How To Hack Orkut?

Ever wondered how to hack Orkut account? Well, here are some of the ways through which you can gain access to Orkut account.

Google uses a 4 Level Orkut login feature which makes it difficult to hack it using brute force attack. Hence, it is almost impossible to use the brute force approach to gain access to Orkut account. Before we discuss on how to hack Orkut, let us take a look at the 4 level secure login feature of Orkut account.


First Level - Security-SSL or 128 bit secured connection

Second Level - Orkut account checks for the presence cookie in the user’s system

Third Level - Orkut provides a redirection to the entered User information

Fourth Level - Orkut doesn’t use conventional php/aspx/asp coding. So, it is impossible to hack Orkut using input validation attack!!!

So, it is not an easy task to hack Orkut by breaking this security! However, there are some people who still manage to gain access to other’s Orkut accounts. The question concerned is how they do it?

Many of them just use simple tricks that fool users by making them to leak out their password by themselves. Read on to discover the tricks used by hackers to hack Orkut account.


Ways to Hack Orkut Account

1. Using a Keylogger is one of the Easiest Way to Hack Orkut password. Keylogger programs can spy on what the user types on his/her computer keyboard. A Keylogger program operates in a complete stealth mode and thus remains undetected. Hence, the victim will never come to know about it’s presence on his computer.

A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. A keylogger program is widely available on the Internet. One of the best is listed below:

SniperSpy

A detailed information on keylogger hack can be found in my post on How to Hack an Email Account.


2. Phishing Attack is the most popular way of hacking/stealing other’s password. This attack works by using fake login pages (login pages that look exactly same as that of Orkut, but a fake one) to fool innocent users to enter their Orkut username and password in these fake login pages instead of the real ones. When the users land on a fake login page, they enter their Orkut username and password thinking it to be the real one, but actually, it is other way round. It submits all the entered details to the creator (usually the hacker) of the fake login page.


3. Orkut New Features Trick: Some websites on Internet claims to offer many additional features for Orkut users. Usually, these websites will offer a login page from their own website and force users to login to their Orkut account from this page itself inorder to gain access to the additional features. In fact, these websites are nothing more than a scam. They simply take away your login details when you enter your Orkut username and password on their pages. This is somewhat similar to that of phishing attack.


4. Community Links: Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. This is definitely a trap created by the hacker to hack your Orkut password. Clicking on this link will take you to a fake login page where you end up losing your password.


5. Java script: You must have seen the circulating scraps that asks you to paste a certain code (javascript) onto your address bar. Well, sometimes these scripts will hijack your session by stealing your cookie. So, it is better to avaoid running any unknown script from your orkut account.

So, I hope that this article will not only teach you how to hack Orkut, but also tell you how to protect your Orkut account being hacked.

Inside GoOgLe – A Collection of Strange Links on Google

Although Google is a search engine, it’s also a website. It has millions of it’s own pages indexed in it. When i was digging deep inside Google i found some strange links inside it. So I decided to compile a list of strange Google links. Enjoy!



1. If you ever wondered all the misspellings of Britney Spears and their volume, you must check this out.
http://www.google.com/jobs/britney.html

