Hackers hit New York tour firm, access 1,10,00 bank cards!!!

      Hackers have broken into the website of the New York tour company CitySights NY and stolen about 110,000 bank card numbers.

      They broke in using a SQL Injection attack on the company's Web server, CitySights NY said in a Dec. 9 breach notification letter published by New Hampshire's attorney general. The company learned of the problem in late October, when, "a web programmer discovered [an] unauthorized script that appears to have been uploaded to the company's web server, which is believed to have compromised the security of the database on that server," the letter said.

      CitySights NY believes that the SQL injection compromise occurred about a month earlier, on Sept. 26. In a SQL injection attack, hackers find ways to sneak real database commands into the server using the Web. They do this by adding specially crafted text into Web-based forms or search boxes that are used to query the back-end database.

      This was one of the techniques used by Albert Gonzalez, who in March received the longest-ever U.S. federal sentence related to hacking the systems of Heartland Payment Systems, TJX and other companies.
In the CitySights NY incident, hackers were able to get names, addresses, e-mail addresses, credit card numbers and their expiration dates, and Card Verification Value 2 codes, used to validate online credit card purchases.

      CitySights NY is best known as the operator of a fleet of blue double-decker buses, used to drive tourists around Manhattan. The company could not be reached for comment Monday.
The company began notifying customers about the incident two weeks ago. Victims are being offered one year free credit monitoring and a 50% off coupon, good for another CitySights NY tour.

      CitySights NY's parent company, Twin America, says that it has "taken several important steps to improve the level of its data security." It has locked down access to its servers and installed an application firewall in hopes of thwarting future attacks. But clearly, there's room for improvement.

Read More

Hide user accounts from user in XP

It is a very simple process:- 

1) Go to Start >> Run, and type: GPEDIT.MSC
 
2)Open the path User Configuration >> Admin Templates >> Control Panel 
 
3) Doubleclick "Hide specified Control Panel applets".

4) Select 'Enabled', then click 'Show".

5) Click Add button, and type "nusrmgt.cpl" into the add box

Read More

How to Lock icons on desktop?

     You must have arranged your desktop to look nicely with your wallpaper. Presently comes someone and mess up the nice arrangement. To lock your desktop icons into place, first arrange it carefully the way you want it to be and then:-

1) Oopen up the registry editor.

2) Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.

3) Right-click in the right-side pane and select New >> DWORD Value  and name it as NoSaveSettings and press the Enter key. 

4) Right-click on the new NoSaveSettings item and select Modify. Enter 1 in the Value data box. After this, whenever you restart Windows your settings will return to their current state.

Read More

Google Sharing: Hide yourself from google!!!

"If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place."

 

     Suppose, I wouldn't want Google to know that I am searching for young singles on the internet, you would think that logging out of your Google account might keep Google from mapping the search queries to a specific user. But you are wrong, Google can still track your usage using some smart algorithms which Google is very good at.

     Google knows whether you were logged in to a Google account or not, they know everything you've ever searched for, what search results you clicked on, what news you read, and every place you've ever gotten directions to. Most of the time, Google Analytics even know which websites you visited that you didn't reach through Google. If you use Gmail, they know the content of every email you've ever sent or received, whether you've deleted it or not. These days they are even branching out into collecting your realtime GPS location and your DNS lookups. In short, not only do they know a lot about what you're doing, they also have significant insight into what you're thinking.

So how do you protect your privacy from being exploited?

A very nice firefox add-on known as GoogleSharing.

About GoogleSharing
      GoogleSharing is a special kind of anonymizing proxy service, that will prevent Google from tracking your searches, movements, and what websites you visit. GoogleSharing is designed to anonymize your traffic exclusively your communication with Google.

How GoogleSharing hides you?
      GoogleSharing is a system that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom. GoogleSharing aims to do a few very specific things:

1. Provide a system that will prevent Google from collecting information about you from services which don't require a login.
2. Make this system completely transparent to the user. No special websites, no change to your work flow.
3. Leave your non-Google traffic completely untouched, unredirected, and unaffected.


Working:-

      The GoogleSharing system consists of a custom proxy and a Firefox Addon. The proxy works by generating a pool of GoogleSharing "identities," each of which contains a cookie issued by Google and an arbitrary User-Agent for one of several popular browsers. The Firefox Addon watches for requests to Google services from your browser, and when enabled will transparently redirect all of them (except for things like Gmail) to a GoogleSharing proxy. There your request is stripped of all identifying information and replaced with the information from a GoogleSharing identity.

       This "GoogleShared" request is then forwarded on to Google, and the response is proxied back to you. Your next request will get a different identity, and the one you were using before will be assigned to someone else. By "sharing" these identities, all of our traffic gets mixed together and is very difficult to analyze.

