Monday, October 8, 2007

Orkut Hacks

As I'm Orkut user I like these sites and Orkut hacks on it, the following are some of my collection regarding Orkut hacks

1) Zeetab(Orkut Star) - Computer World, Orkut Computer Tips and Tricks, Free Sms, Wallpaper, Mobile Software Game Ringtone Themes, Free games, Orkut Software, Bollywood wallpaper, MP3, FM Rradio and many more

2) Thisisorkut.org (TIO) - This Is Orkut (T.I.O) was created to provide more info and help tracks to Orkut users for their convenience. Easy to use Java Scripts, Online Toolbars, Help References, Trouble shooters, and lot more....

3) CrazySouls.com - Crazy souls have created many orkut scripts and they are really useful and working. Not only scripts they also profide stuffs for MSN, Cheets and many more

4) Trickfriend.com - Here, on this website, you will find tips and tricks that will help in making your life easier on Orkut. This webpage also contains many sftware related to Orkut

5) Tools Home - This site is developed by 15 yr Old boy, this site contains some cool stuffs and software

6) ScrapMania.com - This site provide services like Messages, Generators, ASCII Art, Bar Arts, Images, Emotions, Smailies and many more

7) Orkut Underworld - This is blog which have awesome collection of orkut tips and tricks, softwares and many more. In short simple blog but useful blog

8) Orkutrix.com - In the world of Orkut tricks! You find only GENUINE and popular orkut tricks and scripts here. Browse through the menu for those tricks but they also provide some hacking tricks of orkut

9) InsideOrkut.com - According to me this is the best of all because this website posts all the current information in orkut, this website is very useful for begineers and also for everyone

10) OrkutPlus! - Orkut plus is really a Plus to Orkut they are providing Best Compilation of Orkut Hacks, Tips-Tricks and Cheat Scripts ! as they are publishing

11) Devils workshop - This blog contains not only tips and tricks for Orkut it also having some best collection for My space, You tube, Google, Ad sense, and many more. More over I like the labels cloud on that blog

12) Digital Me - this blog just started before 2 months but it contains wide range of softwares, Java scripts, GM scripts, etc..

I'm still having many collection of website but this dozen of sites will do all what you want to known about orkut, so it wont be useful even if I provide more, from this website you can communication in orkut reaches next generation

Enhance Your Mobile Pics

Mobile Phones with camera are widely available, even inside the budget range of 5K, everyone uses it these days, however hardly any one enhances them. I am making this tutorial for everyone who wants to enhance their photos taken from mobile phone.

1) Make sure there is enough light in the area. Sometimes even if you are inside a room with tube light, the light is not enough for a Mobile Phone's camera, in that case, turn on night mode & reduce the white balance.

2) Don't move the cam while taking picture. When you click for a photo, you hear the sound now that is not the exact time when the pic is taken, it takes like half a second more for the real frame to capture. So click on the button, but do not move the cam or the subject, till you see the final pic on the screen. This is because the shutter speed in Camera phones is never as fast as dedicated digital cameras. They cannot be made that fast

3) Do not take full 2 MP or 3 MP pics, unless u have enough light. Like either you are outside somewhere, in a park or market, as there is lots of sunlight. When inside somewhere like a room, take pics at 640X480 or 1.3 MP. The thing is the mobile cams change dark colors to Hotspots, also known as grains or noise. Take a photo in low lights & you will see yourself that maximum noise appears at black color spots

These were tips when taking pics, now to enhance them in computer, you need to learn a bit of Photoshop.

1) Start Photoshop, open the image. Now go to Image menu ->Adjustment->Auto color, for the simplest method.

Advanced method = Apply auto color correction like above. Now make the base locked layer, an open layer. In the layer palate the base layer is locked & named "background". Double click on it & make it a layer. Now drag this layer to the “New layer button” in the layer palate at the bottom, to make a new layer by the default name of “Layer 0 copy”.

Look just above there is a menu with normal as the default selection. If your images are underexposed, like a bit dark, then select the new layer & from the “normal” menu just above the layer palate, select “Screen” & then set the “fill” accordingly as desired.

Now click on the spall circle next to the new layer button, which is half black & half white, to open another menu & select “Curves”. Now click on the line to create set point & set them accordingly as you desire for the color. Usually a slight S shape will do.

Now the second part:

Photoshop : Mobile Phone cam Noise Removal :

when one takes pictures from a low quality or MP based Digital cams or specially Mobile phones, U will notice noise in the image, it is in the form of pixels which are over-exposed, or much brighter then normal, these such pixels are called Hot Pixels, which are over-exposed, they usually appear in low light condition specially in the case of dark color like black, maroon, etc. This tutorial teaches you how to remove that, remember, noise is both subjective as well as required in some cases so use with precaution.

1) First off all you will need a plug-in called Noise Ninja for Photoshop; it can be downloaded from here. It is compatible with Photoshop 7 & CS, & all other software which accept Photoshop compatible plug-ins. Download it, it is a self extracting archive, I managed to remove all the extras as the help file is given in both PDF & normal html format, so I removed the extras & got the file size as low as 2.6 MB, but I cannot distribute it as such. Copy the noisenija_... folder to your Photoshop Plug-ins folder

2) Now open Photoshop, open any image you want to retouch, as a precaution, save it as a PSD first, go to Filters -> Picture Code -> Noise Ninja, this will bring the Noise Ninja plug-in settings windows, maximize if required

3) The left side windows shows the un-optimized, real image while the right side window shows the modified image, now click on the Profile Image button on the right side Click on the Profile tab. A profile characterizes the noise in different colors and tones for an image, in other words, automatically checks where & what settings should be applied. Make your choice from Luminance or Chrome, depending on your image

4) Now go to the filter Tab, here you will see sliders for , Luminance , Strength, Contrast & smoothness, noise removal is basically applying effective blur to the hot pixels only, You will see that the preview windows above is changed a bit, move the sliders in any direction to get the desired results. Donot forget to check the Coarse Noise checkbox. Do not use anything with the USM, (Unsharp mask), set it to 0 & set it accordingly later At the far right side U will see a button like <-, click to see what the image was & what it is now

5) Now, here comes the tricky part, if you think that some part of the image should be sharp as before, with noise, as I mentioned above noise can be subjective, so go to the Noise brush Tab, select Paint mask as the mode, to un-noise the image at the place where U use the brush, like if you have taken a pic of a Saree & with auto tweaking the embroidery is gone, you can use paint mask, to un-noise only the embroidery & leave the other smoothed part as such, you donot need to go to the other tabs, as they are for real pro guys, copyright etc, Click on Ok, when you are done

6) Now go to filter ->sharpen -> unsharp mask & Sharpe as required, this depends on what you are editing, human figure or objects, save the file, you are done.

As an example, I took a photograph of my keyboard from my k500i; it had some noise, but then edited it, mouse over above the image to check the real & modified image. One thing you should remember that this noise gets less as you use a high Mega pixel camera, however above 3 MP this noise is hardly visible even in RAW quality, so it is not like that U will get low noise with a 8 MP cam then a 3 MP cam, as noise also depends on a lot of other factors, shutter speed, lighting conditions...

