability has been identified , the hacker will try to perform remote code execution and try to some how to further acesss. This can be done by uploading a PHP backdoor. For that purpose a commonly used tool is Useragent switcher. Which can be downloaded from the link above.

The hacker edits the useragent and changes code inside to the user agent to the following:

Select your User-Agent in Tools > Default User Agent > PHP Info (Or whatever you User Agent is called)

After refreshing the website, He then searches for the keyword "disable_functions" (Ctrl+F Search function)

disable_functions | no value | no value

The above function tells us that website is vulnerable to remote code execution and now we can upload the PHP backdoor. On the finding that the website is vulnerable he then tries to upload the shell by using the following command:

Where the above code uploads a PHP backdoor in a text form and later renames it to .php. Now the shell has been successfully uploaded. Once the PHP backdoor has been uploaded it will look like the following:

How To Be Protected?

We will cover it in our upcoming posts. If you are worried about your website's security and would like me to carry out a vulnerability assessment of your website. Feel free to contact me.

Hacker Uses XSS and Google Street View Data to Determine Physical Location

Wednesday, February 1, 2012

Christopher “moot” Poole: The case for anonymity online

How Hackers Are Hacking Into Websites On Shared Hosts - Symlink Bypass Explained

You might have noticed a tremendous increase number of hack attacks on wordpress, joomla blogs and other content managing systems. What the hackers are doing is that instead of targeting the CMS itself meaning wordpress or joomla. They are targeting a vulnerable website on a server, Once they gain access to a single vulnerable website on the server, They upload a shell and with a method called "Symlink Bypass". They manage to extract the configuration files of another website hosted on that same server and later on using a simple MySQL interface they connect to that website.

Avinash, a security student and researchers will explain step by step how hackers hack into websites on shared host with the method called Symlink bypassing.

What Is Symlink Bypass?

Well, I would not like to go into much detail. However for your understanding all you need to know is that symlink is a method to refrence other files and folders on linux. Just like a shortcut in windows. Symlink is necessary in order to make linux work faster. However symlink bypassing is a method which is used to access folders on a server which the user isn't permitted. For example the home directory can only be accessed by a root level user. However with symlink bypass you can touch files inside home directory.

Step 1 - The hackers searches for a vunerable website on a server. A hacker can get list of domains on a webserver by doing a reverse iP lookup.

Step 2 - Next the hacker hacks into any vulnerable website on the server and upload a PHP shell.

Step 3 - The above picture demonstrates two files one named .htacess and the second named jaugar.izri being uploaded to the server. Here is what Jaugar.izri looks like when it's made public by adding 0755 permissions.

Step 4 - The hacker connects to the izri script and then gives the following commands

mkdir 1111
cd 1111
ln -s / root
ls -la /etc/valiases/(

The first command creates a directory named 1111(Mkdir 1111). The next command navigates to the directory(cd 1111). The third command creates the symlink of the root. The fourth command will extract the user name of the website you put in place of 

The target website is entered in ls - la /etc/valiases/

The above screenshot explains the whole story. The hacker then navigates to the "1111" directory and the configuration file of the target website is created there. The hacker downloads the configuration files and uses the information to access the database and there he can make any changes

Tuesday, January 31, 2012

How To Deal With Insider Threats?

The biggest threats to IT security don’t originate from outside a company. Employees, contractors, and business partners on the inside pose a far greater security risk. As long as your current or former staff and associates have access to your internal network, you are vulnerable to a security breach.

Here’s how to deal with the real and significant threat of attack from insiders, and avoid the widespread damage they can unleash on your company’s finances and reputation.

First: Assess the Risk

For most firms, implementing full protection against every possible threat is not feasible. It makes more sense to assess the risk, determining which data is critical and which is relatively unimportant. Protect critical resources first.

Next, decide who needs access to the network. Make sure that individuals such as partners, suppliers and contractors have access only to the information they need to serve your company or customers.

The third step in assessing risk is determining who are the potential threats, why they would want access to the network, and how they could gain entry. At this stage, many organizations only consider external threats: competitors, random hackers or former employees. Don’t neglect analyzing your insider threats, as well – including the staffers tasked with protecting the system.

Once you’ve uncovered vulnerabilities, you can take steps to prevent an insider attack.

Implement Preventative Measures

Among the best practices for preventing insider threats are:
  • Institute clear policies and controls; be sure all employees are aware of acceptable network use and what constitutes a breach.
  • Enforce policies consistently; maintain proper paper trails.
  • Implement security awareness training; reinforce its importance.
  • Segregate duties to reduce risk.
  • Encourage employees to come forward and identify suspicious behavior, malicious insiders, threats against the company or attempts at exploitation.
  • Implement proper system administration safeguards on critical servers.
  • Monitor trusted users.
  • Audit access to customer information.
In addition, you’ll want all the usual technical protection against spyware, malware and viruses, firewalls, and regular security patches. Consider securing the physical space as well, with entry and exit controls and badges to monitor employees, delivery people and visitors. You want to hire security personnel to discourage criminal activity.