      The GoogleSharing proxy even constantly injects false but plausible search requests through all the identities.
You can use Google without being tracked by IP address, Cookie, or any other identifying HTTP headers. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination.

      Where Google has failed to provide universal HTTPS support, GoogleSharing has. All requests to a GoogleSharing proxy are sent via HTTPS. These eventually have to be proxied out as HTTP from GoogleSharing to Google, but your traffic is encrypted on the first path.
Running A GoogleSharing Proxy

       Proxy code is available so that anyone can run a GoogleSharing proxy instance in addition to the one that they're running.

Experts Review:-

1. GoogleSharing is a very light weight proxy service without any pesky installation.
2. Keep in mind however that GoogleSharing is not an anonymizer, so do not rely on for IP spoofing.
3. It integrates very well with firefox and you can toggle it on or off just by a single mouse click.
4. It does not hinter your browsing speed like most proxies do.
5. The HTTPS support is no hoax, it does provide an end-to-end encryption up to the GoogleSharing server.
6. You can also provide your resources for contributing to a GoogleSharing server.  

Direct Download (from google)

Read More

Hackers steal McDonald's customer data

     McDonald's is working with law enforcement authorities after malicious hackers broke into another company's databases and stole information about an undetermined number of the fast food chain's customers.

     McDonald's has also alerted potentially affected customers via e-mail and through a message on its Web site.

     "We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonald’s websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said via e-mail on Saturday.

     McDonald's hired Arc to develop and coordinate the distribution of promotional e-mail messages, and Arc in turn relied on an unidentified e-mail company to manage the customer information database. This e-mail company's systems were hacked into.

     The data, which customers had provided voluntarily, doesn't include Social Security Numbers, credit card numbers, nor any sensitive financial information, she said.

     This means that customer data likely includes full names, phone numbers, postal addresses and e-mail addresses. The spokeswoman didn't say what information was required for age confirmation, so it's not clear if customers simply checked a box saying they were adults or if they had to provide their date of birth.

    "In the event that you are contacted by someone claiming to be from McDonald's asking for personal or financial information, do not respond and instead immediately contact us," reads the McDonald's note to customers. The number to call is 1800-244-6227 (toll-free).

     The spokeswoman didn't say how many people are potentially affected and in what countries, besides the U.S. She also didn't say when the breach happened.

Read More

Website Developers are also equally responsible for the hacking!!!

    Every time a website is hacked, the hackers are to be blamed. Is it only a hacker to be blamed?

Web Developers are the real Criminals: Website Developers are equally responsible for the hacking.

     The recent incidence of CBI website is biggest embracement. The CBI registered a case against unknown hackers for defacement. But the web developer who is been paid huge amount to develop and maintain such high profile sites gets escaped from the legal clutches.

     Not only the hackers but also the website developers are equally responsible for the hacking since they don't develop websites which are completely secured. Jeff Moss, a black hat hacker has said that no hacker can hack any website if it is secured. Hackers can hack only those websites that have vulnerabilities.

    The developers are paid lakhs of rupees for their creation and hence it is their responsibility to develop it without any loopholes. But, their carelessness invites the hackers who are looking out for prey to hack them. There are many website developers who don't realize the poor programming techniques they propagate. Surprisingly, most of the web developers are not certified. The Government website of our country too is developed by such web developers who are not trained but only have a little skill.

     A hacker requesting anonymity said, “Why the hackers are targeted and not the web developers and testers? Hackers hack only those websites which have vulnerabilities. Web developers should be prosecuted for their sloppy work.”
While selling themselves as experts (which make convincing management that they are wrong hard), they use bad programming practices.

     Sometimes the website of very crucial department has been given to web developers who are still studying in the college and don't have any professional experience of any type of website development. Only on the basis of the relationship, those site development work has been given to college going kids (Who even don't know the basics of how to secure a website). Resulting website with full of loopholes inviting hackers causing embracement.

     “Developers must possess advanced PHP skills and have hacking/security knowledge for web development. Also, they should have a good understanding of a large range of other computer-related topics. They are responsible to code new projects, handling of bug fixes and bug reports,” said, Mahesh Salunke, a web developer.

     Developers are blissfully ignorant in knowing how insecure the code they write is. To overly simplify, an application security specialist’s job is to remove a developer’s bliss, their happiness.

     Why don't developers write secure code? “Why should developers write secure code? There, that's the question the application security industry needs to be answering, and answering convincingly. Secure code is not implicit, it's explicit. Meaning, code cannot be considered even remotely secure unless one specifically asks for it, in the requirements," said Subhash Jha, Asst. Web developer. Adding further he said, “If the company asks only then it would be developed smartly and tested thoroughly. If secure code isn't explicitly asked for, you almost certainly won't get it.”

