Thursday, May 16, 2013

Facebook Password Trick: Three passwords to Access your Facebook account



Hello Friends,I hope you all are fine.

Yes, You can access your Facebook account with 3 different passwords . I was surprised when i read this message posted by one of my friend in Facebook. So , immediately, i tested whether it is true one or not. Yes, it is working. 

Facebook allows the following variation of your passwords:

1. Your Original Password:
Let us assume that you are using "breakTheSecurity" as password.  Yeah, you can log in with your default password ;)

2. Your original password with the case reversed(Toggle case):
This one will be interesting one.  You can toggle the case of your Password and use it.

For instance, your are using "breakTheSecurity" as your default password. In this password, 'T' and 'S' is Capitalized. 

if you toggle the password case, then your password will become "BREAKtHEsECURITY". 

3. Your original password with the first letter capitalized:

If the first character of your password is in lower case and you change it to Upper case, you can still login with this one.

For instance, the original password is "breakTheSecurity" .  In this password, the first character 'b' is in lower case.  If you capitalize the first character, then your password is "BreakTheSecurity".

The reason for 3 Passswords for your facebook account
It is not security flaw.  It is just feature provided by Facebook.

"We accept three forms of the user's password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password" Zdnet quoted as Facebookspokesperson saying. " we also accept the password if a user inadvertently has caps lock enabledor their mobile device automatically capitalizes the first character of the password."

Three different Usernames:
1.  You can use your Facebook 'Username' as user name(if you have created)
2.  You can use your email address
3.  You can use use your mobile number ( if you have added your mobile number in Fb).

Hope you like it.
Enjoy and don't forget to comment.

Sunday, May 12, 2013

Phishing Attack:New Tute



Once you learned something about phishing, you can come back to this article. 

It is easy for a person to identify the phishing page by looking at the url of the webpage.  But for tricking users, hacker can use original domain address.  But how? Let me explain in this article. 


Requirements:
  •    Wamp server
  •    Install WinRar

We are going to send an email with an executable to victim. If the victim double click the executable file, then you will get success in this attack. Now, whenever the victim enter the real domain name (like www.facebook.com) ,he will be redirecting to our phishing page.

How is it done? 
   Executable file will change the Host file of Victim system.  
What is host file?
     The host file contains Domain Name and IP address associated with them.  Your host file will be in this path:
C:\Windows\System32\drivers\etc\

Whenever we enter the Domain name or URL (for eg: www.webaddress.com), a query will be send to the DNS (Domain Name server).  This DNS connect to the IP address which is associated with the Domain Name.   But before this to be done, the host file in our system will check for the IP address associated with the Domain Name.  Suppose we make an entry with Domain Name and IP address of our phishing web page(for  eg: www.webaddress.com wiht our ip 123.23.X.X),then there's no query will be send to the DNS.
It will automatically connect to the IP address associated with the Domain Name.  This will fruitful for us to mask the PHISHING web page's URL with Original Domain Name.


Now Let's divide into the Implementation:
  • If you are hosting some other hosting site, probably you won't get the unique IP address for your Phishing Web Page. You can have the IP Address of the hosting only. So if you try to use that IP address, the victim will not bring to your Phishing web page , they will bring to the hosting address. 

So what you can do overcome this problem? You need to set up your own Webserver in home. Using Webserver softwares you can set up your own Hosting service.

  Your computer should be turned on always. Because if you turned off the computer,then probably host will not be in online. Again it will be available when you turned on. So your computer turned on when victim visits your site.


How To set up Your own server?
  Download the  Webserver softwares like WAMP,XAMP(Both are open source software, I meant they are free ).  My suggestion is WAMP.  Because it is my favorite one.  It is easy to use.

Downlad the wamp server from http://www.wampserver.com/

Install the WAMP server.  After installation completed, Go to this folder path:
C:\Wamp\WWW
And paste your phishing web page here.

Start the Wamp Server.
(Start->windows->All Programs->Wamp Server->start wamp server)

you can see the half circle icon(wamp server icon) in system tray(i mean near to the time). Click the icon and select the start all services.

Now type your ip address in address bar of the web browser and hit enter. If you don't know your ip address ,visit www.whatismyip.com.

Now you can see your Phishing web page in your Browser.

Modifying the Host file :
 Copy the Host file from this path "C:\WINDOWS\system32\drivers\etc" to desktop.  Right click on the host file and open with Notepad.

You can see the localhost entry there.
Below that type as :
your_ip     domain_name
For eg:
123.xx.xx.xx www.gmail.com
.
 Save the File.

Compress the Host File:

    Compress hosts file such that when victim opens it, it automatically gets copied to default 
location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.
  
