7/09/2011 Apple website hacked, could be targeted by Anonymous

Now that the LulzSec team has disappeared into the ether, the amorphous non-collective that is Anonymous has once again come into focus as the anti-sec group to watch. This morning, however, it’s the work of an individual Labanese Grey-hat hacker going by the name idahc that is in the headlines.

After idahc successfully discovered vulnerabilities on an Apple business website, a dump of more than two dozen usernames and hashed passwords appeared on Pastebin — though he claims the data was not posted by him. Access appears to have been gained via a flaw in a survey posted on the Apple Consultants network site that was being served from abs.apple.com. That server remains offline for the time being, presumably while Apple attempts to batten down the network hatches.
While idahc admits that the situation is “not yet serious,” the breach still means that Apple could find itself scrutinized by the same people who have recently gained entry into dozens of high-profile sites — from PBS and Citibank to just about every Sony site and service imaginable.

@Atulplayer

While the individual who found the exploit was quick to point out that he had no ties to either Anonymous or LulzSec, there’s always the possibility that his method could wind up in their hands and facilitate a future attack on Apple. For its part, Anonymous tweeted that it was busy elsewhere — an ominous sign for whoever or whatever it is that Anon is actively engaging.

Apple is, however, a big, juicy target and it’s certainly the kind of corporate entity that these hacktivist groups have been going after in recent days. If this initial leak is any indication of the kind of data that might be heisted, however, your account is probably safe — since stolen hashes don’t necessarily mean your password can be compromised.

15 suspected Anonymous members arrested in Italy, AnonOps vows revenge

The Italian government capped off a long investigation yesterday with a series of 32 raids across Italy and one in Switzerland. Authorities arrested 15 alleged members of Anonymous and accused them with conducting denial of service attacks against government web sites and the web sites of private and state-owned media organizations.

The alleged Anonymous members are being held in separate locations around the country, and all are aged between 15 and 28. Five of those detained are minors, under the age of 18. The Italian police also said they were far from through their list of people to detain, and are looking for an additional 30 people they claim are in the group and are wanted on similar charges, including a 26-year-old whose handle is “Phre.” Italian authorities say Phre is the “leader” of the group.


Anonymous, for their part, has always maintained that the group has no “leader,” and re-iterated this point in their own statement on the arrests. AnonOps downplayed the arrests as a minor infraction, but called other Italian members of the group to conduct their own new attacks in retribution for the arrests. Their statement tells others to “Let them have it, stronger than ever.”



If the group response to past arrests is any indication, there will be more attacks. Whether or not the Italian authorities actually managed to arrest members of Anonymous who were knowingly complicit in the attacks however is another matter – as with many DoS attacks, the actual systems used could belong to innocent users who have no idea their computer is being used as a tool.
Regardless, the Italian authorities are only the most recent to go on a hunting campaign for alleged cyber-criminals. The Spanish government made similar arrests a few weeks ago, as did Turkish authorities. Of course, Anonymous quickly brought down the Spanish government’s web sites in retribution, but we’ll have to see if Italian authorities suffer the same fate.




@Atulpurohit

7/06/2011 Free airtel gprs (surfing + download) using airtel LIVE

Open http://flyproxy.com on your mobile browser


then type the URL .......
now enjoy free surfing (even in 0 balance)......

other way to surf free using Airtel Live is to download the browser ucweb on your mobile


DOWNLOAD (right click the link and open it in new window or new tab)


use direct connection.

donot download anything from ucweb , download can be charge


NOTE: this post is just for information purpose




@Atulplayer

How to View the History of USB devices connected/installed on Your System

USBDeview Description

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.

For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more…
USBDeview also allows you to uninstall USB devices that you previously used, and disconnect USB devices that are currently connected to your computer.

You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

Hope This Post Helps You to Protect Your System.

@Atulplayer

      Search Amazon.com for usb hack

Your snapshot on a thermal printed receipt, instantly!

