Give your Desktop a Mozaic Touch

Experience the Windows 8 Metro Stlye UI on your Computer

Windows 7 God Mode

Get an Advanced Control Panel in Windows7 by enabling God Mode

Download Internet Explorer 9

Enjoy The Internet in a New and Secure Way

Microsoft Office 2010 Professional Activation

Activator for Microsoft Office 2010 Professional 100% Working..!!

Flash Wallpapers for Mobile

More than 175 Flash/SWF wallpapers for Mobile with System Info

Friday, December 30, 2011

Kaspersky Internet Security Memory Corruption Vulnerability

          Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
          The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process. The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
 
Affected Version(s):
  • Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
    • KIS 2012 v12.0.0.374
    • KAV 2012 v12.x
  • Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
    • KIS 2011 v11.0.0.232 (a.b)
    • KAV 11.0.0.400
    • KIS 2011 v12.0.0.374
  • Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
          The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ... (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.

Thursday, December 29, 2011

Backdoor in Android for No-Permissions Reverse Shell

          Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.

          Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world.
It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.

          The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.
 
          Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it

Wednesday, December 28, 2011

US Chamber Of Commerce Hit by Chinese Hackers

         A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members. The hackers may have broken into the Chamber’s network more than a year before they were discovered. It is not confirm when the initial break-in occurred but security officials from the Chamber quietly shut the breech down in May of 2010.
 
          "What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," the Chamber's chief operating officer David Chavern told the Journal in an interview published today.

          It isn't clear how much of the compromised data was viewed by the hackers. Chamber officials said the hackers had focused on four Chamber employees who worked on Asia policy, and stolen six weeks of their email. The Chamber learned of the break in when the FBI told the group that servers in China were stealing its information. The Chamber put a stop to the attacks by unplugging and destroying several computers and overhauling its security system.
 
A Chinese Embassy official, based in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks and that claims the hacking originated in China, “lacks proof and evidence and is irresponsible,” adding that the hacking issue shouldn’t be “politicized.” . People close to the case told the Journal the emails revealed names of key firms and individuals in contact with the Chamber, policy documents, meeting notes, trip reports and schedules.

The U.S. has charged China with waging a clandestine hacking war for years now. Last year, the U.S.-China Economic and Security Review Commission (USCC) said that the Chinese government is attacking the U.S. on a "massive scale." Each time the U.S. charges China with hacking into networks, servers, or Web sites, the Chinese say they're innocent. After the U.S. charged China with hacking into satellites earlier this year in another USCC report, for example, China Foreign Ministry spokesman Hong Lei said that the the claims were simply "untrue."

Suspicious activity is still found on a regular basis. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an internet address in China, they say, and a printer used by Chamber executives spontaneously began printing pages with Chinese characters.“It’s nearly impossible to keep people out. The best thing you can do is have something that tells you when they get in,” said Mr. Chavern, the chief operating officer. “It’s the new normal. I expect this to continue for the foreseeable future. I expect to be surprised again.

Windows 7 64-bit Memory Corruption Vulnerability

          A person known by the alias of "w3bd3vil" on twitter released an HTML snippet that will cause the 64 bit version of Windows 7 to blue screen if  viewed under Safari. The underlying vulnerability is however not a flaw in Safari but rather a flaw in the Windows kernel mode device driver, win32k.sys.

"A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges," the Secunia advisory said.
The possibility that the vulnerability can be exploited by using means other than Safari cannot be ruled out. According to webDEViL, the source of the vulnerability is the function NtGdiDrawStream. This could evolve either into a local privilege escalation issue or a remote code execution as admin problem. In particular if triggered by more popular browsers (Internet Explorer, Firefox, Chrome).

Tuesday, December 27, 2011

Apple Crash Reports Help Hackers to create a jailbreak exploit

          Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software & Jailbreakers use Apple crash reports to unlock iPhones.

          Jailbreaking is basically modifying the iPhone’s firmware so that you can get access to the internals of its operating system and install a whole slew of third-party applications on your iPhone that are not otherwise available through official channels. Jailbreaking your iPhone in and of itself doesn’t normally make much difference in your operation of it, but it does allow you to install other third-party applications that are not blessed by Apple.

         A collective of hackers known as the iPhone Dev-Team publishes easy-to-use, cross-platform tools that allow you to install third-party apps on your iPhone that Apple won't admit into its App Store. The latest version of the iPhone's operating system is proving to be extremely hard to jailbreak fully, according to Joshua Hill, a member of the Chronic Dev hacker team."Apple is really making it tough for us. The iPhone is now better protected than most nuclear missile facilities," he says.

          Jailbreaking your iOS device also enables you to change your phone’s behavior and even add some nifty extra features. One such feature that Apple prohibited was FaceTime or any demanding data tasks over 3G.
 