Hide Any File Inside *.JPG Image File

Few months ago , USA Today story claimed that al-Qaeda operatives were sending out encrypted messages by hiding them inside digital photographs [jpg files] on eBay.

While the claim was never proved, it is very easy to hide [or embed] any other file[s] inside a JPEG image. You can place video clips, pdf, mp3, Office documents, zipped files, webpage or any other file format inside a JPEG image.

And when a suspecting user [read CIA, FBI] tries to open that jpeg file [with concealed information] in either a photo editing software or as a thumbnail inside Windows Explorer, it would be tough to make out if this camouflaged jpg file is different from any standard jpg image.

Let's say you want to hide a confidential PDF document from the tax investigation officers. What you can do is convert that file into a regular jpg image so even if anyone double-clicks this file, all he will see is a preview of the image and nothing else. And when you want to work on the actual PDF, just rename the extension from jpg to pdf.

Here's the full trick:

Step 1: You will need two files - the file you want to hide and one jpg image - it can be of any size or dimensions. [If you want to hide multiple files in one jpeg image, just zip them into one file]

Step 2: Copy the above two files to the C: folder and open the command prompt window.

Step 3: Move to the c: root by typing cd \ [if the files are in another folder, you'll have to change the prompt to that folder]

Step 4: The most important step - type the following command:

copy /b myimage.jpg + filetohide.pdf my_new_image.jpg

To recover the original PDF file, just rename my_new_image.jpg to filename.pdf.

Here we illustrated with an pdf file as that works with simple renaming. If you want to apply this technique to other file formats like XLS, DOC, PPT, AVI, WMV, WAV, SWF, etc, you may have to first compress them in RAR format before executing the copy /b DOS command.

To restore the original file, rename the .jpg file to .rar and extract it using 7-zip or Winrar.

That's it - No advanced Steganography tricks involved here.

Recover Corrupted Data From Hard-Disk

Ever had a hard drive get all corrupted by money and power? Or just overuse…

I found a good tutorial on how to recover your data from a corrupted hard drive, but it needed some tweaking so I moved some stuff around. This should be more efficient.

First things first, you need a new hard drive. It can be external if you want. But you HAVE to be able to mount it as a directory in DSL (damn small linux)

Now you need to borrow someone elses computer (cause yours is screwed right?).

Download DSL (damn small linux)

Just google “Damn Small Linux Download”, you’ll find it.
Got it? Good, now boot it.

after booting you will see the GUI of the DSL, run TERMINAL
and follow this command

*Note: this command will make you a super user in DSL

#sudo su

*Note: this command will mount you HDD on DSL

#mount /dev/hda1 /mnt/hda1

*Note: this command will check if your data is still on the HDD

#cd /mnt/hda1
#ls -al

Found any data? If not stop here and cry.

If yes move on.
Since you already have you new hard drive connected to your PC just run this command series.

#mount /dev/hdc1 /mnt/hdc1
#cd /mnt/hdc1
#mkdir backup

#cp -R /mnt/hda1/*.* /mnt/hdc1/backup

Friday, October 5, 2007

Password Cracking Revealed!


Password Cracking Revealed! -
Click here for more
hacking ideas


Why should you use strong passwords? This video shows how to crack windows passwords. It is only intended for educational purposes, to show you why it is important to usestrong passwords. Don't use this information illegally

Thursday, October 4, 2007

Google Brain



Xp Registry tricks II

Easy Text Size Change in Help & IE Tip:
I mentioned a way that you can change the size of the text that is display in the Help file and in Internet Explorer. As it turns out if you have a "wheel mouse," there is an even easier way to change the text size. In Internet Explorer or when viewing a Help file, simply hold the ctrl key while you spin the mouse wheel up to increase text size, or down to decrease text size.
Java VM: Java applets run in Internet Explorer 6 (a component of Windows XP) just as they run in older versions of Internet Explorer. The Java VM is not installed as part of the typical installation, but is installed on demand when a user encounters a page that uses a Java Applet. For more information see the Microsoft Technologies for Java Web site.


--------------------------------------------------------------------------------
Windows XP Shutdown and Power Off Tip:

On some computers, by default, Windows XP doesn't power off the computer when you tell it to shut down. However, if your computer is relatively new, it can probably by shut completely off by WinXP. To configure your computer for this behavior, simply open the Control Panel, open Performance and Maintenance, then Power Options. On the APM tab, check next to "Enable Advanced Power Management support," then click OK. The next time you choose "Shut Down" from the Start Menu, your computer should shut down completely and then power off.


Customize Explorer Toolbar Tip:



--------------------------------------------------------------------------------
Customize Explorer Toolbar Tip:

In Windows Explorer, you can customize the toolbar to make Explorer even more handy. The Toolbar is the bar of icons directly underneath the menu bar. It contains icons for going back, up one level, displaying folders or search, etc. You can right-click an open area of this Toolbar and choose Customize to change the order of these icons, and even to add new icons to it. For instance, I like to add the Map Drive and Disconnect buttons. In Windows XP, you may have to unlock the Taskbar before you can make changes in Windows Explorer.
Lock the Taskba - If you find that your Windows XP Taskbar keeps being changed, or moved to one side or the top of your screen, and you didn't mean to have it do that, this tip is for you. Once you have your Task Bar arranged the way you like it, in the right location on the screen, and with all the right toolbars and icons, you can lock it, so that it won't get changed accidentally. To lock the Taskbar, simply right click it and choose Properties. In the window that appears, check the box (click) next to "Lock the Taskbar." Now you won't accidentally bump the mouse and have your Task bar end up on another side of the screen.


--------------------------------------------------------------------------------
Check Personal Firewall Status Tip:

In the previous tip, I mention how to turn on Windows XP's Personal Firewall feature. But once you turn it on, your connection looks just the same as it did before. How can you check the status of the connection and the firewall? Simply open Control Panel from the Start Menu, open Internet and Network Connections, then Network Connections. By default the view is of large icons.
Click the View Menu, and choose "details" in order to reveal several more columns of information about the connections that your computer has. Check the Status column to see if your connection is currently connected, and whether or not it is "firewalled." You can even drag the column headings around (I like to slide the Status column right next to the Name column. You can even remove entire columns by right-clicking the column heading and unchecking it.

Where does Window's Product Id get stored Tip:
By Raymond


There are two places at least where ProductId gets stored. To see the first place, open Registry by going to START-RUN and entering REGEDIT and Navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]. In right pane, look for key by the name "ProductId". This is your Windows Product Id. Alternatively you can navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] and still find same field with the name ProductId.



--------------------------------------------------------------------------------

You can Keep Your Favorite Programs on Top of the Start Menu tip:


Do you have a favorite program that you frequently use? Elevate its priority on the Start menu by putting it at the top of the list. This ensures that the program will remain on the Start menu and cannot be bumped by other programs, even if you use the others more frequently.
Right-click the link to your favorite program on the Start menu and select Pin to Start Menu.
Your program will be moved permanently to the top part of the list, just below your browser and e-mail programs.