What could be better than a low-res black and white photograph printed instantly on paper that will yellow and crumple over time? Wow, we really need to work on our sales pitch. But all kidding aside, we love the idea that [Niklas Roy] came up with in order to build this thermal printing camera.


His Picasa album has two snapshots of the hardware. He’s using an LM1881 for video sync separation just like he did with his PING project. From there an ATmega8 microcontroller grabs each column from the image and prints it using the thermal printer. It looks like everything runs on a 9V battery which is nice for portability (although we still never got our hands on that rechargeable 9V we’ve been meaning to pick up). Perhaps just as impressive is that [Niklas] got this up and running with about 400 lines of code. Nice!
Of course you’ll want to see this in action so we’ve placed a video clip after the break. Just like old-timey cameras it looks like you’re going to need to sit still until the image is done printing.

Essential mechanisms

A thermal printer comprises these key components:

• Thermal head — generates heat; prints on paper
• Platen — a rubber roller that feeds paper
• Spring — applies pressure to the thermal head, causing it to contact the thermo-sensitive paper
• Controller boards — for controlling the mechanism

In order to print, thermo-sensitive paper is inserted between the thermal head and the platen. The printer sends an electrical current to the heating elements of the thermal head, which generate heat. The heat activates the thermo-sensitive coloring layer of the thermo-sensitive paper, which changes color where heated. Such a printing mechanism is known as a thermal system or direct system. The heating elements are usually arranged as a matrix of small closely-spaced dots—thermal printers are actually dot-matrix printers, though they are not so called.

The paper is impregnated with a solid-state mixture of a dye and a suitable matrix; a combination of a fluoran leuco dye and an octadecylphosphonic acid is an example. When the matrix is heated above its melting point, the dye reacts with the acid, shifts to its colored form, and the changed form is then conserved in metastable state when the matrix solidifies back quickly enough. See thermochromism.

Controller boards are embedded with firmware to manage the thermal printer mechanisms. The Firmware can manage multiple bar code types, graphics and logos. They enable the user to choose between different resident fonts (also including Asian fonts) and character sizes.

Controller boards can drive various sensors such as paper low, paper out, door open, top of form etc., and they are available with a variety of interfaces, such as RS-232,parallel, USB and wireless. For point of sale application some boards can also control the cash drawer.

Applications

Thermal printers print more quietly and usually faster than impact dot matrix printers. They are also smaller, lighter and consume less power, making them ideal for portable and retail applications. Cost of thermal paper, their only consumable, was somewhat less than US$0.10 per sheet as of 2010.^[2] By comparison, one study of the per page cost of color inkjet printers  found cost of third-party ink cartridge and paper to be about $0.05 per page (some low-capacity cartridges are more expensive to use). Roll-based printers can be rapidly refilled. Commercial applications of thermal printers include filling station pumps, information kiosks, point of sale systems, voucher printers in slot machines, print on demand labels for shipping and products, and for recording live rhythm strips on hospital cardiac monitors.

Through the 1990s many fax machines used thermal printing technology. Toward the beginning of the 21st century, however, thermal wax transfer, laser, andinkjet printing technology largely supplanted thermal printing technology in fax machines, allowing printing on plain paper.

The Game Boy Printer, made in 1998, was a small thermal printer used to print out certain elements from some Game Boy games.

Early formulations of the thermo-sensitive coating used in thermal paper were sensitive to incidental heat, abrasion, friction (which can cause heat, thus darkening the paper), light (which can fade printed images), and water. Later thermal coating formulations are far more stable; theoretically, thermally-printed text should remain legible at least 50 years

Hospitals commonly record fetal ultrasound scan images on thermal paper. This can cause problems if the parents wish to preserve the image by laminating it, as the heat of most laminators will darken the entire page—this can be tested for beforehand on an unimportant thermal print. An option is to make and laminate a permanent ink duplicate of the image.

@Atul Purohit

How Windows Product Activation (WPA) Works!

   

corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well. WPA enforces each end user to activate their copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.