          How Hackers Develop a Jailbreak application ? Well, Hackers like Mr Hill hunt for programming errors, or bugs, in Apple's software. Bugs may result in a program crashing or shutting down, and they are like gold dust to hackers because sometimes they can be exploited to create a jailbreak. Hackers may have to crash a particular program thousands of times as they work out how to exploit a bug successfully, but this alerts Apple that the bug exists and that hackers may be investigating it.

Phone manufacturers don’t want you to do it because of the small number of cases in which it can make the phone unstable or open it up to security breaches. It then makes them look bad because it’s their phone that’s crashing or introducing malware to your network. 

But Users Hate hate it even more because it can cost them money. They even go so far as to cripple features that the phone makers build in, so they can charge you an extra fee for the same service. One example is Wi-Fi hotspot capability, for which carriers charge up to $30 per month when you can do the same thing on a rooted phone with no extra fees using a free or low, one-time-cost app. Some carriers also don’t want you running apps like Skype to make phone calls instead of using expensive cellular voice minutes.

           Is Jailbreaking Legal ? In July,2010 The United States government announced that jailbreaking and unlocking iPhones, rooting of Android phones and ripping DVDs (for educational purposes) is completely legal as long as they are not violating copyright law.  It is also apparently not illegal to jailbreak devices in the UK, although it does invalidate product warranties.

          Apple tries to prevent jailbreaking for security reasons once a phone has been jailbroken users could unwittingly install malware that might not get past Apple's approval process. Mr Hill rejects this argument: "I am trying to make sure that my phone is safe and your phone is safe. Apple cares about money, not your safety." As yet the Chronic Dev team has not announced that it has found any bugs that it can exploit, but a member of the team called pod2g claims to have found a way to create an untethered jailbreak anyway. Even if Apple fixes the bug that makes this jailbreak possible, Mr Hill is confident that the hackers will find more ways.

Iranian engineer hijack U.S. drone by GPS hack

          An Iranian engineer working on the captured US drone has said that Iran exploited a weakness in the craft’s navigation system to hijack it. The aircraft was downed through a relatively unsophisticated cyber-attack that tricked its global positioning systems (GPS).

          The U.S. Department of Energy notes that GPS is widely used, but insecure, although few users have taken note. GPS signals for the U.S. military are similarly insecure, and drones often rely on signals from multiple satellites. It’s possible to spoof unencrypted civilian GPS systems. But military GPS receivers, such as the one likely installed on the missing drone, use the encrypted P(Y)-code to communicate with satellites.
          “With spoofing, an adversary provides fake GPS signals. This convinces the GPS receiver that it is located in the wrong place and/or time,” the vulnerability assessment team at Argonne National Laboratory explained. “Remarkably, spoofing can be accomplished without having much knowledge about electronics, computers, or GPS itself.

         Other drone vulnerabilities have also highlighted security fears. In October, Danger Room broke the news that the cockpits at the Air Force’s drone fleet based out of Creech Air Force Base in Nevada were infected with a virus. Malware had apparently made its way onto computers because someone had been using one to play the Mafia Wars game a stunning security faux pas.

          The RQ-170 Sentinel has been seen on display by Iran's gloating military after it went missing along the Afghan-Iran border earlier this month - but a former Pentagon official said it seems to be a fake. However the engineer working on the CIA drone’s system told the Christian Science Monitor that his country fooled the aircraft into touching down in Iran - instead of its programmed destination.The engineer claimed the electronic attack made it 'land on its own where we wanted it to, without having to crack the remote-control signals and communications' from the U.S. control centre.
          The drone was used for covert surveillance such as the operation to spy on the Pakistan compound of Osama Bin Laden before he was killed in a U.S. raid in May.Iranian officials have said the drone came down over eastern Iran, hundreds of miles from the cluster of nuclear sites in the central and north-west of the country.They believe they can 'mass produce' the captured drone by 'reverse engineering' the aircraft.

1.8 Million Accounts Hacked from Square Enix Japanese Game Company

          Square Enix stated yesterday that somebody "may have gained unauthorized access to a particular Square Enix server" and took its members service offline in both Japan and the U.S. Today, the company clarified that 1.8 million customer's accounts had been affected.

          The company said it noticed that unknown parties had accessed the server for its free "Square Enix Members" site on Tuesday afternoon, and decided to shut down the service the same day. Users register on the server with their email addresses and sometimes their names, addresses and phone numbers, but the server holds no credit card information, a spokesman said.
 
          The intruder breached an unknown number of servers that could hold data for the service's one million members in Japan and 800,000 members in North America, but left untouched the servers with its 300,000 European members. In May, Square Enix said it suffered hacking attacks into the web site of a Canadian subsidiary and two product sites. It said 350 applicants' resumes and up to 25,000 email addresses were stolen in that attack.

