tv - programer

Windows 8.1 is the latest operating system from Microsoft.

They have added as well as removed some of the features, which were present in earlier versions. No one can tell why these features were removed when they are working perfectly. One example is changing sounds while Logging on and off the system. This feature was present on Windows 7 and earlier versions but are now hidden from latest versions.

Today I will show you how to change Log Off and Log On sounds using registry key hack.
Perform the three simple steps below.

1. Press “Windows+ R” keys to open Run box. Type “regedit” and hit Enter.

2. Navigate to the hierarchy “HKEY_CURRENT_USER/AppEvents/EventLables”. Select “WindowsLogoff”.

3. Double click on “ExcludeFromCPL” from right pane and set the value from 1 to 0.

 

OpenSSL ‘heartbleed’ bug live blog

Posted: 15/04/2014 in Uncategorized

Originally posted on Fox-IT International blog:

heartbleed A bug has been identified in OpenSSL , all details can be found at heartbleed.com . The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher

Test if you are vulnerable

You can test if you are vulnerable by requesting a heartbeat response with a large response. If the server replies your SSL service is probably vulnerable. You can use any of the tests below:

This vulnerability only applies to OpenSSL versions 1.0.1-1.0.1f. Other SSL libraries, such as PolarSSL, are not…

View original 620 more words

tv heart

It is not just websites and routers that are vulnerable to the web-wide bug Heartbleed — certain Android models are at risk too.

As Google noted in its own Heartbleed disclosures on Wednesday, Android devices running Android 4.1.1 Jelly Bean are vulnerable to Heartbleed. Google said patching information is being distributed to its Android partners.

So how many phones are still running Android 4.1.1? That’s difficult to determine. Although 34.4% of Android devices are running Android Jelly Bean, Google does not break out how what percentage of users are on its various versions — 4.1.1 and 4.1.2.

The latest version of Jelly Bean is 4.1.2, which was released in October 2012.

A Google spokesperson confirmed to Bloomberg that there are “millions” of devices running Android 4.1.1.

Because Android updates are controlled by phone manufacturers and wireless carriers, it can be challenging to determine what versions of Android are available for various devices. We do know, however, that the HTC One S is running Android 4.1.1.

Heartbleed underscores what has long been one of Android’s biggest problems: pushing out software updates to its myriad vendors. Android updates are the responsibility of the device maker, and often need to be approved by wireless carriers. The only exceptions are Google-made devices, such as the Nexus series and Google Play Edition phones.

Previous attempts at getting phone manufacturers and carriers to adopt Android updates have not met with success. If there is a positive aspect to Heartbleed, it is that this might scare device makers into pay more attention to versions (and to put in better processes for security updates).

If you know your Android device is running Android 4.1.1, let us know the model and manufacturer in the comments, along with your wireless carrier. That will give us all a better sense of which companies are falling behind in the battle to patch Heartbleed.

tv - programer

 

I know personally, I am not one of those people that can remember every detail of every language and never look anything up. It’s nice to have a cheat sheet with a quick summary of some of the most commonly used procedures, tags, tools, syntax, etc., saving time that would have been used to look it up on Google or dig through documentation either online or in printed text. The following is a list of links to several different cheat sheets on a wide variety of tasks and tools.

You can print them out and hang them on your wall (my personal choice) or simply bookmark them for easy access down the road. If you have any additional suggestions or see something I have missed, let me know…

 

Command Line

Windows Command Line Reference

BASH Command Line Reference

DOS Commands

 

Databases

MySQL Cheat Sheet

MySQL Reference List

Oracle Cheat Sheet

Oracle PL/SQL Cheat Sheet

Oracle 9i Server Reference (PDF)

Oracle 9i Command Reference

PostgreSQL Cheat Sheet

SQL Cheat Sheet

SQL Server 2005 Commands

 

Programming

Ada Syntax Card (PDF)

ASP/VBScript Cheat Sheet

C++ Language Summary

C++ Reference Sheet (PDF)

C++ Containers Cheat Sheet

C# Language Reference

Delphi Technical Reference Card (PDF)

Java Syntax Cheat Sheet

Java Quick Reference (PDF)

Java Reference for C++

JSP 2.0 Syntax Reference Sheet (PDF)

LaTEX Reference Card (PDF)

PERL Cheat Sheet

PERL Reference Card (PDF)

PERL Regular Expression Quick Reference (PDF)

PERL Reference Guide

PHP Cheat Sheet

PHP Developer Cheat Sheet

Python 101 Cheat Sheet

Python Cheat Sheet

Python Quick Reference (PDF)

Ruby Cheat Sheet (PDF)

Ruby Reference

Ruby on Rails Reference Sheet

 

Unix/Linux

Debian Linux Reference Guide (PDF)

Linux Shortcuts and Commands

One Page Linux Manual (PDF)

TCP Ports List

Treebeard’s Unix Cheat Sheet

Unix Command Line Tips

 

Web Development

Actionscript 2.0 Cheat Sheet (PDF)