2. These two links are to fun Google games
http://www.google.com/Easter/feature_easter.html

http://www.google.com/heart/heart01.html

3. Quench your thirst for knowledge with Google Gulp
www.google.com/googlegulp

4. Check out Google’s latest ideas
http://www.google.com/experimental

5. If you are fond of puzzles
http://www.google.com/puzzles

6. Tribute to Moms
http://www.google.com/moms01

7. Google Mobile maps
http://www.google.com/mobile/gmm/index.html

8. http://www.google.com/tofc

9. Are you scary smart?
http://www.google.com/scarysmart

10. Google press center
http://www.google.com/press

11. Google apps
http://www.google.com/a/help/intl/en/var_0.html

12. Mind-racing problems
http://www.google.com/indiacodejam

13. Doodle 4 Google
http://www.google.com/doodle4google

14. The virgle
http://www.google.com/virgle

15. Google Alerts
http://www.google.com/alerts

16. Urchin Software from Google
http://www.google.com/urchin

17. Google dictionary
http://www.google.com/translate_dict

18. Inside google
http://www.google.com/plex

19. Movie reviews
http://www.google.com/reviews

20. Google Mars
htttp://www.google.com/mars

21. Google Sky
http://www.google.com/sky

22. Google’s next Coding Competition site
http://www.google.com/codejam

23.http://www.google.com/pda

24.http://www.google.com/m

25.http://www.google.com/imode

26.http://www.google.com/jsky

27. Blog search
http://www.google.com/blogsearch

28.Microsoft on google
http://www.google.com/microsoft

29. Google Moon
http://www.google.com/moon

30. Google Linux
http://www.google.com/linux

31. http://www.google.com/ie

32. Google tour
http://www.google.com/tour/services

33. Google TOS
http://www.google.com/accounts/TOS

34. Google trends
http://www.google.com/trends/hottrends

35. Google arts
http://www.google.com/Top/Arts

36. Google 3d warehouse
http://www.google.com/sketchup/3dwh

37. Google Adult content
http://www.google.com/Top/Adult

38. Google & Dilbert Doodle
http://www.google.com/dilbert.html

39. Google in Kannada
www.google.com/intl/kn

40. Google strange logos
http://www.google.com/doodle8.html
http://www.google.com/doodle9.html

30.Win Registry files in google
http://www.google.com/google_rsearch.reg

31.Google Universities Search
http://www.google.com/options/universities.html

Oops there’s still lot more.But only this much for now….

Use Gmail Account to Send Emails from Multiple Addresses

In this post I am going to show you how to use your Gmail account to send and receive emails from multiple addresses. Most of us own more than one email account say for example, one from Gmail, one from Yahoo and one from Hotmail. If you are tired of logging into multiple accounts to check your inbox or to send emails, I have a solution here.

Gmail has an option to integrate multiple email accounts (email addresses) into a single Gmail account. Once you integrate multiple email addresses into your Gmail account, you can use the same account to send emails from different addresses and receive emails for different addresses. Let’s take a simple example

Suppose you have three email addressess (email accounts)

1. holyhacker@gmail.com

2. holyhacker@yahoo.com

3. holyhacker@hotmail.com

You can integrate the emails holyhacker@yahoo.com and holyhacker@hotmail.com to holyhacker@gmail.com and operate all the three accounts from your single gmail account. Here is a step-by-step procedure to do this.

1. Login to your gmail account.

2. Click on Settings at the top right corner.

3. Under Settings, click on Accounts tab.

4. Now you’ll see the first option “Send mail as:“

5. Under this option, click on Add another email address you own

6. Now a small new window will pop-up asking you to enter the details of your new email address.

7. Here you can enter any name and any email address. The email address need not belong to gmail only. You can enter your yahoo, hotmail or any other valid email address.

8. A Verification email will be sent to the address that you specify. Once you verify that you own the email address, it will be integrated to your Gmail account.

Now when you compose a new email, you’ll see an option to select from multiple address to send the mail. Also you’ll receive the incoming mails for multiple addresses to a single mailbox. I hope this will benefit you.

Before you leave, I should also tell you one good advantage of this. According to Gmail privacy policy, they will not send the user’s IP address in the outgoing emails. That means when you send an email from your Gmail account , the receiver will not be able to find out your IP address. But you don’t have this advantage in Yahoo or other email providers.

Please share your opinions through comments. I hope this helps….

Netbios Hacking

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.

STEP-BY-STEP NETBIOS HACKING PROCEDURE

1.Open command prompt

2. In the command prompt use the “net view” command
( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

Example: C:\>net view \\219.64.55.112

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.

3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1: 
C:\>net use D: \\219.64.55.112\F
Example-2: 
C:\>net use G: \\219.64.55.112\SharedDocs
Example-3: 
C:\>net use I: \\219.64.55.112\Myprint

NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack.

4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.

Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.
HAPPY NETBOS HACKING!!

How to Trace Mobile Numbers

With the rapid growth of mobile phone usage in recent years, we have often observed that the mobile phone has become a part of many illegal and criminal activities. So in most cases, tracing the mobile number becomes a vital part of the investigation process. Also sometimes we just want to trace a mobile number for reasons like annoying prank calls, blackmails, unknown number in a missed call list or similar.

Even though it is not possible to trace the number back to the caller, it is possible to trace it to the location of the caller and also find the network operator. Just have a look at this page on tracing Indian mobile numbers from Wikipedia. Using the information provided on this page, it is possible to certainly trace any mobile number from India and find out the location (state/city) and network operator (mobile operator) of the caller. All you need for this is only the first 4-digit of the mobile number. In this Wiki page you will find all the mobile number series listed in a nice tabular column where they are categorized based on mobile operator and the zone (state/city). This Wiki page is updated regularly so as to provide up-to-date information on newly added mobile number series and operators. I have used this page many a time and have never been disappointed.

If you would like to use a simpler interface where in you can just enter the target mobile number and trace the desired details, you can try this link from Numbering Plans. Using this link, you can trace any number in the world.

By using the information in this article, you can only know “where” the call is from and not “who” the caller is. Only the mobile operator is able to tell you ”who” the caller is. So if you’re in an emergency and need to find out the actual person behind the call, I would recommend that you file a complaint and take the help of police. I hope this information has helped you!

Is your Nokia Cell Phone Original

Nokia is one of the largest selling phones across the globe. Most of us own a Nokia phone but are unaware of it’s originality. Are you keen to know whether your Nokia mobile phone is original or not? Then you are in the right place and this information is specially meant for you. Your phones IMEI (International Mobile Equipment Identity) number confirms your phone’s originality.

Press the following on your mobile *#06# to see your Phone’s IMEI number(serial number).

Then check the 7th and 8th numbers

Phone serial no. x x x x x x ? ? x x x x x x x

IF the Seventh & Eighth digits of your cell phone are 02 or 20 this means your cell phone was assembled in Emirates which is very Bad quality

IF the Seventh & Eighth digits of your cell phone are 08 or 80 this means your cell phone was manufactured in Germany which is fair quality

IF the Seventh & Eighth digits of your cell phone are 01 or 10 this means your cell phone was manufactured in Finland which is very Good

IF the Seventh & Eighth digits of your cell phone are 00 this means your cell phone was manufactured in original factory which is the best Mobile Quality

IF the Seventh & Eighth digits of your cell phone are 13 this means your cell phone was assembled in Azerbaijan which is very Bad quality and also dangerous for your health

How to Send Anonymous Emails

Most of us are very curious to know a method to send anonymous emails to our friends for fun. But the question is, is it possible to send anonymous emails in spite of the advanced spam filtering technology adopted by email service provides like Gmail, Yahoo etc? The answer is YES, it is still possible to bypass their spam filters and send anonymous emails to your friends. For example, you can send an email to your friend with the following sender details.

From: Bill Gates <billg@microsoft.com>
The art of sending this kind emails is known as Email Spoofing. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.


What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.


So What’s Next?

Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. Here is a step-by-step procedure to setup your own Anonymous Email Sender Script


1. Goto X10 Hosting  and register a new account.

2. Download my Anonymous Email Sender Script (sendmail.rar).

3. Login to your FreeWebHostingArea Account and click on File Manager.

4. Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.

5. Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.

6. Now type the following URL

http://yoursite.x10hosting.com/sendmail.php

NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.
7. Use the script to send Anonymous Emails. Enjoy!!!

Tell me whether it worked or not. Please pass your comments…

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.

How to Hack Windows Administrator Password

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

You do not need to know the old password to set a new one
Will detect and offer to unlock locked or disabled out user accounts!
There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below

Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.


Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows

4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

How to Spoof Caller ID – Caller ID Spoofing

Caller ID spoofing is the act of making the telephone network to display any desired (Fake) number on the recipient’s Caller ID display unit instead of the original number. The Caller ID spoofing can make a call appear to have come from any phone number that the caller wishes.