In this post you will find answers to some of the most frequently asked questions about Windows Product Activation.

Why activation?

Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Thus WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows you are transmitting an Installation ID code to the Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done via telephone then the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.

1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.

2. Hardware ID – This value is derived based on the hardware configuration of your computer.

The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:

• Display Adapter
• SCSI Adapter
• IDE Adapter (effectively the motherboard)
• Network Adapter (NIC) and its MAC Address
• RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
• Processor Type
• Processor Serial Number
• Hard Drive Device
• Hard Drive Volume Serial Number (VSN)
• CD-ROM / CD-RW / DVD-ROM

Thus the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.

The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If this is the case then the Installation ID is validated and the corresponding Activation ID is issued which completes the activation process.

However Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a pirated copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:

During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If yes then it looks to see the Hardware ID associated with it. The computer running a pirated copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.

Thus for a successful activation, either of the following two cases must be satisfied:

1. The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
2. If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and Windows is re-installed, it needs to be re-activated. However the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case both the product key and the Hardware ID will match and hence the activation becomes successful.

What is I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do

• WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
• If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
• WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
• WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.

@Atulpurohit

7/05/2011 Telecommunication Network Hacking And Security

Hacking does not only mean to deface a website or steal to someone confidential information, you have heard so many times about computer network security or just computer security but what about Telecommunication security or Telecommunication network security. Well there is so many articles on computer security but this time I have decided to write on Telecommunication network security.



Telecommunication has a broad field and it contain different areas like Optical fiber network, mobile and wireless network and satellite network etc. We have considered wireless network specially for GSM network, GSM or global system for mobile communication is a  2G network but when it provides GPRS (data) service it can call 2.5G network.

The 1G network or AMPS has so many vulnerabilities like eavesdropping and handset cloning because it was work on analog domain while the 2G network works on digital environment and  uses different sort of encryption algorithm to protect the data.

It is good practice to first describe the initial architecture of GSM network so that you can easily understand the security holes. Now consider the basic diagram. 

SIM  Subscriber Identity Module        HLR  Home Location Register MS   Mobile Station                    VLR  Vistor Location Register BTS  Base Transceiver Station          EIR  Equipment Identity Register BSC  Base Station Controller           AC   Authentication Center MSC  Mobile services Switching Center  PSTN Public Switched Telecomm Network VLR  Visitor Location Register         ISDN Integrated Services Digital Network 

Just like a computer network, GSM network also use some authentication process to allow SIM (user) to enter into the network, just assume there are 4 operator that provides GSM services and you have purchased a connection from 1 service provider, now it does not mean that your mobile phone cannot detect the signal of other three network, your cell phone can get the signal of 4 operators but it only can connect to the network of that appropriate SIM because the network identify its user by SIM.

Understand The Phenomena Of Authentication In GSM

The SIM (Subscriber Identity Module) is a small and smart card contain both programming and information. SIM contain a temporary cipher key for encryption, temporary subscriber identity(TIMSI) and International Mobile Subscriber Identity (IMSI). It also contain a PIN (Personal Identification Number) and a PUK (PIN unblocking key).

SIM stores a 128-bit authentication key provided by the service provider, IMSI is a unique 15-digit number that has a three part.

• Mobile Country Code (MCC)
• Mobile Network Code(MNC)
• Mobile Subscriber Identity (MSIN)

Now as you have seen the importance of IMSI, if you have a IMSI of another user than you can identify yourself on the network by the identity of the other user (So dangerous).

But what, is authentication a only way to crack into GSM network? answer is no.

The air interface i mean Um interface between the handset and BTS is encrypted by A5 algorithm but the interface between BTS to BSC and BSC to MSC is usually does not encrypted and normally uses Microwave link or in cases it uses optical fiber link or depends on the geographical area. So the point is that if someone start sniffing on that link so the GSM has not defined any standard to protect this sniffing, so now you can understand the main hole in GSM network.

@Atul Purohit