     He also said, 'To further emphasize the point, if you read any software end-user licensing agreement (EULA) you'll notice software makers directly state that there is no warranty and no guarantee regarding the performance of their product, which includes security, and at the same time they waive all liability should any errors occur. Therefore unless a new and profound legal precedence is set regarding the enforceability of these EULA provisions, secure code being explicit, rather than implicit, is unlikely to change.”

Read More

How To Setup Your Own DNS (Domain Name Server)

For Advanced Users and Professionals

This is only a quick tutorial, there are literally hundreds of little tricks you can do with a DNS, but this will get your basics up and running. We are assuming you want to setup a windows DNS server, but the principals will work for most servers.

You will need..

1. A domain name over which you have full control.
2. DNS server software(Windows server always comes with one of these).
3. At least one fixed IP address, allthough two is highly desirable.
4. An idea of what services you want on your server. 

The first thing you need to do is create your new domain entry. 

In windows this is called a "Zone" and you will have one for every domain name you have. Add your main domain in the forward lookup zone as a Primary zone, which will be in the format "Domainname.com", or .co, .in, or whatever, you shouldn't need any more details for this bit. Do *not* allow dynamic updates unless this is a local network DNS. Once it is created you will have 2 entry's under your new domain, "SOA"(Or Start of Authority) and "NS"(Or Name server). If you want a 100% compliant DNS then you should now follow the same process but adding a domain as a reverse lookup zone. Any changes you make to the forward lookup should have the "Update Reverse Lookup" option ticked if its available, if not you must update the reverse zone manually(This is very important).

Now edit the "NS" entry in your forward zone to "NS0.DomainName.Com", and set it to the relevant IP address. Add another (NS) record and set it to "NS1.DomainName.Com". If using 2 IP address, try to make NS0 the first IP. Now you need to configure the SOA entry in the forward lookup zone. The serial number should be changed to a date followed by a number in this format "YYYYMMDDnn", this is not required, but is advised by RIPE. The primary server will be the "NS0.domainname.com" entry you just made and the responsible person should be left for now. The refresh interval should be set somewhere between 1200 to 43200 seconds, the retry should be between 120-7200 seconds and the expires after should be around 2-4 weeks(I'll let you work out the seconds for that). The minimum TTL is quite important, and depending on what you are going to do with the domain, you might need to tweak this a bit. Typically a value between 1-3 hours should be used. Now go to your "Name server" settings in your SOA record(In windows this is a tab in the same window) remove the defaults, and add your two Name servers that you just setup. We will come back to the SOA record later, but for now we need to do some more stuff.

If you want a website, then your going to want the WWW. setting up. We will set it up as an "A" record, which means it is a separate top level record and will be populated separately from other entries. So add an "A" to your forward lookup zone and put the entry as "WWW", and set the IP address to wherever you want the website to be. This will be where the domain always goes, and it could be anywhere. Just make sure there is a web server waiting there for it. If you want FTP, then setup the same thing but with "FTP" in the entry. You will now also have to setup "A" records for the NS0 and NS1 name servers that you added previously, just make them the same as WWW and FTP, but make sure the IP addresses match the ones used for setting up the "NS" records. Also add a blank "A" record, this will make sure that "domainname.com" works as well as "www.domainname.com".

Now you should decide whether or not you want to have mail on this domain. It is advisable that you set one up, even if it just to catch domain mail about abuse or potential problems that might occur. You can find plenty of high quality free mail servers out there, but I would recommend "Mail Enable", its free and provides everything you would want, but if you want webmail you do have to pay something extra for it. We will now configure the MX records. Add an "A" name for your mail server, you can add 2 if you want, but for simplicity I would advise staying with 1. We will call ours "Mail.domainname.com", and point it to one of our IP addresses. Now add an "MX" record in the Forward Lookup zone, giving it the full "A" record you just entered "Mail.domainname.com", and do not setup a host or child domain, just leave it blank.

This next step isn't needed, but is again highly recommended.

Now to finish the SOA you need to add two more records. A "RP" entry, which is a Responsible Person, and they will be the contact point for domain complaints and a "MB" entry, which is a mailbox entry. The "MB" should just be pointed to the mail server domain name "Mail.domainname.com", and the "RP" should have the host or domain set to the name of your mail box. So for this server it will be "Tony.Domainname.com", and the mailbox will be set to the "MB" record you just made. Don't worry about the RP address having no "@" in it, this is the expected format for an "RP" entry. You will now have to go back into the SOA and change the responsible person to the new "RP" record you just made.