Have you ever wondered how to perform Caller ID spoofing? Read on to know more information on how to spoof Caller ID.

Unlike what most people think, an incoming call may not be from the number that is displayed on the Caller ID display unit. Because of the high trust that the people have in the Caller ID system, it is possible for the caller to easily fool them and make them believe that the number displayed on the Caller ID display is real. This is all possible through Caller ID spoofing.


How to Spoof Caller ID?

You can easily spoof any Caller ID using services like SpoofCard. In order to use the spoofcard service, you need to pay in advance and obtain a PIN (Personal Identification Number) which grants access to make a call using the Caller ID spoofing service. Once you have purchased the service, you will be given access to login to your SpoofCard account. To begin with, you need to call the number given by SpoofCard and enter the PIN. Now you will be given access to enter the number you wish to call and the number you wish to appear as the Caller ID.

Once you select the options and initiate the calling process, the call is bridged and the person on the other end receives your call. The receiver would normally assume that the call was coming from a different phone number ie: the spoofed number chosen by you - thus tricking the receiver into thinking that the call was coming from a different individual or organization than the caller’s. In this way, it becomes just a cakewalk to spoof Caller ID and trick the receiver on the other end. Thus, you neither need to be a computer expert nor have any technical knowledge to spoof caller ID. For more information on SpoofCard service visit the following link.


SpoofCard - Caller ID Spoofing Service


How Caller ID Spoofing works?

Caller ID spoofing is done through various methods and using different technologies. The most commonly used technologies to spoof Caller ID is VOIP (Voice Over IP) and PRI (Primary Rate Interface) lines.

Today most VOIP systems provide an option for it’s users to enter whatever number they want in the calling party field and this number is sent out when they make a call. Hence it is easily possible for any user to spoof Caller ID provided they have a VOIP system and know how to properly configure it to spoof the Caller ID. However sites like SpoofCard provide an easy and cheap spoofing services for those who aren’t using VOIP systems that they can configure themselves.

Caller ID spoofing is possible and being performed right from the days Called ID system was introduced. However most people are unaware of the fact that it is possible to spoof  Caller ID and make any number to be displayed on the receiver’s end. In the past, Caller ID spoofing service was mostly used by telemarketers, collection agencies, law-enforcement officials, and private investigators. But today, it is available to any Internet user who wish to spoof caller ID.

How to Hack an Email Account – Email Hacking

Wondering to know how to hack an email account? Well, before you can do that, you need to understand the real ways of hacking that actually work and also that are simply scam and do not work.

So, here in this post, I am going to discuss some of the Real and Working Ways to hack emails; along with that, I am also going to make you aware of the common myths and scams associated with email hacking.

On a regular basis, a lot of people contact me about suspecting their boyfriend or girlfriend of cheating, and ask me how to hack their email password so as to find out the truth. If you are in a similar situation where you want to hack into someone’s email account, then this post might help you!

With my experience of over 8 years in the field of ethical hacking and computer security, I can tell you that, there exists only 2 foolproof methods to hack emails. All the other methods are simply scam or don’t work.


 Possible Ways to Hack an Email Account


1. Keylogging: The Easiest Way!

Keylogging simply refers to the process of recording each and every keystroke that a user types on a specific computer’s keyboard. This can be done using a small software program called keylogger (also known as spy software). Once you install this program on the target computer, it will automatically load from the start-up and start capturing every keystroke typed on that computer including usernames and passwords. A keylogger software will operate in a complete stealth mode and thus remains undetected.

In order to use this software, you don’t need to have any special knowledge of hacking. Anyone with a basic knowledge of computer should be able to install and use this software with ease. I recommend the following keylogger as the best for your monitoring needs.

SniperSpy – For Windows (TESTED)

SniperSpy – For Mac (TESTED)

Here is a summary of benefits that you will receive with SniperSpy software:


1. You can ACCESS ANY PASSWORD

With SniperSpy, you can gain access to any password protected material such as Facebook, MySpace or any other email account.


