OBILLANENI"S WORLD: July 2010

How to save our GMAIL account from hackers

Friday, July 30, 2010

Previously i have posted alot of articles on Gmail hacking.Recently the number of users Gmail users have increased, therefore Gmail have been the major target of lots of hackers.People use Gmail as a primary email and therefore if hackers can gain access to their primary email accounts so therefore they can also hack other accounts associated witth your Gmail account.

A long time back Google introduced the ability to optionally encrypt any transmission to / from GMail and not just the login sequence. Previously Gmail used to encrypt the login sequence only. All other data was transmitted unencrypted over the wire making such hacking possible. Every ething that you are doing on your gmail account is transmitted unencrypted over the web.

This makes Gmail velnurable to Session hijacking, the hacker can force your browser withGmail Hacking tool to send a cookie file.Once the hacker gets the cookies he can login into your gmail account with out your username and password.Any one with basic knowledge of computers can use this tool to hack your gmail password.

How to protect your gmail account from getting hacked?

So this question might arrive in your minds, well the answer is simple you just need to change your browser connection to https.
To change your browser connection to https kindly perform the following steps:

1.Sign in to Gmail.

2.Click Settings at the top of any Gmail page.

3.Set 'Browser Connection' to 'Always use https.'

4.Click Save Changes.

5.Reload Gmail.

That's all you need to protect your GMail account from getting hacked.

How to Save Bookmarks in IE, Firefox, Chrome and Opera

Wednesday, July 21, 2010

Save Bookmarks

How would you like to save your bookmarks in IE, Firefox, Opera and Google Chrome so that you can restore them in case if you need to re-install your operating system or move them from one computer to another? This post will show you how to save and restore bookmarks in simple steps.

Bookmarking the favorite web pages can save a lot of time as it becomes almost impossible to remember a list of favorite websites and their URLs. However it can be really frustrating at times when you lose all those saved bookmarks in case if a computer crashes. Also if you are a person who uses more than one computer then it becomes hard to copy all those saved bookmarks one by one manually. So saving the bookmarks can become handy in such situations. Here is how to to do it.

Saving a Bookmark file in Internet Explorer

1. From the File menu, select the option Import and Export.

2. Select the option Export to a file and click on Next.

3. In the next screen select Favorites and click on Next.

4. In the next screen again click on Favorites and click on Next.

5. Now choose the destination where you want to save your bookmarks and click onExport.

6. In the next screen click on Finish.

Now you have successfully saved all your bookmarks in a .HTM file. You can use this file to later restore the bookmarks to either IE, Firefox or any other browser. To import the saved bookmarks from a file all you need to do is goto File menu, click on Import and Export, select the option Import from a file and proceed with the screen instructions.

Saving a Bookmark file in Firefox

1. From the Bookmarks menu on the top select the option Organize Bookmarks.

2. A window will pop-up. From the window click on Import and Backup at the top and select the option Export HTML.

3. Now choose the destination where you want to save the bookmark file and click onSave.

To restore this saved file, follow the step-1 and in step-2 select the option Import HTMLinstead of Export HTML and proceed.

Saving a Bookmark file in Google Chrome

1. From the Tools menu, select Bookmark Manager.

2. Click the Organize menu in the manager.

3. Select Export bookmarks.

4. Select the location where you want your exported file to be saved, then click Save.

To restore the bookmarks, follow step-1, step-2 and in step-3 select Import bookmarksinstead of Export bookmarks and proceed.

Saving a Bookmark file in Opera

1. From the File menu, select the option Import and Export.

2. Scroll over to the pull-down menu on the right and choose Export Bookmarks as HTML.

3. On the next screen, choose the destination folder from the Save in menu text box at the top of the screen.

4. Just click the Save button and you’re done.

How to Detect Anonymous IP Addresses

Detect-Proxy

As the fraudsters are now becoming more sophisticated in bypassing the Geo-location controls by using proxies (Anonymous IPs) to spoof their IP address, it has become very much necessary to come up with a means for detecting the proxies so that the authenticity of the users can be verified. Using a proxy (web proxy) is the simplest and easiest way to conceal the IP address of an Internet user and maintain the online privacy. However proxies are more widely used by online fraudsters to engage in cyber crimes since it is the easiest way to hide their actual Geo-location such as city/country through a spoofed IP address. Following are some of the examples where fraudsters use the proxies to hide their actual IP.

1. Credit Card Frauds

For example, say a Nigerian fraudster tries to purchase goods online with a stolen credit card for which the billing address is associated with New York. Most credit card merchants use Geo-location to block orders from countries like Nigeria and other high risk countries. So in order to bypass this restriction the credit card fraudster uses a proxy to spoof his IP address so that it appears to have come from New York. The IP address location appears to be legitimate since it is in the same city as the billing address. A proxy check would be needed to flag this order.

2. Bypass Website Country Restrictions

Some website services are restricted to users form only a selected list of countries. For example, a paid survey may be restricted only to countries like United States and Canada. So a user from say China may use a proxy so as to make his IP appear to have come from U.S. so that he can earn from participating in the paid survey.

Proxy Detection Services

So in order to stop such online frauds, Proxy Detection has become a critical component. Today most companies, credit card merchants and websites that deal with e-commerce transactions make use of Proxy Detection Services like MaxMind andFraudLabs to detect the usage of proxy or spoofed IP from users participating online.