Right click on the Hosts file and select the Add to archieve option.  Now follow the steps which is shown in picture:







Now send the zipped file to victim.  If he extract the zip file, then the hosts file will be replaced.
You are done.  Now whenever he try to visit the genuine or original website, the phishing webpage only will be shown.


Some Disadvantages of this Hack:
  •    If your IP address is dynamically changed ,then it is hard to implement it
  •   If your victim is advanced user,he may notice the certificates of site which is shown by browser.
Don't worry it is not at all big problem.   Just try it ane enjoy it.

How To: Get Facebook Birthday Reminders as SMS for Free


Hello friends, I hope you all are fine.
Because of Facebook, there's no need for people to memorise their friends' birthdays anymore. It keeps note of all the birthdays and sends you a reminder whenever someone on your friend list has his/her birthday coming up. But, as helpful as that might be, an e-mail reminder or a facebook notification might not be the only way you want to be made aware of your pals' birthday. So, here I am suggesting you a way to receive SMS reminders of the birthday based on Facebook's Birthday record. You will be able to receive SMS reminder of your friends birthday for free.
First of all, go to Google Calendar.
Click on Settings on the upper right hand corner.
Google Calendar Settings
Select Calendar settings and go to Mobile Setup.
Select your country from the drop down list and enter your mobile number.
Google Calendar Mobile Setup
Click on Send Verification Code. You will receive a code on your mobile. Enter it on the Verification code field and click on Finish Setup.
Now, go to Calendars tab and click on Create New Calendar.
Enter Facebook Birthdays on the Calendar Name field and click on Create Calendar.
Now head over to Facebook. Go to Events.
Export Facebook Friends Birthday
Click on the small wrench icon at the top right and select Export.
On the new popup, right click where it says export your friends' birthdays and click on Copy Link Location.
Export Events and Birthdays
Remove the webcal:// from the copied link and open it on your Web browser.
You will be asked whether to open the file or save it. Save the file.
Save Exported Birthday List
On Google Calendars, go to Settings > Calendars.
Click on Import Calendar.
Browse to the location of the file that you just saved from Facebook.
Select Facebook Birthdays from the dropdown list beside Calendar.
Click on Import.
Import Calendar
Go to Settings > Calendars.
Click on Facebook Birthdays.
Go to Reminders and notifications tab.
Click on Add a reminder.
Select SMS and how early you want yourself to be notified about the upcoming birthday.
Click on Save.
Add a SMS reminder on Google Calendar
Was the method of any help to you? Do you think you'll be using SMS reminders for birthdays? Let us know by commenting below.

Hope you like it.
Enjoy and don't forget to comment.

Friday, May 3, 2013

Get 6 Months' free Subscription of McAfee Internet Security 2013





Hello friends, I hope you all are fine.
Here is your chance to grab 6 months' subscription of McAfee Internet Security 2013 for free. I am not sure on what occasion they are giving it for free. Also, the deadline for the giveaway is unknown, so, make sure you get it as soon as you can.

Instantly effective and intuitive, reengineered for performance to freely explore online

McAfee® Internet Security software, now available with revolutionary Active Protection technology, offers comprehensive PC and online security with accelerated performance, and helps keep you and your family safe from online threats.
  • Click on Create Your Account button and create an account on the site.
Download
  • Once registered, you will be able to download the software by clicking on theDownload button as show above. The serial key will be automatically generated and put to your product, you don't need to do it manually.
  • An installer will be downloaded to your computer. It will ask you to enter the email and password you had entered above, while registering on the site.
Installing Internet Security
  • Then, the installer will begin to download and install McAfee Internet Security 2013 on your computer. You just need to wait. You might be asked to re-start or remove any antiviruses you already have on your computer.
Hope you like it.
Enjoy and don't forget to comment.

Firefox 16 vulnerability allows spammers to steal Facebook access tokens



Hello friends, I hope you all are fine.

Recently a researcher discovered a vulnerability in the latest version of Firefox ,v16.0, that allows attacker to gather detailed information about user browser history. Previous versions and later version are not affected.

Although it was initially believed that the vulnerability allow access to browser history, Mozilla representatives told Ars Technica that "the flaw allowed access to the URL of windows or frames to which the attacker has a reference only—generally the ones that the attacker opened."

Now, researcher published a proof-of-concept that demonstrate how an attacker collect your twitter account name when you click a button. The attacker opens a new window and load a specially crafted Twitter url that contains a personal Twitter ID. If a user signed in already, then hackers able to collect your twitter name. 

When i read the story, I started to think in the Spammers' point of view. Recently, i report a Facebook scam that ask user to verify their account by pasting their access token in the hacker's site. 