2. REMOTE INSTALL Feature

SniperSpy has a Remote Install feature using which it makes it possible to install this software on a remote computer. This feature can be very handy when you do not have physical access to the target computer on which you want to install this software.


3. MONITOR EVERY ACTIVITY on the Target Computer

With SniperSpy, you can not only capture the passwords, but also spy on their IM conversations and take screenshots of the activities on the target computer.


4. NEVER GET CAUGHT

Since SniperSpy runs in a complete stealth mode, it’s presence on the target computer remains undetected. So you need not worry about being caught or traced back.


5. Extremely EASY TO USE

Since SniperSpy is designed for novice computer users, it requires no special skills to install and use.


6. Works on Both PC and MAC

SniperSpy is fully compatible with Windows 2000/XP/Vista/7 and Mac.


Can I Install SniperSpy on a Local Computer?

Yes, you can install SniperSpy on a Local or Remote computer. It supports both Remote and Local installations. So, you need not worry whether it is a local or a remote computer.


How Safe is to Use SniperSpy?

SniperSpy is completely safe and secure since it neither collects any information from your computer nor contact you in any way.

So, what are you waiting for? Go, grab it now and expose the truth!


Click Here to Download SniperSpy for Windows

Click Here to Download SniperSpy for Mac



2. Phishing: The Difficult Way

Phishing is the other most commonly used trick to hack email passwords. This method involves the use of Fake Login Pages whose look and feel are almost identical to that of legitimate websites. Fake login pages are created by many hackers which appear exactly as Gmail or Yahoo login pages.

Once you enter your login details on such a fake login page, they are actually stolen away by the hacker. However, creating a fake login page and taking it online to successfully hack an email account is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. Also, phishing is considered  as a serious criminal offense and hence it is a risky job to attempt phishing attack. So, I recommend the usage of keyloggers as the best to hack email password.


Common Myths and Scams Associated with Email Hacking

Today, there are many scam websites out there on the Internet which often misguide users with false information. Some of them may even rip off your pockets with false promises. So, here are some of the things that you need to be aware of:

1. There is no readymade software program (except the keylogger) that can hack emails and get you the password instantly just with a click of a button. So, if you come across any website that claims to sell such softwares, I would advise you to stay away from them.

2. Never trust any hacking service that claims to hack any email for just $100 or $200. All I can tell you is that, most of them are no more than a scam.

3. I have seen many websites on the Internet that are distributing fake tutorials on email hacking. Most of these tutorials will tell you something like this: “you need to send an email to passwordrecovery@gmail.com along with your username and password” (or something similar). Beware! Never give away your password to anyone nor send it to any email address. If you do so, you will lose your password itself in attempt to hack somebody else’s password.

How to Identify and Avoid Phishing Scams

Phishing is a form of social engineering technique used by hackers to gather sensitive information such as usernames, passwords and credit card details by posing as a trustworty person/organization. Since most online users are unaware of the techniques used in carrying out a phishing attack, they often fall victims and hence, phishing can be very effective.

With the dramatic increase in the number of phishing scams in the recent years, there has also been a steady rise in the number of people being victimized. Lack of awareness among the people is the prime reason behind such attacks. This article will try to create awareness and educate the users about such online scams and frauds.

Phishing scams usually sends an email message to users requesting for their personal information, or redirects them to a website where they are required to enter thier personal information. Here are some of the tips that can be used to identify various phishing techniques and stay away from it.


Identifying a Phishing Scam

1. Beware of emails that demand for an urgent response from your side. Some of the examples are:

You may receive an email which appears to have come from your bank or financial organization stating that “your bank account is limited due to an unauthorized activity. Please verify your account asap so as to avoid permanant suspension”. In most cases, you are requested to follow a link (URL) that takes you to spoofed webpage (similar to your bank website) and enter your login details over there.
In some cases, phishing emails may ask you to make a phone call. There may be a person or an audio response waiting on the other side of the phone to take away your credit cards details, account number, social security number or other valuable data.
2. Phishing emails are generally not personalized. Since they target a lagre number of online users, they usually use generalized texts like “Dear valued customer”, “Dear Paypal user” etc. to address you. However, some phishing emails can be an exception to this rule.

