Click it, share it & have fun...
Mirror link will redirect you to your own profile page. If you share the link with your friend, when he/she click on it, it reopen his/her page. Just like am mirror, it reflects user's own profile.
Click it, share it & have fun...
A new variant of the Ramnit worm has managed to steal log-in credentials for several thousand Facebook accounts, most of which were from the United Kingdom and France, according to researchers at Seculert. Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and associated email addresses.Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report [PDF] estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.
Trusteer previously reported in August of last year Ramnit gained the ability to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks.” Seculert, using Sinkhole, found that 800,000 machines had been infected with the worm in the last quarter of 2011.
All email communications on the internet are possible by two protocols:
1) Simple Mail Transfer Protocol (SMTP port-25)
2) Post Office Protocol (POP port-110)
E-Mail hacking consists of various techniques as discussed below.
1) EMail Tracing :- Generally, the path taken by an email while traveling from sender to receiver can be explained by following diagram.
Sender's Outbox----->Source Mail Server----->Interim Mail Server----->Destination Mail Server------>Destination Inbox.
The most effective and easiest way to trace an email is to analyze it's email headers. This can be done by just viewing the full header of received email. A typical email header looks something like this:
From Barr Thu Jan 3 05:33:26 2008
X-Apparently-To: email@example.com via 126.96.36.199; Thu, 03 Jan 2008 05:25:38 +0530
Authentication-Results: mta113.mail.in.yahoo.com from=destatis.de; domainkeys=neutral (no sig)
Received: from 188.8.131.52 (HELO dsl-189-160-34-89.prod-infinitum.com.mx) (184.108.40.206) by mta113.mail.in.yahoo.com with SMTP; Thu, 03 Jan 2008 05:25:38 +0530
Received: from dvapa ([220.127.116.11]) by dsl-189-160-34-89.prod-infinitum.com.mx with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jan 2008 18:03:26 -0600
Date: Wed, 2 Jan 2008 18:03:26 -0600
From: "Barr" <firstname.lastname@example.org> Add to Address Book
User-Agent: Thunderbird 18.104.22.168 (Windows/20070728)
Subject: angel rubberneck
Content-Type: multipart/related; boundary="------------030604060204000701040304"
The above email header gives us the following information about it's origin and path:
a) Sender's email address :- email@example.com
b) Source IP address :- 22.214.171.124
c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx
d) Email client :- Thunderbird 126.96.36.199
There are lots of ready-made tools available on the internet which performs email tracing very effectively and shows exact geographical location for email sender on the world map.
Recommended Tools :
Download from the above link & enjoy!!!
Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.
The most common input validation attacks are as follows-
1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.
To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.
Here’s the buffer test, calling on Perl from the command line:
$ echo –e “GET /login.php?user=\
> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \
nc –vv website 80
This sends a string of 500 “a” characters for the user value to the login.php file.
Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.
2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-
We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:
This displays a custom access denied page that says, “Invalid password”. Seeing a string
on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:
That is, place the script tags on the URL.
4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports' or 1=1--
B.Tech. (Software Engineer),
Help Us To Grow