Actionscript 3.0 Cheat Sheet (PDF)

CSS Cheat Sheet

CSS 2 Reference Card (PDF)

CSS Reference Sheet

CSS Shorthand Guide

CSS Useful Properties

Drupal 4.7 Cheat Sheet

.htaccess Cheat Sheet

HTML Cheat Sheet

HTML Dom Quick Reference Card (PDF)

Javascript Cheat Sheet

Javascript Quick Reference

Javascript Reference Page

JQuery Cheat Sheet (PDF)

JQuery Reference (PDF)

Mod_Rewrite Cheat Sheet

Scriptaculous Combination Effects Field Guide (PDF)

XHTML Cheat sheet

XHTML Reference

XHTML & HTML Cheat Sheet

XML Syntax Quick Reference (PDF)

XML Schema Reference (PDF)

XSLT and XPath Quick Reference (PDF)

 

Miscellaneous Topics

Ascii Codes Cheat Sheet

CVS Cheat Sheet

Regular Expressions Cheat Sheet

RGB Hex Colour Chart

Subversion Quick Reference (PDF)

Theoretical Computer Science Cheat Sheet (PDF)

UML Quick Reference Card (PDF)

UML Cheat Sheet

Vi Cheat Sheet

Vim Commands Cheat Sheet

XEmacs Commands Cheat Sheet

 

tv crime2
Wanna buy a botnet? It will cost you somewhere in the region of $700. If you just want to hire someone else’s botnet for an hour, though, it can cost as little as $2.

Maybe you’d like to spy on an ex — for $350 you can purchase a Trojan horse that lets you see all incoming and outgoing texts. Or maybe you’re just in the market for some good old-fashioned spamming — that will cost you $10 for someone to send a million e-mails on your behalf.

These are the going rates in Russia’s underground cybercrime market — a vibrant community of ne’er-do-wells offering every conceivable service at dirt-cheap prices — as profiled in security firm Trend Micro’s report, Russian Underground 101, which provides insight into the workings of the hidden economy.
Russia’s cybercrime market is “very mature,” says Rik Ferguson, Trend Micro’s director of security research and communications. “It’s been in place for quite some time. There are people offering niche services, and every niche is catered for.”

The report details a range of products offered in the underground, including ZeuS, a hugely popular Trojan horse that’s been around for at least six years. ZeuS creates botnets that remotely store personal information gleaned from users’ machines, and has been discovered operating on everything from home-based computers to the networks of large organizations such as Bank of America, NASA and Amazon. In 2011, the source code for ZeuS was released into the wild, which has made it “a criminal open source project,” Ferguson says. Variants of ZeuS now sell for $200-$500.

Cybercrime techniques go in and out of fashion like everything else — and in that sense, ZeuS is unusual for its longevity. Its success in large part is due to the fact that viruses and Trojans can be easily adapted to take advantage of whatever hot story is in the news — presidential elections, hurricane Sandy — in order to make fraudulent messages and spam emails seem more legitimate to users.

DNSChanger is another popular Trojan horse that operated from 2007-2011. It altered the DNS settings on machines to redirect a victim’s browser to a webpage with ads that earned the scammers affiliate revenue. One prominent DNSChanger crime ring called Rove Digital was busted in Estonia in 2011 following a six-year FBI investigation. During that time, it is estimated the scammers earned around $14 million.

As a result of the bust, the FBI was left with a lot critical web infrastructure on its hands that controlled infected machines, including machines at major organizations. Victim machines could only access the web through the Rove Digital servers. So authorities spent months warning computer users to check their computers for DNSChanger infections so that when the Estonian servers were finally taken offline, it wouldn’t affect the ability of victims to surf the web.

So-called “ransomware” is an example of a more recent cybercrime trend, whereby the victim’s computer is locked down, and the hard drive is encrypted by a remote attacker. All the user sees on the screen is a message that tells them that local law enforcement has detected child pornography or pirated software on their PC. In order to unlock their machine, the message instructs victims to send money to a certain bank account. No payment, no unlocked hard drive.

Some victims who have paid the “fine” actually report getting their information back, says Ferguson. “But you’ve labeled yourself as an easy mark, and there’s no telling if they haven’t left behind a backdoor which will let them come back and try again,” he says.
The most recent trends in cybercrime are focused on mobile — particularly Android devices — Ferguson says.
We’ve seen so far 175,000 malicious threats for Android, and we expect that to be a quarter of a million by next year,” he says. “Those threats come from malicious apps — if you want to stay safe, stick to official channels like Google Play, don’t just download from any site.”

Prices are going down across the Russian underground, Ferguson says.
“The bad guys are using technologies to drive down costs in the same way businesses are,” he says, noting the person who recently claimed online to have bought the personal information of 1.1 million Facebook users for just $5.
While hackers and other cyber criminals can save by buying in bulk, the cost to the individual, or the business, that falls victim to one of these techniques is much higher.