--------------------------------------------------------------------------------

Having problems with Outlook Express ? Does it ask for password everytime you connect tip:

If this is problem for you. Sometimes no matter what you do, Outlook Express forgets your password and asks you to enter it again each and every time you connect to your mail server.I have a solution that may work for you. Open Registry by going to START-RUN and entering REGEDIT and Navigate to HKEY_CURRRENT USER\Software\Microsoft and look for "Protected Storage System Provider". There is a good chance that you will see this folder. If you have it. Simply delete it. More than likely, you have solved your problem.

--------------------------------------------------------------------------------

How to avoid autoplay of CD ? Way I like best tip.


Hey this time no registry trick even though there are ways in registry to do it. In earlier operating systems only those CD that had autorun.inf file in their root directory were able to execute on its own but with advent of WINDOWS XP it has become possible with just about anything. Well sometimes it is good but there are other times when you want to avoid this part of automation. What would I do. Simply press SHIFT key when you enter a CD in your CD drive. It won't Auto play. For those of you, who do want a registry hack. Here it is:
Open Registry and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] and look for key "NoDriveTypeAutoRun" and set its value to 185 (decimal). This would stop autoplay.


--------------------------------------------------------------------------------
This tip to speed up the Start Menu in Windows XP.
Did you know you can customize the speed of the Start Menu by editing a Registry Key.


* Click Start, and then click Run.
* Type Regedit in the box, and then click OK.
* Expand the menu in the left panel and select the HKEY_CURRENT_USER\Control Panel\Desktop folder.
* Scroll down in the right panel and double click on the MenuShowDelay file.
* In the Value Data box, change to default value for the menu speed from 400 to a lesser number, such as 1.
*Click OK.
Caution: Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you may want to back up any valued data on your computer.

--------------------------------------------------------------------------------
Customizing Windows Explorer Context menu (right click menu in windows explorer)

Ever wondered how does the right click menu (which is actually a context menu) work ? For example, when I right click in windows explorer, I see an option which says "open command window here". Do You know why I see this ? Well I see this because I have following entries in my registry.

[HKEY_CLASSES_ROOT\Drive\shell\cmd]
@="Open Command Window Here"
[HKEY_CLASSES_ROOT\Drive\shell\cmd\command]
@="C:\WINDOWS\System32\cmd.exe /k cd "%1""
If You have never used a tweaking utility and have newly installed Windows XP, You would not see this option. You would have to navigate to [[HKEY_CLASSES_ROOT\Drive] go and create two subkeys ("cmd" and within that "command" and would have to put the text "Open Command Window Here" without quotes in default string value of "cmd" key and the text "C:\WINDOWS\System32\cmd.exe /k CD"%1"" without quotes in default string value of command key). After this You need to REBOOT for these changes to take effect.
Trick is in adding similar entries for other applications as well even though its much harder to come with ideas about what to put in the context menu!!!! .

Xp Registry tricks

Display Your Quick Launch ToolbarTip:

Is your Quick Launch toolbar missing from the taskbar?
To display your familiar Quick Launch toolbar:
Right-click an empty area on the taskbar, click Toolbars, and then click Quick Launch.

Easy as that your Quick Launch bar appears. To add items to your Quick Launch toolbar, click the icon for the program you want to add, and drag it to the Quick Launch portion of the taskbar.


--------------------------------------------------------------------------------

How to remove recycle bin from your desktop Tip:

Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop.

--------------------------------------------------------------------------------

How to stop new programs installed balloon from coming up tip:

Right click on START button and select properties. Click on Customize and go to Advanced tab and deselect check box saying "Highlight newly installed programs". This would help you stop this annoying feature from popping up every now and then.



--------------------------------------------------------------------------------
Unlock Toolbars to Customize Them Tip:

The new Windows XP now features locking toolbars, and you can adjust them. You may customize a lot of the Windows XP features such as the Taskbar, Start Menu, and even toolbar icons in Internet Explorer and Outlook Express. Remember your right-click:
* Right-click on a toolbar, and then click Lock the Toolbars to remove the check mark.
* Right-click on the toolbar again, and then click Customize.

You may add or remove toolbar buttons, change text options and icon options. When you've got the toolbar customized, click Close. Now right-click on the toolbar and then click Lock the Toolbars to lock them in place. com


--------------------------------------------------------------------------------

Want to remove shared documents folder from My Computer window tip:

Some don't like my shared documents folder option. If you are one of that, here is a trick to remove it.Open registry editor by going to START-RUN and entering regedit.
Once in registry, navigate to key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ My Computer \ NameSpace \ DelegateFolders You must see a sub-key named {59031a47-3f72-44a7-89c5-5595fe6b30ee}. If you delete this key, you have effectively removed the my shared documents folder.

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

How to improve on shutdown time ? Close apps automatically & quickly at shutdown tip:

Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\CONTROL PANEL\DESKTOP and look for AutoEndTasks. On my computer default value is 0. Change it to 1. Thats all. Further more you can reduce the time it takes for Windows to issue kill directive to all active/hung applications.
In doing this only constraint that you should make sure exists is that HungAppTimeout is greater than WaitToKillAppTimeout. Change the values of WaitToKillAppTimeout to say 3500 (since default value for HungAppTimeout 5000 and for WaitToKillAppTimeout is 20000)


--------------------------------------------------------------------------------
Are you missing icons Tip:


Are you missing icons? You may be wondering where all the icons from your desktop are in Windows XP? Well if you're like me, you like to have at least My Computer, My Network Places, and My Documents on the your desktop.
You need to:
* Right-click on the desktop, and then click Properties.
* Click the Desktop tab and then click on Customize Desktop.
* Put a check mark in the box next to My Document, My Computer, My Network Places, or Internet Explorer, to add those familiar icons to your desktop. Easy yes!

--------------------------------------------------------------------------------

How to login as administrator if you don't see it available tip:

Unless and until you have run into issues and fixing XP (underwhich case you have to go to Safe Mode to login as Administrator), you can get to administrator screen by simply pressing CTRL+ALT+DELETE twice at the main screen.

--------------------------------------------------------------------------------

Speedup boot up sequence by defragmenting all key boot files tip:

Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction. In right hand panel look for Enable. Right click on it and set it 'Y' for enable. This is the way I have it set on my computer. This will help speedup boot time.


Use a Shortcut to Local Area Network Connection Information:


--------------------------------------------------------------------------------

Use a Shortcut to Local Area Network Connection Information Tip:


Here's something new in Windows XP, instead of using the command line program and typing ipconfig to get local area network information, you can try using the following shortcut:
* Click on Start, point to Connect to, and then click Show All Connections.
* Right–click the connection you want information about, and then click Status.
* In the connection Properties dialog box, click the Support tab.
* For more information, click on the Advanced tab.

To automatically enable the status monitor each time the connection is active, in the connection Properties dialog box, select the Show icon in taskbar notification area when connected check box.

--------------------------------------------------------------------------------

Do you know you can have Virtual Desktops (like in Linux) with PowerToys ?

If you have powertoys installed on Windows XP Its available for free at Microsoft download webpage. It is very easy to enable Microsoft Virtual Desktop Feature. Simply right click on the Start Panel Bar also called TaskBar, Click on Tool Bar and select Desktop manager.
You would see a set of 5 icons placed on the right portion of the TAskBar. Click on number 1 to 4 to go to any of the desktops. Now you have have four different Active Desktops.
IMPORTANT NOTE: You may see a little degradation in performance.