Finally, Know Whom You’re Hiring

Failing to thoroughly check out a potential hire leaves a company vulnerable to insider threats. It goes without saying that thorough background checks are necessary for any prospective new employee who will have access to sensitive information, from customer credit card numbers to crucial application source codes. But for better protection, extend that practice to all employees and contractors.

Background checks should include a criminal history report, a credentials check and a credit check. Hiring managers should verify past employment and speak to former employers regarding the applicant’s history of dealing with workplace issues. Any information gathered should be part of the decision-making process.

Monitor Employee Behavior

Once an employee is hired, be sure supervisors are tasked with reporting any strange or inappropriate behavior. Compare such incidents to systems logs to determine if anything unusual is happening. And remember to enforce all security policies. If employees learn they can get away with small violations, they may be emboldened to move on to bigger and more lucrative security breaches.

Be Aware and Vigilant When Dealing With Insider Threats

Whether they modify data, steal critical codes, sell company secrets or commit payroll fraud, insiders are the biggest security threats a company will face. While there is always an element of risk, you can decrease information system vulnerability with these common sense steps. Most importantly, by being aware and vigilant, you’ll be better prepared to avoid the losses that far too many organizations suffer at the hands of trusted insiders.

As more companies move more of their businesses online we should expect to see more threats. Formal IT security training can help defend against these threats. Consider Villanova University’s online programs such as their CISSP certification prep courses

How to easily add your app to your page on Facebook

You must be familiar with beautiful landing pages on Facebook. A lot of companies these days have set a default landing page for their Facebook like page that looks beautiful and in most of the cases, very interactive too. You can also create a Facebook landing page by creating a HTML page on a directory within a website and then embed it to a canvas on Facebook. You can then add the canvas to a fan page on Facebook where it appears as a separate tab. If you are a Facebook developer, you must have noticed that recently, the option for adding a canvas to a page on Facebook has disappeared. But don’t worry, there’s a neat little trick for adding a canvas to any Facebook page, even if the option for adding it is missing on the interface.

The option previously used to appear on the Canvas Settings page for an app. You could then add it to any of the pages you admin by going to View App profile page and then to “Add to my page”. But now, the option is completely missing. However, you can do it with a direct link[your-app-ID]&pages=1

Facebook add app to pageYou can find your API key by opening the app settings from Facebook developers page. Replace the your-app-ID above with the app ID you just copied and follow the link. You will see options for adding the app or the canvas to your pages.
This enables you to add any app to a page you admin, even if the option isn’t available in the Facebook Developers section.

Monday, January 30, 2012

How Web giants store big - and we mean big - data
Credit: Arstechnica
Consider the tech it takes to back the search box on Google's home page: behind the algorithms, the cached search terms, and the other features that spring to life as you type in a query sits a data store that essentially contains a full-text snapshot of most of the Web. While you and thousands of other people are simultaneously submitting searches, that snapshot is constantly being updated with a firehose of changes. At the same time, the data is being processed by thousands of individual server processes, each doing everything from figuring out which contextual ads you will be served to determining in what order to cough up search results.
The storage system backing Google's search engine has to be able to serve millions of data reads and writes daily from thousands of individual processes running on thousands of servers, can almost never be down for a backup or maintenance, and has to perpetually grow to accommodate the ever-expanding number of pages added by Google's Web-crawling robots. In total, Google processes over 20 petabytes of data per day.
That's not something that Google could pull off with an off-the-shelf storage architecture. And the same goes for other Web and cloud computing giants running hyper-scale data centers, such as Amazon and Facebook. While most data centers have addressed scaling up storage by adding more disk capacity on a storage area network, more storage servers, and often more database servers, these approaches fail to scale because of performance constraints in a cloud environment. In the cloud, there can be potentially thousands of active users of data at any moment, and the data being read and written at any given moment reaches into the thousands of terabytes.

Malicious MIDI files lead to rootkit malware
A Windows Media remote code execution flaw that has been patched in the last Patch Tuesday is being exploited by attackers in the wild to deliver malware to the targets' computer, warns Trend Micro.
The victims are lured to a malicious web page (http://images.{BLOCKED}, which hosts a specially crafted MIDI file and JavaScript.

The page's HTML file calls upon the MIDI file to trigger the exploit, and the JavaScript decodes shellcode that is already embedded in the HTML file. Upon execution, the shellcode downloads an encrypted binary from another site.

Sunday, January 29, 2012

iPhone 5 release details "leaked"
Credit: Tech Radar
An employee for Foxconn in China has reportedly stated production of a device dubbed the iPhone 5 is about to go into production.

The source also revealed to 9to5Mac there are several sample handsets doing the rounds, but all differ slightly from each other. It is not clear which, if any, is the final device.

Some similarities between all the samples have been noted, including a screen which is 4-inches (or larger) in size, a different form-factor – hinting that Apple is going to move away from the 4/4S design and the devices are longer and wider than previous iPhones.