The following is a survey of current prices on the Russian underground market:
• Basic crypter (for inserting rogue code into a benign file): $10-$30
• SOCKS bot (to get around firewalls): $100
• Hiring a DDoS attack: $30-$70/day, $1,200/month
• Email spam: $10 per one million emails
• Email spam (using a customer database): $50-$500 per one million emails
• SMS spam: $3-$150 per 100-100,000 messages
• Botnet: $200 for 2,000 bots
• DDoS botnet: $700
• ZeuS source code: $200-$500
• Windows rootkit (for installing malicious drivers): $292
• Hacking Facebook or Twitter account: $130
• Hacking Gmail account: $162
• Hacking corporate mailbox: $500
• Winlocker ransomware: $10-20
• Unintelligent exploit bundle: $25
• Intelligent exploit bundle: $10-$3,000

Other articles:
Study supports economic approach to tackling cybercrime

Source: http://www.wired.com

tv crime2

Before I start this guide, I would like to make one thing clear SIM CLONING is illegal. This tutorial should be used for educational purposes only.

First off a little introduction about SIM CARD:

Our SIM cards contain two secret codes or keys called (imsi value and ki value) which enables the operator to know the mobile number and authenticate the customer, these codes are related to our mobile numbers which the operators store in their vast database, it is based on these secret keys that enables the billing to be made to that customer.

SIM cloning extracting these two secret codes from the SIM and programme it into a new blank smart card (often known as wafer) since the operator authentication on SIM is based on these values, it enables us to fool the operators in thinking that it’s the original SIM, this authentication is a flaw with the GSM technology

Now which SIM cards can be cloned?

SIM cards are manufactured based on three algorithms COMP128v1, COMP128v2 and COMP128v3. It is important note currently only COMP128v1 version SIM cards can be cloned, since this is the only algorithm, which has been cracked, bear in mind that 70% of all the SIM cards we use are COMP128v1.

Cloning a card:

1. Buy a SIM card Reader

2. Need a Blank SIM card or super SIM card

3. Download and install MagicSIM

4. Download and install USB SIM Card Reader Software3.0.1.5

6. Go in phone tools, select SIM card, then select unlock SIM, it will prompt for a code.

7 Call network provider, they will ask for your phone number, your account info, name and security code, then they will ask why you want to unlock your SIM card, just tell them you need to unlock your SIM to get it to work with your overseas phone or something.

8. Once they give you the SIM unlock code, enter it, and it will say SIM unlocked.

9. Remove the SIM from your phone, place it in the card reader, click read from card in magic SIM the application.

10. When it displays ‘connected’, select crack SIM in the toolbar. Click strong ki and select all of the other find options and then click start.

11. Once your ki is found and the crack is finished, click file, save as and save your cracked SIM info to a file.

12. IMPORTANT!!! You must click disconnect from the file menu or you will ruin your SIM card.

Once it says disconnected, remove the SIM. Put the SIM in your phone and see if it still works, it should. (If not, either you did not unlock your SIM, or you tried to copy it instead of crack and save.)

13. Insert blank 3g card USB SIM Card Reader Software3.0.1.5, not magic SIM at this point.

14. Click connect

15. It should say ‘No Info Found’ if it is truly blank.

16. Select write to SIM, it will prompt you to select a dat file, select the one you saved earlier. Now click start, it will take about 10 minutes to write it, once it is complete, it will ask for a security code, enter the security code the network provider gave you, then click finish.

17. Your card is now cloned.

It should be noted that if you try to make two calls at the same time, one will connect; the other will say call failed, both phones will get the same messages, text and voice, and both will receive the same calls, but only one can talk at a time.

 

tv crime2

Facebook has several security measures to protect users’ account, such as a user “access token” is granted to the Facebook application (like Candy Crush Saga, Lexulous Word Game), when the user authorizes it, it provides temporary and secure access to Facebook APIs.

To make this possible, users have to ‘allow or accept’ the application request so that an app can access your account information with the required permissions.

The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password.

Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user’s data and can perform any actions on behalf of the user, till the token is valid.

In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using ‘access token’.

Thus, access token is enough to allow a hacker to do all that the app authorized to do. The vulnerability is not new, it has already been known for a year, but Facebook is still vulnerable to hackers and surveillance specialized agencies like the NSA.The Facebook Security team has acknowledged the vulnerability claimed by Ahmed Elsobky, a penetration tester from Egypt, “We’d actually received an earlier report from another researcher regarding this same issue. In response to that report, we’ve been working on limiting this behavior when it comes to our official apps, since they’re pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn’t practical for right now.“He demonstrated that ‘How to hack a Facebook account by hijacking access token with Man-in-the-Middle attack‘, as shown:

saccount
Facebook apps must be protected from man-in-the middle attacks, and this can be done effectively by using HTTPS to encrypt any traffic that contains sensitive information or authentication credentials.
If You are a Facebook app developer, you should never send an ‘access token’ over unencrypted channels and Facebook users should only trust the encrypted apps and use “HTTPS Everywhere” Browser Extension for automated security.

TheHackerNews