--------------------------------------------------------------------------------

Customize Internet. Explorer Title bar tip:

This tip won't make your computer any faster but may help personalize your computer experience. Open Registry by going to START-RUN and typing REGEDIT. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet. Explorer\Main. In right hand panel look for string "Window Title" and change its value to whatever custom text you want to see.
--------------------------------------------------------------------------------

adding content to Right click credit :

Once done, you will be able to right click any file or folder and use the Browse for Folder dialog to choose the location you want to move or copy your file or folder to, without having to go to the destination path.

First we will add the copy and move options to the right click menu of all FILES.
CLICK Start>Run, type REGEDIT and click OK to open up the registry editor and make your way to this key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers
Right click the ContextMenuHandlers key and choose New>Key.
Name the new key “Copy To” (without the quotes).
Repeat the above and create another new key named Move To.
You should now have two new subkeys under the ContextMenuHandlers key:
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Copy To
HKEY_CLASSES_ROOT->*->shellex->ContextMenuHandlers\Move To
Select the Copy To key and in the right hand pane, double click “Default”
Enter this clsid value as the value data:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
Next , select the Move To key and in the right hand pane set the default value to:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
This now takes care of the Copy and Move options for the right click context menu of all your files.
Now all that is left is to add the same options to the right click menu of all your folders.
The procedure will be the same as for files but at a different key:
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHan dlers
Right click ContextMenuHandlers and create a new key named Copy To.
Right click it again and create another new key named Move To.
left click on the right hand pane, add the same default values as you did for Files:
For Copy To:
{C2FBB630-2971-11d1-A18C-00C04FD75D13}
For the Move To:
{C2FBB631-2971-11d1-A18C-00C04FD75D13}
Exit the registry and you are done.
Now when you right click on a file or folder, you should see two new options: Copy to Folder and Move to Folder

Wednesday, October 3, 2007

Stealing Search Engine Queries with javascript



Download The PDF Doc here : http://www.spidynamics.com/assets/documents/JS_SearchQueryTheft.pdf

Password Stealing For Dummies

Password stealing for dummies

... or why Cross Site Scripting really matters

Ever wondered why Cross Site Scripting (XSS) is said to be such a bad thing? Who on Earth clicks on links that are 8 inches long, contain funny characters en masse and still enters valid log-in data? Our little demo shows that XSS can be hidden everywhere and it makes your password an easy prey.

The whole security model of JavaScript depends on the origin of code. Code that comes from the same server as a web page that has just been loaded is automatically trusted; it can therefore read and modify most aspects of such a web page whilst it is displayed in the browser. Cross Site Scripting is a method to grab those rights by pushing malicious code into your browser in a way that makes it appear as if it is coming from the same server as, say, a log-in page.

A little demo

Imagine that this Demo log-in is the regular log-in page of our server. Click on that link to open it, use it, and take a look at the code. It is nothing special, just a plain form submitting the access data back to itself, when you press "log-in". After you click on log-in, your data is sent back to the form in clear text and displayed as "username=" and "password=" in the address bar of the browser window. So, when trying this out, don't use real passwords.

Now imagine that this article that you are reading was a page containing evil code, that had somehow been injected by an attacker. Now we can adjust our demo accordingly. If you press the Demo button below, the Demo log-in page will again open. Note that this is not a fake such as used to be used in old phishing attacks. It is the real log-in page, as you can see by checking the address bar of the new window. You can even check the source code – it's still the same simple log-in form.

However, things are different with this second stage of the demo because our evil code is in control in the background. It plants an invisible bug into the Demo log-in page, that watches what you do. When you click on "log-in", an alert message appears and displays your password. This alert was triggered by that evil code. It grabs the password from the Demo log-in page and instead of displaying your password to you as in the demo, it could easily have sent it to any location on the internet. The log-in page sees nothing of this sniffing done by the evil page and otherwise works as intended.

Demo

Almost all of this could have been done automatically, triggered just by opening this "evil" page. The code could sit in the background and wait for the next time you use the log-in form. Or it could activate a "log-out" link, present some reasonable message about inactivity timeouts and open the log-in window requiring you to log-in again. The only thing you have to do is enter your password – and not even that, if a password manager fills it in automatically. Then theft of your password could be completely hidden in the background. All of this is currently being packaged in exploit modules, so that attackers can generate suitable payloads for their XSS attacks on the fly.

The trick

Clicking on "Demo" activates some JavaScript code. This code opens the Demo log-in page in a new window. Because the Demo log-in page originates from the same server as the JavaScript code – they share the same origin – the latter has all the rights to read and modify attributes of the log-in page as it is displayed in the browser. It uses these rights to attach an additional onsubmit-function that is executed when you click on "log-in", then reads the password from the form properties and presents it in an alert box. This works with almost every browser capable of JavaScript, i.e. Internet Explorer, Firefox, Opera, Safari, you name it.

This type of evil JavaScript code is by no means rocket science. In fact it is very simple and is well known by the bad guys. There is therefore no harm in showing it here:

function open_steal_login() {
mylogin = window.open("demo-login.html");
mylogin.onload = function() {
mylogin.document.forms[0].onsubmit = stealit;
}
}

function stealit() {
alert('Your password is: ' +
mylogin.document.forms[0].password.value + ' !');
}

A click on the Demo link activates open_steal_login(). This opens a new window with "demo-login.html" and the onload function attaches stealit() to the form, after the login page has been loaded. That's about it.

Prerequisite

All that is required is that an attacker is able to place JavaScript code onto a server – or at least to make it look to your browser as if the code originates from that server. That means that he can manipulate all content from that server at will. In general, this can happen on pages with user generated content, that is not filtered carefully enough. Examples are user home pages, forums or classical Cross Site Scripting scenarios with web applications, that reflect parameters like "> back to the user. For such an attack and our demo to work the user needs to have JavaScript enabled.

Remedy

This is a hard one! Don't trust sites that allow others to create pages containing JavaScript. On the other hand, the code could have been inserted via Cross Site Scripting (XSS). So don't trust sites that are vulnerable to XSS. But hey – how would you know which they are? Even the best get hit by that plague – penetration testers claim very high success rates beyond 90 per cent on that one.