3. When you click on the links contained in a phishing email, you will most likely be taken to a spoofed webpage with official logos and information that looks exactly same as that of the original webpages of your bank or financial organization. Pay attention to the URL of a website before you enter any of your personal information over there. Even though malicious websites look identical to the legitimate site, it often uses a different domain or variation in the spelling. For example, instead of paypal.com, a phishing website may use different addresses such as:

papyal.com
paypal.org
verify-paypal.com
xyz.com/paypal/verify-account/

Tips to Avoid Being a Victim of Phishing

1. Do not respond to suspicious emails that ask you to give your personal information. If you are unsure whether an email request is legitimate, verify the same by calling the respective bank/company. Always use the telephone numbers printed on your bank records or statements and not those mentioned in the suspicious email.

2. Don’t use the links in an email, instant messenger or chat conversation to enter a website. Instead, always type the URL of the website on your browser’s address bar to get into a website.

3. Legitimate websites always use a secure connection (https://) on those pages which are intended to gather sensitive data such as usernames and passwords, account numbers or credic card details. You will see a lock icon  in your browser’s address bar which indicates a secure connection. On some websites like paypal.com which uses an extended validation certificate, the address bar turns GREEN as shown below.

In most cases, unlike a legitimate website, a phishing website or a spoofed webpage will not use a secure connection and does not show up the lock icon. So, absence of such security features can be a clear indication of phishing attack. Always double-check the security features of the webpage before entering any of your personal information.

4. Always use a good antivirus software, firewall and email filters to filter the unwanted traffic. Also ensure that your browser is up-to-date with the necessary patches being applied.

5. Report a “phishing attack” or “spoofed emails” to the following groups so as to stop such attacks from spreading all over the Internet:

You can directly send an email to spam@uce.gov or reportphishing@antiphishing.org reporting an attack. You can also notify the Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov.

How to Test the Working of your Antivirus – EICAR Test

Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus.

1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.

EICAR Test code
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
2. Rename the file from New Text Document.TXT to myfile.com

3. Now run the antivirus scan on this myfile.com file.

If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.

NOTE: Most antivirus will pop-out a warning message in the Step-1 itself
You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.

How to Hack an Ethernet ADSL Router?

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.

Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in the Default username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.

Before you proceed, you need the following tool in the process

Angry IP Scanner

Here is a detailed information on how to exploit the vulnerability of an ADSL router.

Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.

Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as 117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.

Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selection enter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools

Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.

Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.

Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.

If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.


What can an Attacker do by Gaining Access to the Router Settings?
By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.


The Verdict:
If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.

Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Warning!
All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.

How To Open/ Unlock / Edit Password Protected Excel Spreadsheet or Workbook Online For Free

Forgot or lost Microsoft excel workbook (XLS format) password ? Do you want to open/edit / unlock excel files for free? Here are few useful free web services to help you out...

Sometimes ms excel file creators restrict their files using excel file protection features from copying,editing or printing the contents.However if you forgot the password or receive a password protected xls workbook from others, you can simply bypass those restictions using free excel spreadsheet unlock online utility.

The file should not be more than 5MB.Accept terms and conditions,enter the location of the protected excel file and click submit.The cracked / unlocked version of your excel file will be displayed in a new tab /window if ms excel or its alteratives installed on your computer . Otherwise you can download the unlocked excel file to your pc.

Goto: free excel spreadsheet unlock online utility


Another solution is you can upload your locked excel spreadsheets to google documents .It automatically removes workbook and sheet protection while uploading .You can edit the document and add or remove data so easily as you do with ms excel.Google documents supports both xls and xlsx formats for uploading and editing but you can download file only in xls format.