And thats it, your done! You can add as many "A" records as you like to point to other web servers, or a multitude of FTP sites. And you can add "CNAME" records to basically point to another name, usually an "A" record, like an alias.

Now before you switch your domain on, you need to check that the server is performing properly. So go to www.dnsreport.com, and run the report on your domain "domainname.com", and it will give you a very detailed report of any problems, and even a short description of how to fix the problems. If all is OK, then you are ready to go live. If your domain name is new, or not currently hosted anywhere then the first thing you should do is re-point the domain at your new server. You will typically do this with the provider who owns the domain, and it will be different with all hosts. But the basic settings are the same. You will be asked for at least 2 name servers and ip addresses to go with them. Just put in "NS0.domainname.com" and "NS1.domainname.com" and put in the correct IP addresses. Make sure you do not mess this up, as changes to your main NS servers could potentially take several days to straighten themselves out. Update these settings, and then sit back and wait. You can do a whois on the main DNS server of your domain provider to check if the settings have worked, but again this doesn't always work. For the big 3 domains(.com .net .org) you can do a whois on the network associates site to see the changes instantly. You can also track the progress of the domain changes by doing an NSLookup in dos, like this...

c:\nslookup ns0.domainname.com NS0.yourprovidersdns.com

That will give you the entries your domain provider has

c:\nslookup www.domainname.com ns0.domainname.com

And this will tell you if the changes for your domain have gone through to your ISPs DNS yet. It should give you back the IP address of your new DNS server.

You should always make sure your server is backed up, and that you refresh or update the DNS when you are making changes. 

Tutorial Dedicated to NTMS Training Institute, Dombivali

Read More

CBI Website hacked by Pakistan Cyber Army

     Barely a week after the Indian Cyber Army hacked 35 Pakistani Government sites, the Pakistani Cyber Army has hit back by hacking the CBI site of Indian Government at http://www.cbi.gov.in/index.php.

     The CBI is the Central Bureau of Investigations for India and is one of the biggest crime investigation organization in the country. This hack is definitely a slap in the face for Indians. The Pakistan Cyber Army has left a message saying that this attack was a response to the "Indian Cyber Army". It is a known fact that the Indian and Pakistani governments are at loggerheads, but this is taking the war to digital levels now.
Pakistanis hackers have cleared the throat the website of the Intelligence Agency of India … but CBI being the premium intelligence branch in India, The Current Affairs.com News Report Indian officials

     Pakistanis hackers have cleared the throat the website of the Intelligence Agency of India (Central Bureau of Investigation, CBI) where they posted the slogans expression Pakistan Zindabad(Long Live Pakistan).
So summoned Pakistani hackers “Pakistani Cyber Army” have contended the liability in which they have organised fun of Indian Hackers and Intelligence Agencies.
The hackers are also contending to have received into the Indian governments cyber agency’s servers. So far the Indian officials are not yet remove any person who are the population behind this act.

      Some gurus also are suspecting terrorists to be behind this conduct of cyber protection breach.
Till date chinese hackers had been actively clearing the throat Indian central social family members and defense sites, but CBI being the premium intelligence branch in India, Indian officials are taking this material very seriously.


The message left on the CBI site is as follows:

Oooopssss! WTF? CBI? Cyber Crime? Hacked? hahaha funny aint it! :P
This attempt is in response to the pakistani websites hacked by ‘Indian Cyber Army’. We told you before too ..we are sleeping but not dead..remember PCA( Pakistan Cyber Army)!..back off kids or we will smoke your d00rs off like we did before..lets see what you investigating agency so called CBI can do for you or for us! haha…one more attempt from your side..we got your every website lying around here like its our local server! buahahaha..so we would like to say to your 31337 hackers and your 31337 NIC team..go and read some more books ..you guys are seriously bunch of script_kiddies! ..you know nothing rite now..got r00t access to NTC server? wtf..mass defacements..how about something like this..a planned attack! haha..btw we got r00t to your NIC too :P ..your filtering sucks..have fun! and DO NOT DISTURB..we got better things to do.. :D ..stop complaining about pakistani websites security..secure your own ass first..thats what intelligent people do!..lol…tata :D

Read More

Snaptu : All apps in a single app at one place

Snaptu is a fast stylish all-in-one app that includes your mobile essentials in one place: Twitter, Facebook, Flickr, Picasa, News, AccuWeather, Sports (Cricket, Soccer...) Movies, Sudoku and much more...

Instead of cramming your phone with lots of individual apps that eat battery, waste space and slow things down, guess what? You can have Snaptu -- a single efficient and incredibly powerful app that keeps your phone running full speed ahead.