Computer Coding: Not for Geeks Only
The Web-based backlash against the Stop Online Piracy Act, a bill aimed at taking down overseas distributors of copyrighted movies and music, was much like the Internet itself: decentralized, anarchic, and powerful enough to help persuade Senate Majority Leader Harry Reid (D-Nev.) to shelve the bill on Jan. 20. There was no official slogan for the public pushback against perceived government meddling with the Web, but the unofficial one might have been a headline that appeared on the online magazine Motherboard: “Dear Congress, it’s no longer ok to not know how the Internet works.”

A growing number of people agree that not only should Congress understand how software is made, so should everyone. Designers, economists, doctors, and others with no direct connection to the technology world are embracing coding as a way to advance their careers, automate boring tasks, or just a means of self-improvement, a hobby like learning Spanish or doing crossword puzzles. And they have access to an expanding universe of free online coding tutorials from startups and universities such as Stanford and Massachusetts Institute of Technology. Programming is becoming “a much more fundamental piece of knowledge, similar to reading or writing,” says Andy Weissman, a partner at New York’s Union Square Venures, which led a $2.5 million investment round for Codecademy, a site that teaches people basic programming skills.

Monday, January 23, 2012


Today I’m going to discuss cool and sweet looking chat tweak which you can use to attract the receiver and force him to reply to you so this is known as Colorful Alphabets Emoticons in my language you can call it anything which fits you well the preview is below I just wrote Techruin  in my friends chat window and you can write anything combining codes below.
Now as you can see how beautiful it looks when you will this kind of message to your friends. So now if you like this thing and you wanna start a colorful alphabets emoticon chatting than you wanna use below code for different alphabets mentioned. So whenever you paste code for any alphabet and you hit enter you will get colorful alphabets like above. So copy codes from below and start chatting and enjoy chatting.

[[107015582669715]] = A                                
[[116067591741123]] = B
[[115602405121532]] = C
[[112542438763744]] = D
[[115430438474268]] = E
[[109225112442557]] = F
[[111532845537326]] = G
[[111356865552629]] = H
[[109294689102123]] = I
[[126362660720793]] = J
[[116651741681944]] = K
[[115807951764667]] = L
[[106596672714242]] = M
[[108634132504932]] = N [[116564658357124]] = O
[[111669128857397]] = P
[[107061805996548]] = Q
[[106699962703083]] = R
[[115927268419031]] = S
[[112669162092780]] = T
[[108983579135532]] = U
[[107023745999320]] = V
[[106678406038354]] = W
[[116740548336581]] = X
[[112416755444217]] = Y
[[165724910215]]      = Z

Saturday, January 21, 2012

Fix the Package System is Broken error in Ubuntu 10.04/10.10 Maverick Meerkat

This brief tutorial will show you how to fix ‘The package system is broken’ error in Ubuntu Lucid or Maverick. Sometimes when you’re installing programs in Ubuntu and all dependencies are not installed, your package system would get corrupted and you won’t be able install new programs or packages. This will help you fix that.

Getting started:

Below is the image of the error you’ll get when your package system is broken.


To fix it, go to System –> Administration –> Synaptic Package Manager.


Then select ‘Custom Filters’ on the left menu.


Next select ‘Broken’ on the left and you’ll then notice package(s) with the red exclamation marks.


Right-click each package and select ‘Mark for Complete Removal’.


Then click ‘Apply’ to apply the change. When prompted again, click ‘Apply’ to remove them.




Thanks for reading and please come back soon.

Friday, January 20, 2012

Facebook chat phishing attack impersonates Facebook security team

A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.

The attackers replace the profile picture of compromised accounts with the Facebook logo and change their names to a variation of "Facebook Security" written with special Unicode characters, said Kaspersky Lab expert David Jacoby in a blog post.

Facebook claims that changing the profile name can take up to 24 hours and is subject to confirmation. However, in Jacoby's tests the change occurred almost instantly and required only the password. This was also confirmed by a victim whose profile name was modified within 5 minutes of their account being compromised, he said.

Monday, January 2, 2012

How To Find Vulnerabilities in PHP Applications - PHP Vulnerability Hunter

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool that can elicit a wide range of exploitable faults in PHP web applications. Since most of the webapplications now a days are on PHP, therefore PHP applications have been one of the major target of hackers, PHP Vulnerability scanner is the same tool that helped detect most of the web application vulnerabilities listed on the advisories page.

Like all the best tools in the world, this also needs little or no configuration at all, and doesn't require a user specified starting URI. So, you can begin scanning as soon as you download and install this software.

The tool itself runs on a pretty basic mechanism. At the core of the PHP Vulnerability Hunter scan algorithm is dynamic program analysis. It analyzes the program as it’s running to get a clear view of all input vectors ergo better code coverage leading to greater confidence in code security.

This new version brings to us many improvements such as:
  • Added code coverage report
  • Updated GUI validation
  • Several instrumentation fixes
  • Fixed lingering connection issue
  • Fixed GUI and report viewer crashes related to working directory
And its key features include:
  • Automated input vector discovery
  • Integrate fault detection
  • Minimal configuration
  • Proven effective.
Download PHP Vulnerability v1.1.4.6