Goto:Google Documents


Now if you want to view a file that is password protected using security features in Ms Excel like "password to open" or "password to modify" you have to try commercial cracking and recovery softwares like Office password recovery or Passware Password Kit Basic Demo excel but many features disabled in trail versions.

4 Ways to Identify Safe Websites on the Internet

On the whole Internet, there are approximately more than 150 million active websites up and running. As a result, it often becomes a real challenge for the users to identify safe websites that are trustworthy and reputed. Have you ever wondered to know the reputation of a website before placing the order? Need to know whether a given website is child safe? Well, here are some of the ways to identify safe websites on the Web.



1. WOT or Web Of Trust (www.mywot.com):

WOT is a great place to test the reputation of your favorite website. WOT gives real-time ratings for every website based on the feedback that it gets from millions of trustworthy users across the globe and trusted sources, such as phishing and malware blacklists. Each domain name is evaluated based on this data and ratings are applied to them accordingly. A snapshot of WOT ratings for gohacking.com is shown below:

As shown in the above snapshot, the reputation of each website is shown in terms of 4 components where green means excellent, yellow warns users to be cautious and red indicates potential danger.


Trustworthiness signifies the overall safety of the website. A poor rating may indicate that the site is associated with threats like Internet scams, phishing, identity theft risks and malware. For more information on phishing, you may refer my other post on how to identify and avoid phishing scams.


Vendor reliability tells you whether a given site is safe for carrying out buy and sell transactions with it. An excellent rating indicates superior customer satisfaction while a poor rating indicates possible scam or bad shopping experience.


Privacy indicates about “to what extent the site respects the privacy of it’s users and protects their personal identity and data”.


Child Safety indicates whether the content of a given site is appropriate for children. Site contents like sexual material, nudity and vulgarity will have a poor Child Safety rating.


In most cases, the WOT ratings are found to be highly accurate. To check the reputation of any given website, just visit www.mywot.com type-in the address of your favorite website and click on “Check now”. This tool alone can tell you a lot about the reputation and safety level of a website. However, in addition to this, I am giving you another 3 handy tools to identify safe websites on the Web.



2. McCafee SiteAdvisor:

McCafee SiteAdvisor is a free tool that is available as a browser add-on. It adds safety ratings to your browser and search engine results. You can download it from www.siteadvisor.com.



3. StopBadware:

Using this tool, you can check whether a given site is said to have involved in malware activity in the past. To check this, go to http://www.stopbadware.org/home/reportsearch and enter the URL or domain name of a website and click on “Search Clearinghouse ”. If the search does not return any result, that means the site was never involved in any of the malware activity in the past.



4. Google Pagerank:

Google PageRank is another great tool to check the reputation and popularity of a website. The PageRank tool rates every webpage on a scale of 1 to 10 which indicates Google’s view of importance of the page. If a given website has a PageRank of less than 3, then it is said to be less popular among the other sites on the Internet.


However, PageRank will only tell you how much popular a given website is and has nothing to do with the safety level of a website. So, this tool alone cannot be used to evaluate a website’s safety and other factors.


PageRank feature is available as a part of Google Toolbar. You can install Google Toolbar from http://www.google.com/intl/en_uk/toolbar/ie/index.html.


I hope you like this article. Waiting for your comments…

How to Hack Symbian S60 Phones to Install Unsigned Applications?

If you own a Nokia Symbian S60 phone, you will most likely be aware of the fact that it is not possible to install applications on it unless they are signed using a valid certificate. Have you been trying to install applications on your S60 3rd or 5th edition phone but ending up getting a certificate error? At times, this can be really annoying; but here is a smart solution to this problem!

Here in this post, I will show you how to hack your Symbian S60 3rd or 5th edition smartphone, so as to modify the phone’s firmware and completely bypass the mandatory signing requirement. So, once you are done with this one time hack, you should be able to install any compatible application including unsigned and those with an expired certificate.


What is the Need for Signing Applications?