Disabling JavaScript completely takes you to the safe zone. But this is not really an option for most of us; too many sites depend on it nowadays. With Internet Explorer you can work with zones and allow Active Scripting only for trusted sites (by the way: the heisec Browsercheck helps you to configure your browser for greater security). If you are using Firefox, you can install the extension NoScript. This allows you to disable JavaScript and carefully build a whitelist of selected servers, that are allowed to execute JavaScript. Additionally it features some XSS protection mechanisms that we have not examined yet. Apart from that, all that can be said is: be careful, stay alert to possible dangers, keep your eyes open and hope for good karma

Samsung Secret Codes





Software version: *#9999#

IMEI number: *#06#

Serial number: *#0001#

Battery status- Memory capacity : *#9998*246#

Debug screen: *#9998*324# - *#8999*324#

LCD kontrast: *#9998*523#

Vibration test: *#9998*842# - *#8999*842#

Alarm beeper - Ringtone test : *#9998*289# - *#8999*289#

Smiley: *#9125#

Software version: *#0837#

Display contrast: *#0523# - *#8999*523#

Battery info: *#0228# or *#8999*228#

Display storage capacity: *#8999*636#

Display SIM card information: *#8999*778#

Show date and alarm clock: *#8999*782#

The display during warning: *#8999*786#

Samsung hardware version: *#8999*837#

Show network information: *#8999*638#

Display received channel number and received intensity: *#8999*9266#





*#1111# S/W Version

*#1234# Firmware Version

*#2222# H/W Version

*#8999*8376263# All Versions Together

*#8999*8378# Test Menu

*#4777*8665# GPSR Tool

*#8999*523# LCD Brightness

*#8999*377# Error LOG Menu

*#8999*327# EEP Menu

*#8999*667# Debug Mode

*#92782# PhoneModel (Wap)

#*5737425# JAVA Mode

*#2255# Call List

*#232337# Bluetooth MAC Adress

*#5282837# Java Version



Type in *#0000# on a Samsung A300 to reset the language

Master reset(unlock) #*7337# (for the new samsungs E700 x600 but not E710)

Samsung E700 type *#2255# to show secret call log (not tested)

Samsung A300, A800 phone unlock enter this *2767*637#

Samsung V200, S100, S300 phone unlock : *2767*782257378#



#*4773# Incremental Redundancy

#*7785# Reset wakeup & RTK timer cariables/variables

#*7200# Tone Generator Mute

#*3888# BLUETOOTH Test mode

#*7828# Task screen

#*#8377466# S/W Version & H/W Version

#*2562# Restarts Phone

#*2565# No Blocking? General Defense.

#*3353# General Defense, Code Erased.

#*3837# Phone Hangs on White screen.

#*3849# Restarts Phone

#*7337# Restarts Phone (Resets Wap Settings)

#*2886# AutoAnswer ON/OFF

#*7288# GPRS Detached/Attached

#*7287# GPRS Attached

#*7666# White Screen

#*7693# Sleep Deactivate/Activate

#*2286# Databattery

#*2527# GPRS switching set to (Class 4, 8, 9, 10)

#*2679# Copycat feature Activa/Deactivate

#*3940# External looptest 9600 bps

#*4263# Handsfree mode Activate/Deactivate

#*2558# Time ON

#*3941# External looptest 115200 bps

#*5176# L1 Sleep

#*7462# SIM Phase

#*7983# Voltage/Freq

#*7986# Voltage

#*8466# Old Time

#*2255# Call Failed

#*5376# DELETE ALL SMS!!!!

#*6837# Official Software Version: (0003000016000702)

#*2337# Permanent Registration Beep

#*2474# Charging Duration

#*2834# Audio Path (Handsfree)

#*3270# DCS Support Activate/Deactivate

#*3282# Data Activate/Deactivate

#*3476# EGSM Activate/Deactivate

#*3676# FORMAT FLASH VOLUME!!!

#*4760# GSM Activate/Deactivate

#*4864# White Screen

#*7326# Accessory

#*7683# Sleep variable

#*3797# Blinks 3D030300 in RED

#*7372# Resetting the time to DPB variables

#*3273# EGPRS multislot (Class 4, 8, 9, 10)

#*7722# RLC bitmap compression Activate/Deactivate

#*2351# Blinks 1347E201 in RED

#*2775# Switch to 2 inner speaker

#*7878# FirstStartup (0=NO, 1=YES)

#*3838# Blinks 3D030300 in RED

#*2077# GPRS Switch

#*2027# GPRS Switch

#*0227# GPRS Switch

#*0277# GPRS Switch

#*22671# AMR REC START

#*22672# Stop AMR REC (File name: /a/multimedia/sounds/voice list/ENGMODE.amr)

#*22673# Pause REC

#*22674# Resume REC

#*22675# AMR Playback

#*22676# AMR Stop Play

#*22677# Pause Play

#*22678# Resume Play

#*77261# PCM Rec Req

#*77262# Stop PCM Rec

#*77263# PCM Playback

#*77264# PCM Stop Play

#*22679# AMR Get Time

*#8999*364# Watchdog ON/OFF

*#8999*427# WATCHDOG signal route setup

*2767*3855# = Full Reset (Caution every stored data will be deleted.)

*2767*2878# = Custom Reset

*2767*927# = Wap Reset

*2767*226372# = Camera Reset (deletes photos)

*2767*688# Reset Mobile TV

#7263867# = RAM Dump (On or Off)



*2767*49927# = Germany WAP Settings

*2767*44927# = UK WAP Settings

*2767*31927# = Netherlands WAP Settings

*2767*420927# = Czech WAP Settings

*2767*43927# = Austria WAP Settings

*2767*39927# = Italy WAP Settings

*2767*33927# = France WAP Settings

*2767*351927# = Portugal WAP Settings

*2767*34927# = Spain WAP Settings

*2767*46927# = Sweden WAP Settings

*2767*380927# = Ukraine WAP Settings

*2767*7927# = Russia WAP Settings

*2767*30927# = GREECE WAP Settings

*2767*73738927# = WAP Settings Reset

*2767*49667# = Germany MMS Settings

*2767*44667# = UK MMS Settings

*2767*31667# = Netherlands MMS Settings

*2767*420667# = Czech MMS Settings

*2767*43667# = Austria MMS Settings

*2767*39667# = Italy MMS Settings

*2767*33667# = France MMS Settings

*2767*351667# = Portugal MMS Settings

*2767*34667# = Spain MMS Settings

*2767*46667# = Sweden MMS Settings

*2767*380667# = Ukraine MMS Settings

*2767*7667#. = Russia MMS Settings

*2767*30667# = GREECE MMS Settings



*#7465625# = Check the phone lock status

*7465625*638*Code# = Enables Network lock

#7465625*638*Code# = Disables Network lock

*7465625*782*Code# = Enables Subset lock

#7465625*782*Code# = Disables Subset lock

*7465625*77*Code# = Enables SP lock

#7465625*77*Code# = Disables SP lock

*7465625*27*Code# = Enables CP lock

#7465625*27*Code# = Disables CP lock

*7465625*746*Code# = Enables SIM lock

#7465625*746*Code# = Disables SIM lock

*7465625*228# = Activa lock ON

#7465625*228# = Activa lock OFF

*7465625*28638# = Auto Network lock ON

#7465625*28638# = Auto Network lock OFF

*7465625*28782# = Auto subset lock ON

#7465625*28782# = Auto subset lock OFF

*7465625*2877# = Auto SP lock ON

#7465625*2877# = Auto SP lock OFF

*7465625*2827# = Auto CP lock ON

#7465625*2827# = Auto CP lock OFF

*7465625*28746# = Auto SIM lock ON

#7465625*28746# = Auto SIM lock OFF



Type *#9998*627837793# Go to the 'my parameters' and there you will find new menu where you can unlock phone.(not tested-for samsung C100)

To unlock a Samsung turn the phone off take the sim card and type the following code *#pw+15853649247w# .