I have just modified the poc with the spammer's code to display the authentication token of facebook, Successfully it worked for me.



Yes, it is very easy for a hacker to steal the authentication token. Just one click is enough for hacker to gain your authentication token without much effort.

Hope you like it.
Enjoy and don't forget to comment.

Wednesday, May 1, 2013

How to Reveal Hidden Passwords (Asterisks) in Web Browsers

Hello friends,
I hope you all are fine.

Remember the situation, signing into your account with just a single click because browser is saving all your passwords for you. We know this is convenient but since you’re not typing your passwords any-more, eventually you’ll forget your password in a few days.  For security reasons, the password field in all browsers is masked with “asterisks” which won’t allow any third person (even you) to read the origi-nal typed password. But, what if you want to reveal the string behind the asterisks? There is actually few workaround for revealing the original passwords behind the asterisk and over the entire course of this article we’ll be discussing some known ways to reveal the characters behind the asterisks in different browsers.

Reveal Passwords Behind Asterisks or Dots in Different Web Browsers:

Google Chrome:

Starting off with Google chrome, the easiest way to reveal the original passwords behind the asterisk is using inbuilt Inspect element feature in the browser.
  • You just need to right click on the password field in the browser where you will get an option "Inspect Element". 
  • After clicking on it, "Web Inspector" will open out and there you can see some code which is basically Html code and you just need to replace the "password" word with "text" word and it will reveal the words behind the asterisks.
gmail+login+via+google+chrome
inspect+element+in+google+chrome

There’s another way using JavaScript which is quite quick and easy as compared to above method. Just open a site that allows users to login and after typing the password, just enter the following JavaScript code in the address bar.
Javascript: alert(document.getElementById('Passwd').value);
After entering the above code in the address bar, press enter and it will pop up a window with your password written on it.
reveal+passwords+with+javascript+in+google+chrome

Mozilla Firefox:

The Next most common browser is "Mozilla Firefox".
  • The chrome's "Web Inspector" trick is also applicable in Firefox.
  •  Open a site that asks for login (like Facebook), right click on the password field in the browser where you will get an option "Inspect Element". After clicking on it, "Web Inspector" will open out and there you can see some code which is basically Html code and you just need to replace the "password" word with "text" word and it will reveal the words behind the asterisks as shown in screenshot below.
inspect+element+in+mozilla+firefox+for+facebook
Apart from this, there’s another way which is quite quick and easy as compared to above method. For that you’ve to create a bookmark with the following JavaScript code as URL in it.
javascript:(function(){var s,F,j,f,i;s="";F=document.forms;for(j=0;j
After saving this as a bookmark, open a site that allows users to login and after typing the password, open the saved bookmark by clicking on it and it will pop up a window with your password written on it.
revealing+passwords+behind+asteriks+in+mozilla+firefox

Opera:

Next comes the "Opera" in that you can use "Dragonfly", which is an in built tool, to reveal the words behind the asterisks just like chrome's "Web Inspector". Open a site that asks for login (like
Facebook), right click on the password field in the browser and select "Inspect Element" option. After clicking on it, "Dragon Fly" will open out and you’ll see some code which is basically Html code and you just need to replace the "password" word with "text" word and it will reveal the words behind the asterisks as shown in screen shot below.
inspect+element+in+opera

Internet Explorer:

In the same manner you can apply this trick on Internet explorer. First of all open any site (Gmail in our case) that allows user login. Now for bringing out “developer tools” press the f12 key. A new window will be opened and press Ctrl+B to enable selection of elements. After that go to login page and select the password field, doing this will take you to the password field’s code in developer window (highlighted by yellow). Now, you just need to replace the "password" word with "text" word and it will remove the asterisk mask in the password field, see screenshot below.
inspect+element+for+internet+explorer
Apart from this, there’s another way which is quite quick and easy as compared to above method. Just open a site that allows users to login and after typing the password, just enter the following JavaScript code in the address bar.
alert(document.getElementById('Passwd').value);
After entering the above code in the address bar, press enter and it will pop up a window with your password written on it. (See pic below)
reveal+hidden+passwords+in+internet+explorer+with+javascript

Wrap Up:

Although there are so many tools out there to help you in revealing the words behind the asterisks and to get the saved passwords with in a browser, you still need to keep your system safe and protected by using "Antivirus" plus "Firewall" to avoid stealing of these passwords by someone who have access to your system. If you can use these tools to reveal your saved passwords then others can also use the same ways to get information of yours.

Hope you like it.
Enjoy and don't forget to comment.

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Web Hosting Bluehost