From the 3rd edition onwards, all the Symbian S60 applications need to be signed in order to ensure their integrity, so that it would not be possible for a third party to tamper with the application. Also, signing ensures that you always install applications from a trusted source.

However, there are many freeware and beta applications that come unsigned as the developers cannot afford to buy a symbian certificate. Hence, it can be a real nightmare for the users who need to install such applications on their phones. So, here is a step-by-step procedure to hack your phone and permanently disable this security feature.


1. Download HelloOX2 V2.03 or the latest version from the HelloOX2 Ofiicial Website.

HelloOX2 is an excellent tool to hack Symbian S60 3rd, 5th and Symbian^3 smartphones which makes it possible to install a root certificate by gaining full access to the phone’s system files. With this capability, you can install anything you want on your phones without the need to worry about the annoying certificate error!

2. The signed version of HelloOX2 demands for a donation and hence, only the unsigned version is available for free download. So, if you have the unsigned version, you need to sign it before installing on your phone. In order to sign any application, you need to have the certificate and the key file which can be obtained as follows:

Go to the OPDA Website, get registered and login to your account.
Click on the “Apply Certificate” tab, enter the model number and the IMEI of your phone and then click on “Submit and Upload” button.
It will usually take up 24 hours for your certificate and key file to be generated and uploaded. To check the status of your certificate click on “My Certificate” tab. If the certificate is ready for the download you will see something as follows:

 Download the certificate and the key file on to your computer. Also download the SisSigner tool to sign your HelloOX2 application.
Open the SisSigner, load the HelloOX2.sis, certificate and the key file as shown below and click on “Sign”. Leave the “Key File Password” field blank.

Your HelloOX2 application is now signed and ready for the installation.
3. Install the signed HelloOX2 application on your phone and run it to start the hacking process, which is completely automatic. Within a minute your phone will be hacked. Once this is done, say goodbye to the annoying certificate error and install any application.

I hope you like this post. Express your opinion through comments. Enjoy!!!

How to Recover Hacked Email Accounts?

It can be a real nightmare if someone hacks and takes control of your email account as it may contain confidential information like bank logins, credit card details and other sensitive data. If you are one such Internet user whose email account has been compromised, then this post will surely help you out. In this post you will find the possible ways and procedures to get back your hacked email account.


For Gmail:

It can be a big disaster if your Gmail account has been compromised as it may be associated with several services like Blogger, Analytics, Adwords, Adsense, Orkut etc. Losing access to your Gmail account means losing access to all the services associated it with too. Here is a list of possible recovery actions that you can try.

Step -1: Try resetting your password since it is the easiest way to get your account back in action. In this process Google may ask you to answer the secret question or may send the password reset details to the secondary email address associated with your compromised account. You can reset you password from the following link

Gmail Password Reset Link
If you cannot find success from the Step-1 then proceed to Step-2.


Step-2: Many times the hacker will change the secret question and secondary email address right after the account is compromised. This is the reason for the Password Reset process to fail. If this is the case then you need to contact the Gmail support team by filling out the account recovery form. This form will ask you to fill out several questions like

1. Email addresses of up to five frequently emailed contacts
2. Names of any 4 Labels that you may have created in your account
3. List of other services associated with your compromised account
4. Your last successful login date
5. Account created date
6. Last password that you remember and many more…

You need to fill out this form as much accurately as possible. It is obvious to forget the dates of last login, account creation and similar terms. However you need to figure out the closest possible date/answers and fill out this form. This is your last chance! The more accurate the information filled out in the recovery form, the more the chances of getting your account back. You may reach the account recovery page form the following link

Account Recovery Form

For Yahoo and Hotmail:

Unfortunately for Yahoo/Hotmail there is no second option like filling out the form or contacting the support team. All you need to do is either answer the secret questions that you have setup or reset the password using the secondary email option.

To initiate the password reset process just click on the Forgot password link in your login page and proceed as per the screen instructions.


I hope this post will help you recover the lost account. I highly recommend that you also read my post on How to protect your email account from being hacked and Tips to find unauthorized activity on your Gmail account so that you always stay protected!