Java status code: #*53696# (Samsung X600)



If you want to unlock your phone put a sim from another company then type *#9998*3323# it will reset your phone. Push exit and then push 7,
it will reset again. Put your other sim in and it will say sim lock, type in 00000000 then it should be unlocked. Type in *0141# then
the green call batton and it's unlocked to all networks. This code may not work on the older phones and some of the newer phones. If it doesn't work you will have to reset your phone without a sim in it by typing *#2767*2878# or *#9998*3855# (not tested)

BSNL hack for Internet

Free gprs in bsnl


here are the steps to perform:-

Logic: the server has a major bug in it, by which it fails to block two simultaneous connections from the phone and establishes a connection with full internet working,

Supported devices: all phones with multichannel gprs support

For connection on your mobile phone:-

1) Make two connections like bsnlportal and BSNLPORTAL1

(names of profile don’t matter, u can keep one as billgates and shahrukhkhan lol..the basic purpose of names is to enable the user to differentiate between the two accounts,)

2) Select the application you got to have the full connection working on.
Surpassingly “web” now just select “bsnlportal” profile and select a link like wap.cellone.in the page will get open, just press the red button such that the “web” application goes in the background.
Make sure that the gprs connection is still established with the web app. Two parallel lines on the top left of the screen will confirm this

3) Now open any other app that requires web connection like opera. Select BSNLPORTAL and open any other link like wap.google.com, u will get error –

the aim of using the other app is to perform multi-channel gprs,
this is verified by seeing some dots on the pre-existing connection established by “web”

(step 2)

“Access denied.

Technical description:
403 Forbidden - You are not allowed to communicate with the requested resource.”

4) close opera and open web and open a site like esato.com

5) if everything is done as said here then esato will load and voila! We have the whole internet!

For connection on pc.

1)create a connection and enter the number to be dialed as *99***1#

2) enter the following string as extra initialization command

3)now dial from pc, the connection will be established

4)pick the phone and open “web” open “wap.cellone.in” the phone shows error .

5) close “web” and then from the browser open www.google.com
and voila! The whole intenet is here

settings for profiles

apn: celloneportal
ip: 192.168.51.163
port : 8080

leave other fields blank as they are of the least concern!

the browser settings on pc too go the same as mentioned above!

Airtel Hack for free internet

You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( It’s FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for your mobile’s modem.

4) Create a new dial-up connection using the NEW CONNECTION WIZARD as follows

Connecting Device : Your mobile’s modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2# / Try 99***1
Username and Password : blank

5) Configure your browser and download manager to use the proxy 100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2 kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get “Access Denied…”(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address , press ENTER and…….WAIT

9) After a few seconds the page will start to load and you have the
WHOLE internet at your disposal.


TWO

Under DATA COMM
~~~~~~~~~~~~

APN : airtelfun.com

USERNAME : blank

PASSWORD : blank

PASS REQ : OFF

ALLOW CALLS : AUTOMATIC

IPADDRESS :

DNSADDRESS :

DATA COMP : OFF

HEADER COMP : OFF


Under INTERNET PROFILES
~~~~~~~~~~~~~~~~

INTERNET MODE : HTTP or WAP (both worked for me)

USE PROXY : YES

IP ADDRESS : 100.1.200.99

PORT : 8080

USERNAME :

PASSWORD :

No Risk Here, Try it and Enjoy


THREE

1st go to settings menu then to connectivity tab now choose the option Data comm. then "DATA ACCOUNTS" go to new account now the settings r as follows
ACCOUNT TYPE:GPRS
NEW ACCOUNT NAME:A1
APN:airtelfun.com
usr name: (blank)
password: (blank)

now save it
NOW!
go to Internet Setting in connectivity here choose intrnet profile--go to new profile setting are as below
NAME:A1
CONNECT USING:A1(which was created in data comm.)
save it
now u would be able to see it now selest it and take "more" option then select setting here in use proxy option it will be selected no if it is no then change it into yes
now go to proxy adress and give the adress as
100.1.200.99 and then the port number as 8080
Usr name:
password:
now save all the settings u made . come back 2 connectivity
choose streaming settings now in connect using option choose a1 that we created leave the use proxy option as no itself
THESE R THE SETTINGS
now access airtellive! from ur activated SE phone goto VIDEO GALLERY OR VIDEO UNLIMITED(varies according to states) choose live streaming then choose CNBC OR AAJTAK WHILE CONNECTING TO MEDIA SERVER cancel AFTER 9 or 10 sec then type any web adress if it shows access denied then once again select CNBC and wait for a few more sec than before if its fully connected also no prob its free then cancel it or if ur connected then stop it and the internet is ready to take of .GOOD LUCK SE AIRTEL USERS


alternate

For All Airtel Users

Requirements:
1. Airtel live (available 4 free)
2. Nokia series60 handset eg 6600,6630,n series,7610,6670 etc
3. Opera wap browser 4 mobile
Procedure:-

1. Go to ur connection settings and make a new internet profile using the default settings of airtel live. name that new profile as nething(for eg masala); change the home page of that profile to nething u like for eg www.google.com.

2. Go to ur Opera browser and set the default connection as AIRTEL LIVE. this is the original settings u received thru airtel.

3. Go to the services(in n6600) and Web(N6630) and change the default profile for connection as masala (newer one).

**Note: always make sure that ur access point is airtelfun.com

Apply:-

1. Open Opera and u will see that homepage of Airtel Live is opened. Minimize the application.

2. Now open web using the duplicate Profile and u will see that two gprs connections will work simultaneously and at the web or the services page it will show "Unable to connect" or any error. well thats the signal of ur success.

3. Simply go on the Opera with web on and open any site u want for free. No Charges No nothing.

U can also use it through ur computer..........


someone said dis too

The main principle behind this is we hav 2 fool the bsnl techies 2 activate portal and thus get gprs activated / get "G" signal on ur cell as bsnl portal (wap.cellone.in) needs "gprs signal on ur cel (whether gprs is formaly activated/registerd or not (by my method )i dont know)

NORMALLY THEY DONT DO THAT INSPITE OF THE FACT THAT THEY SHOULD ACTIVATE GPRS SIGNAL SERVICE FOR PORTAL!!!
AND THEY WILL GIVE U NO OF REASONS----
---THAT portal is message based , so go to cellone icon in menu and use that sms based portal (what the f**k)
---THAT portal service will be activated when u will activate gprs by filling up form and registering at nearest CCN!!
---THAT ur handset has some problems (if u say that "G" signal is not present)
----etc,etc!!