Prepare to be amazed - download Snaptu now, for free!

Featured snaptu applications:

Facebook - Stay updated with your social life while on the go. Never lose touch with your friends again - get live news and status updates, browse through your friend's profiles, read and write messages and update your status.

Twitter - See your friends time line, write new twits, reply to twits, write and read direct messages, see followers and following lists and more

Football - Football - Live football coverage, showing real-time game results, news, commentary, favorite tournaments and teams by Score24Live

Picasa - Picasa photo browser - view public and private Picasa Web Albums, and search for photos from your mobile phone

News & Blogs - RSS reader - read your favorite feeds and blogs, post on Facebook, Twitter or send by email anytime, anywhere – for free.

Cricinfo - Cricinfo cricket news updates and live scores

 Recommended by

   After Downloading Copy to your phone and enjoy !!

    You can also catch us on snaptu and read all our posts right on your phone

    For this after installing snaptu, go to the news and blogs app and our feed url

    Feed URL : pcsneakers.blogspot.com

    Now after starting snaptu when you start news and feeds u get all our posts directly
                                                                                                                                                        DOWNLOAD SNAPTU 
                  JavaVersion|All Phones|106KB

Read More

How to create a huge file?

You can create a file of any size of upto 1 GB without the use of any softwares without any contents in the file.

1) Start by converting the desired file size into hexadecimal notation. You can use the Windows Calculator in Scientific mode do to this. Suppose you want a file of 1 million bytes. 

2) Enter 1000000 in the calculator and click on the Hex option to convert it (1 million in hex is F4240.) 
Pad the result with zeroes at the left until the file size reaches eight digits—000F4240.

3) Now open a command prompt window. 

4) Enter the command DEBUG BIGFILE.DAT and ignore the File not found message. (You can create a file with any extension of your choice.)

5) Type RCX and press Enter. Debug will display a colon prompt. 

6) Enter the last four digits of the hexadecimal number you calculated (4240, in our example). 

7) Type RBX and press Enter, then enter the first four digits of the hexadecimal size (000F, in our example).

8) Enter W for Write and Q for Quit. 
You've just created a 1-million-byte file in the location as seen in command prompt window using Debug. 

Of course you can create a file of any desired size using the same technique.

Read More

Police: "College employee stole from students to fight HIV"

    
      A 19-year-old employee of a Rochester, New York, community college stole thousands of dollars from students' online accounts because he needed the money "to find a cure for HIV," according to investigators.
Terry Zimmerman was charged late last week with one count of computer fraud after allegedly confessing to a Brighton, New York, police investigator.

     Zimmerman said he stole the money "to help find a cure for HIV and because he owed money to others," according to an affidavit by U.S. Federal Bureau of Investigation Special Agent Barry Couch, filed in the case.

     His lawyer, Robert Smith, declined to comment on the matter Wednesday. Zimmerman worked at Monroe Community College's Electronic Resource Center, where one of his jobs was to help students log into their college accounts. In late October, the school started receiving complaints that some students were not receiving their tuition refunds.

     The school found that about a dozen users of its online refund program, called eRefunds, had had their bank account numbers and e-mail contact addresses changed, so that refunds and notifications were not sent to the students.

     Police say debit cards associated with the unauthorized bank accounts were mailed to Zimmerman's address, and that the new e-mail contact addresses belonged to Zimmerman too.

More than US$10,000 in refunds was stolen, according to the affidavit.

Read More

Boot Your Windows Xp Faster

     Well, this is not a hack but just a pure system trick. This simple trick would make u feel more handy on your System, as this one would make your win XP load much faster..

So here we go... 

1. Open notepad.exe, type "del c:\windows\prefetch\ntosboot-*.* /q" (without the quotes) & save as "ntosboot.bat" in C:\
2. From the Start menu, select "Run" & type "gpedit.msc".
3. Go to "Computer Configuration" >> "Windows Settings" and double click again on "Shutdown" in the right window.
4. In the new window, click "add", "Browse", locate your "ntosboot.bat" file & click "Open".
5. Click "OK", "Apply" & "OK" once again to exit.
6. From the Start menu, select "Run" & type "devmgmt.msc".
7. Double click on "IDE ATA/ATAPI controllers"
8. Right click on "Primary IDE Channel" and select "Properties".
9. Select the "Advanced Settings" tab then on the device or 1 that doesn't have 'device type' greyed out select 'none' instead of 'autodetect' & click "OK".
10. Right click on "Secondary IDE channel", select "Properties" and repeat step 9.
11. Reboot your computer.

Read More