Anonymous hackers claim responsibility for Stratfor cyber attack

          Anonymous hacktivists said they were able to attack Stratfor’s website as the company did not encrypt it. The activist hacker group Anonymous said it has hacked the website of the US-based security think tank Strategic Forecasting (Stratfor).

          Stratfor's chief executive George Friedman confirmed that the site had been the victim of a hack attack. Credit card details, home addresses and some other personal details of its 4,000 subscribers were made public on a website named Pastebin, according to Stratfor. The company stated in an email that as a result of this incident the operation of its servers and email had been suspended.

          Anonymous hacktivists, who had been reportedly responsible for attacking the websites of companies and institutions that opposed WikiLeaks and its founder Julian Assange, claimed they were able to attack Stratfor's website as the company did not encrypt it. Stratfor in a statement said it was "working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible."

See the Aero Glass Animation effects in slow motion

This is how aero glass looks when we minimized the window

For those of you have have the Aero Glass interface on your computer, it is possible to hold down the shift key while closing, opening, and minimizing a windows to see the animation in slow motion.  If you would like to test this out, just follow the steps below:
  1. Open up Regedit.
  2. Navigate thru HKEY_CURRENT_USER, Software, Microsoft, Windows, DWM.
  3. Create a new DWORD called AnimationsShiftKey inside the DWM folder.
  4. Set the new DWORD that you just created to a value of 1.
  5. Click on start >> cmd >> (right click) run as administrator
  6. Run net stop uxsms at administrative rights command prompt followed by net start uxsms to restart the DWM engine.
Once you have restarted the DWM engine, just hold down the shift key to see any of the window animations in slow motion.

Tip: Hold down shift and start Flip 3D. Very Cool!

Monday, December 26, 2011

Create a Flip3D Taskbar Icon in Windows 7

Flip3D was a fun and cool looking feature in Windows Vista that can be very useful for switching between windows. With the improved Windows 7 taskbar, Flip3D was replaced with improved thumbnails and Aero Peek. Those are both good alternatives but I like the speed of viewing all my open windows at once and switching with just two clicks.

This article will show you how to create a Flip3D icon on the Windows 7 taskbar:
 
 
  • Right click on the Desktop and select New and then Shortcut.
  • Type in RunDll32 DwmApi #105 in the location box and click Next


  • Type in Flip3D as the Name and click Finish.
  • You will now have an shortcut on the desktop that will launch Flip3D but it has the wrong icon. 
  • Right click on the Flip3D shortcut and select Properties.


  • On the Shortcut tab click the Change Icon button. 
  • Change the Look for icons in this file text box to C:\windows\explorer.exe and it Enter.  The Flip3D icon will now be available. Select it and click OK.


  • Click OK to close out the shortcut properties window.
  • Finally, just drag and drop the new shortcut on the Windows 7 taskbar to pin it. 
  • Now click on it and see the magic. :)

Saturday, December 24, 2011

Customize your Desktop : Rainmeter

What's on your desktop?


 

 Rainmeter displays customizable skins, like memory and battery power, RSS feeds and weather forecasts, right on your desktop. Many skins are even functional: they can record your notes and to-do lists, launch your favorite applications, and control your media player - all in a clean, unobtrusive interface that you can rearrange and customize to your liking. Rainmeter is at once an application and a toolkit. You are only limited by your imagination and creativity. Rainmeter is open source software for Windows XP/Vista/7 distributed free of charge under the terms of the GNU GPL v2 license.

Download Rainmeter

Tuesday, December 20, 2011

Denial of Service Attack Vulnerability in Windows Phone 7.5

          Microsoft's range of Windows Phones suffer from a denial-of-service attack bug that allows attackers to reboot the device and disable the messaging functionality on a device.
 
          A malicious SMS sent to a Windows Phone 7.5 device will force it to reboot and lock down the messaging hub. WinRumors reader Khaled Salameh discovered the flaw and reported it to us on Monday. WinRumors said tests revealed that the flaw affected a variety of devices running different builds of the mobile operating system. A Facebook chat message and Windows Live Messenger message will also trigger the bug.
 
          Both Apple and Google have suffered from SMS bugs with their iOS and Android devices. Security researcher Charlie Miller discovered a flaw in the iOS 3.0 software that allowed attackers complete control over an iPhone at the time. Android-based phones also suffered in the SMS attack, but attackers could only knock a phone offline rather than gain full access.

          Microsoft representatives did not immediately respond to a request for comment, but WinRumors says it is working with the tipster to privately reveal the flaw to Microsoft.