U HAVE 2 ACTIVATE PORTAL FIRST WHICH IS FREE AND U CAN EAT UP CC'S FOR THIS REASON!!
SO WHAT U HAV 2 DO IS--
1) SEND PORTAL to 3733 AND CONFIRMATION SHD COME WITH 5 MIN AT-MAXIMM !!
2) SEND FOR ATLEAST 20-30 TIMES (CAN B ANY MORE THAN THAT)
JUST S**K UP THE NETWORK(3733) WITH THESE MESSAGES !!!
THAT'S FREE NO!! BOTH ON POST AND PRE!!
3) NOW ALONG ALSO SEND 20-40 SMS AS GPRS TO 3733
(NO OF SMS DIRECTLY PROPORTIONAL 2 HATE FOR BSNL AND HOW EARLY U WNAN GET UR GPRS ACTIVATED) this is also free both on post and pre!!
4) U WILL GET CONFIRMATION IN BOTH CASES AND MSG TELLS U 2 GET SETTINGS FROM 9400024365, THE NO OF CC!!
HERE AT MY PLACE I CAN DIAL 9419024365 ALSO!
BOTH R TOLL FREE AND BOTH R LOCATED IN CHANDIGARH!!!
(((((((AND SOME OF THE CC'S SAY they cant give such sensitive information that where they r located, as if thay have a 3 rd world of their own! and the other dumbs said that they r in chandigarh!!!!)))))

I WOULD ADVISE ALL FIRST, 2 call them once 2 get the settings!!
(most of the times that is incorect but gives u an idea of settings in ur area))
Try and in ur 1 st call only,
talk roughly and tell them u r calling 10-20th time just for settings and is that their service!!!
5) Now when u get them save them AND plz post them here!!!
6) now GET ATLEAST 2-3 COMPLAINTS REGISTERED( each after 1 day) THAT UR PORTAL HAS NOT ACTIVATED AND GET THEIR SERIAL NO.
and in the end bombard them abt the status of all those complaints !!
b4 registering ur complaint they will hesitate much and always say taht they will b sendin new settings which r accurate! but dont belive them and just register complaints!!
6)AFTER THAT, u have 2 only wait until "G" signal is there on ur screen!!

LOOK, WHAT I HAVE WRIITEN ABV IS METHOD by which i got activated my "G" service !!! without fillin any form or such and without any money drain!!
may be since it bypasses the formal way of registeration, that is why this trick is working !!!!!!!!!!!!

U may also Try this

first open ur msg window and type LIVE and send it to 2567 so that after 5 min u get the setting of Airtel Live or if u have already no need for this procedure. now then open that setting and copy all the settings from it and create one access point manually which has all the settings like Airtel Live has. now only one change will be there and it would be in access point name which is "Airtelmms.com" instead of originally "Airtelgprs.com". ok u've done it just active that setting and access free airtel gprs on ur phone.

a recent comment says dat

Guys i tried and its working, I'm using airtel chennai,..the Method TWO worked, also i request everyone to change the Phone number from *99***2 to *99***1 and its working,.. it'll get connected at 462.8kbps but its the speed between the phone and your computer but actual BAndwidth is 42kbps

Ur e mail can be intercepted ! check how!!

Top 10 Places Your Email Can Be Intercepted

The Internet has radically changed the way we communicate with each other. Email is obviously
an extremely valuable and ubiquitous form of communication, but with this technology comes
certain pitfalls that should be understood. The path that an email message takes to reach its
recipient is a complex and varying one, and while in transit that message may come under the
potential scrutiny of numerous different people and organizations.


We will attempt to outline the varying paths that an email message may travel, and who some of
those different people and organizations might be under whose scrutiny the message may pass.
The intention of the document is not to provide a how-to guide; the only specific technique that
will be discussed, packet sniffing, is one that anybody with any technical networking knowledge
whatsoever is already familiar with – which brings us to an important point. At a round number,
there are probably at least a million people in the world with the requisite technical knowledge
necessary to intercept Internet-based email. Yes, I said a million. (There are actually probably a
lot more than that - maybe several million by now, and more everyday as the populace becomes
more networking-literate.) Fortunately, the number of those people who actually have the
physical access necessary to intercept email is much smaller, but it is still a very large number.

The Internet
The Internet is composed of numerous different interconnected networks and systems that
collectively provide a backbone for the transmission of network traffic. It is a highly dynamic
physical environment: a system or network device that is here today may be gone or reconfigured tomorrow, and the underlying protocols of the Internet will automatically detect and accommodate for this change. This dynamic nature is one of the things that make the Internet so powerful. However, given the dynamic nature of the Internet, it is impossible to absolutely predict exactly what path network traffic will follow. One email message that you send could take an entirely different path to reach the recipient than another that you send to the same person. In fact, it is even worse than that: for the sake of efficiency, email messages and other network traffic are typically broken down into smaller little chunks, or packets, before they are sent across the network, and automatically re-assembled on the other side. Each of these individual packets may in fact follow a different path to get to the recipient! (In actual practice, a given path tends to get reused until the operational parameters of that or other related paths have significantly changed.) The net result of all this is that your message, or at least little chunks of your message, travels through an indeterminate set of systems and network devices, each of which offers a point of interception. These systems may be owned or operated by corporations and non-profit organizations, by colleges, by governments and government agencies, or by telecom and other connectivity providers. Given such a widely divergent group, it is easy to see how either an unethical organization or a renegade employee may easily gain access to the messages and traffic crossing their systems. All of these factors combine to make the Internet itself the primary source of message interception points.

Internet Service Provider (ISP) All Internet traffic to and from your machine flows, by definition, through the systems of your
Internet Service Provider (ISP) – the ISP is your connection to the cloud. Your ISP, a renegade
employee of your ISP, or someone working in cooperation with your ISP can intercept and read
your email with ease. (This is why the fed targets ISPs for Carnivore implementations.)


Interception by Internet Service Provider

Most ISPs are highly ethical and have the best interests of their customers at heart; however,
there have been instances of less scrupulous ISPs taking advantage of the trust their users place
in them. There was a case in San Francisco where an ISP was charged with multiple counts of
intercepting email traffic between January and June 1998 from one of their business customers,
namely Amazon.com, and forwarding the insider information contained therein to a competitor.
They settled the case with prosecutors in November 1999. There have been other instances of
this type of behavior, but these cases are frequently settled with relatively little press. This is not just limited to small ISPs however; in the case of a large ISP it is much more likely that it is a
renegade employee intercepting messages than the ISP itself, but the ease of interception is just
the same.

Yet another more recent development in ISP-based message interception that has seen a lot of
press lately is the federal government’s desire to utilize mechanisms such as the Carnivore
system to intercept email messages and other Internet traffic. The primary complaint about a
system such as this is that it intercepts all Internet traffic from all users of the ISP – it in essence intercepts and surveys everybody to find the one it is looking for. Concerns have been raised regarding what will happen with the balance of supposedly superfluous information.

Email Provider
All email messages sent to and from your email account obviously have to travel through the
systems of your email provider. In many cases, your email provider is the same entity as your
ISP, but with the prevalence of free email providers and other email hosting services, many more people are using email accounts provided by someone other than their ISP. An email provider has very easy access (as easy as that of the ISP) to the content of your messages when those messages pass through their server.


Interception by Email Provider

Office
Email sent from an office computer must typically travel extensively across corporate networks
and backbones prior to reaching the cloud itself (to reach which it may possibly also have to go
through a commercial ISP.) While traveling across the corporate network, messages are
effectively open to interception by many different people such as coworkers (in addition to people who may legitimately have an interest in auditing messages such as system administrators or security officers.) Corporations also typically act as email providers for their employees.


Interception Points in a Corporate Environment

Some companies have relatively good control over their internal networks and have implemented controls and procedures to eliminate this sort of thing, but in many more companies (most companies, actually) it is as simple as running a packet sniffer on your machine and you are able to intercept all the traffic traveling across the corporate network or at least the local subnet. There are countless well-documented incidents of this type, covering the entire range from corporate spying to renegade employees acting alone.

Hotel/Conference Center/Internet Café
Many luxury and business-class hotels and conference centers provide Internet connectivity as
part of their standard service offering. This is an extremely convenient service, but it is also a
significant security risk if not structured correctly. The hotel or conference center’s internal
network has close parallels to a corporate network, and typically either hotel employees or other
guests may intercept traffic on this type of network with great ease. In a hotel or conference
center access to the internal network is effectively open to anybody willing to book a room.


Hotel/Conference Center Interception Points

Try this – the next time you book a hotel or conference center that offers Internet connectivity,
inquire as to the measures that have been taken to protect traffic on the internal network, not just from external attacks but from internal attacks as well. See what the response is…
Internet cafés take this security risk to an entirely new level. When you sit down at an Internet
café and start sending messages, the person sitting immediately next to you could be intercepting and reading everything you say!

Housing Provided Connectivity
Many condominium and apartment complexes are starting to offer built-in high speed Internet
connectivity as an incentive to prospective tenants. This is very similar to the hotel/conference
center model and has the same risks and concerns – if anything, however, an internal network
owned and administered by a property management company is probably likely to be less well
administered and protected than an internal network owned by a large hotel chain – at least the
hotel chain probably has corporate IT standards that they ostensibly must follow.

College/Trade School
Colleges and trade schools are another hotbed of interception activities. College networks are
typically reasonably similar to corporate networks, and pose the same risks and opportunities for traffic interception. However, in a collegiate culture there is typically more ‘hacking’ type activity going on, and thusly the risk of interception is probably greater than in a corporate environment (though the value of the transmitted information is typically much lower.) Colleges typically provide students with their own email addresses, and also typically have a somewhat distributed physical environment.

Interception in a College Environment

Local Loop
Connectivity provision solutions such as cable modems and other broadband technologies use a
‘shared local loop’ network model. This means that all cable modem traffic in your local
neighborhood is traveling across a shared physical wire or set of wires, albeit modulated to
unique frequency ranges. This is typically the same physical wire that also carries other services
such as cable television to your house.


Local Loop Interception

While intercepting your next door neighbor’s email messages isn’t quite as easy as just running a
packet sniffer on your machine (there is some little bit of hardware that you need as well), it is not at all that difficult to achieve - the technique is reasonably well documented in certain circles. The same technique applies to tapping into the loop itself.
Metropolitan Area Networks and Wireless Networks
Metropolitan Area Networks (MANs) and wireless networks are just starting to be implemented
in the US – other countries, however, have already expended significant effort in attempts
to provide Internet connectivity to their major metropolitan areas. In some models, this
effectively makes local government the ISP, while in other models the local government provides the network connectivity while a commercial ISP provides the actual Internet connectivity.

Regardless, this introduces yet another entity who has access to intercept and scrutinize your
messages.


Interception in a MAN environment

Wireless network connectivity intuitively seems to provide yet another illicit network access point by allowing interception of the transmitted signals; however, most wireless networking protocols have privacy-enabling technologies built in to their design, and thusly interception of the transmitted signals is not effective. However, traffic may typically be intercepted at the wireless access point (the base station for the antenna) when it is converted to wired networked signals, though this is protocol dependent and the protocol designers are busily at work trying to find a solution for this problem.


Interception at Wireless Network Access Point

Conclusion
There are many places where email messages can be intercepted in transit. This document has
attempted to outline only the most pervasive of access points into the overall network, but the
Internet is a highly dynamic and rapidly changing physical environment and thusly Internet traffic will, for the foreseeable future, be subject to multiple points of attack in transit. The points of attack have all been illustrated from the standpoint of the message sender, but it is important to note that they all exist on the recipient’s side as well.
There is no way to stop people from intercepting your email messages. The only thing you can
do to protect the privacy of your messages is to encrypt those messages so that, if intercepted,
they cannot be read and will be of no use. This is the nature of the Internet.

Internet Stuff Tricks n Hacks

Change Yahoo messenger title bar


Hey guys you can change the yahoo messenger title bar...
For this just find the folder messenger in the drive in which the messenger is installed. Then search a file named "ymsgr". In this file just go to the end and write the following code:
[APP TITLE]
CAPTION=Red Devil
Here you can write any name in place of Red Devil... then see the fun.... You can have your own name being placed in yahoo messenger title bar.


Enable Right Clicks on The Sites Dat Disable it

Lots of web sites have disabled the right click function of the mouse button... it's really, really annoying. This is done so that you don't steal (via right-click->save picture) their photos or images or any other goodies. Unfortunately, it disables ALL right-click functionality: copy, paste, open in new window.

It's easy to change, assuming your using IE 6:
Click "Tools"->"Internet Options"
Click the "Security" tab
Click "Custom Level"
Scroll down to the "Scripting" section
Set "Active Scripting" to "disable"
Click "Ok" a couple of times.

You'll probably want to turn this back to "enable" when your done... 'cause generally the javascript enhances a website.

Hacking Password Protected Websites

warning : For educational purpose only

Here are many ways to defeat java-script protected websites. Some are very simplistic, such as hitting [ctl-alt-del ]when the password box is displayed, to simply turning offjava capability, which will dump you into the default page.You can try manually searching for other directories, by typing the directory name into the url address box of your browser, ie: you want access to www.your-target.com .

Try typing www.your-target.com/images .(almost ever y web site has an images directory) This will put you into the images directory,and give you a text list of all the images located there. Often, the title of an image will give you a clue to the name of another directory. ie: in www.target.com/images, there is a .gif named gamestitle.gif . There is a good chance then, that there is a 'games' directory on the site,so you would then type in www.your-target.com/games, and if it isa valid directory, you again get a text listing of all the files available there.

For a more automated approach, use a program like WEB SNAKE from anawave, or Web Wacker. These programs will create a mirror image of an entire web site, showing all director ies,or even mirror a complete server. They are indispensable for locating hidden files and directories.What do you do if you can't get past an opening "PasswordRequired" box? . First do an WHOIS Lookup for the site. In our example, www.your-target.com . We find it's hosted by www.host.com at 101.101.101. 1.

We then go to 101.101.101.1, and then launch \Web Snake, and mirror the entire server. Set Web Snake to NOT download anything over about 20K. (not many HTML pages are bigger than this) This speeds things up some, and keeps you from getting a lot of files and images you don't care about. This can take a long time, so consider running it right before bed time. Once you have an image of the entire server, you look through the directories listed, and find /target. When we open that directory, we find its contents, and all of its sub-directories listed. Let's say we find /target/games/zip/zipindex.html . This would be the index page that would be displayed had you gone through the password procedure, and allowed it to redirect you here.By simply typing in the url www.target.com/games/zip/zipindex.html you will be onthe index page and ready to follow the links for downloading.