Proxy Detection web services allow instant detection of anonymous IP addresses. Even though the use of proxy address by users is not a direct indication of fraudulent behaviour, it can often indicate the intention of the user to hide his or her real IP. In fact, some of the most used ISPs like AOL and MSN are forms of proxies and are used by both good and bad consumers.

How Proxy Detection Works?

Proxy detection services often rely on IP addresses to determine whether or not the IP is a proxy. Merchants can obtain the IP address of the users from the HTTP header on the order that comes into their website. This IP address is sent to the proxy detecting service in real time to confirm it’s authenticity.

The proxy detection services on the other hand compare this IP against a known list of flagged IPs that belong to proxy services. If the IP is not on the list then it is authenticated and the confirmation is sent back to the merchant. Otherwise it is reported to be a suspected proxy. These proxy detection services work continuously to grab a list or range of IPs that are commonly used for proxy services. With this it is possible to tell whether or not a given IP address is a proxy or spoofed IP.

How to Tell Whether a given IP is Real or a Proxy?

There are a few free sites that help you determine whether or not a given IP is a proxy. You can use free services like WhatisMyIPAddress to detect proxy IPs. Just enter the suspected IP in the field and click on “Lookup IP Address” button to check the IP address. If it is a suspected proxy then you will see the results something as follows.

Detect Anonymous Proxy

So for all those who think that they can escape by using a spoofed IP, this post is the answer. I hope this information helps. Pass your comments.

JULY 15 E-PAPER BY EENADU

CLICK THE IMAGES TO ENLARGE FOR EASY READING

How to Hack an Ethernet ADSL Router

Friday, July 9, 2010

ADSL-Routers

Almost half of the Internet users across the globe use ADSL routers/modems to connect to the Internet however, most of them are unaware of the fact that it has a serious vulnerability which can easily be exploited even by a noob hacker just like you. In this post I will show you how to exploit a common vulnerability that lies in most ADSL routers so as to gain complete access to the router settings and ISP login details.

Every router comes with a username and password using which it is possible to gain access to the router settings and configure the device. The vulnerability actually lies in theDefault username and password that comes with the factory settings. Usually the routers come preconfigured from the Internet Service provider and hence the users do not bother to change the password later. This makes it possible for the attackers to gain unauthorized access and modify the router settings using a common set of default usernames and passwords. Here is how you can do it.

Before you proceed, you need the following tool in the process

Angry IP Scanner

Here is a detailed information on how to exploit the vulnerability of an ADSL router.

Step-1: Go to www.whatismyipaddress.com. Once the page is loaded you will find your IP address. Note it down.

Step-2: Open Angry IP Scanner, here you will see an option called IP Range: where you need to enter the range of IP address to scan for.

Suppose your IP is 117.192.195.101, you can set the range something as117.192.194.0 to 117.192.200.255 so that there exists atleast 200-300 IP addresses in the range.

Step-3: Go to Tools->Preferences and select the Ports tab. Under Port selectionenter 80 (we need to scan for port 80). Now switch to the Display tab, select the option “Hosts with open ports only” and click on OK.

I have used Angry IP Scanner v3.0 beta-4. If you are using a different version, you need to Go to Options instead of Tools

Step-4: Now click on Start. After a few minutes, the IP scanner will show a list of IPs with Port 80 open as shown in the below image.

Step-5: Now copy any of the IP from the list, paste it in your browser’s address bar and hit enter. A window will popup asking for username and password. Since most users do not change the passwords, it should most likely work with the default username and password. For most routers the default username-password pair will be admin-admin or admin-password.

Just enter the username-password as specified above and hit enter. If you are lucky you should gain access to the router settings page where you can modify any of the router settings. The settings page can vary from router to router. A sample router settings page is shown below.

If you do not succeed to gain access, select another IP from the list and repeat the step-5. Atleast 1 out of 5 IPs will have a default password and hence you will surely be able to gain access.

What can an Attacker do by Gaining Access to the Router Settings?

By gaining access to the router settings, it is possible for an attacker to modify any of the router settings which results in the malfunction of the router. As a result the target user’s computer will be disconnected from the Internet. In the worst case the attacker can copy the ISP login details from the router to steal the Internet connection or play any kind of prank with the router settings. So the victim has to reconfigure the router in order to bring it back to action.

The Verdict:

If you are using an ADSL router to connect to the Internet, it is highly recommended that you immediately change your password to prevent any such attacks in the future. Who knows, you may be the next victim of such an attack.

Since the configuration varies from router to router, you need to contact your ISP for details on how to change the password for your model.

Warning!

All the information provided in this post are for educational purposes only. Please do not use this information for illegal purposes.

What are Private and Public IP Addresses

Private and Public IP Addresses

Internet Protocol (IP) addresses are usually of two types: Public and Private. If you have ever wondered to know what is the difference between a public and a private IP address, then you are at the right place. In this post I will try to explain the difference between a public and a private IP addres in layman’s terms so that it becomes simple and easy to understand.

What are Public IP Addresses?

A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to “find each other” online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway.

A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP.

You can check your public IP address by visiting www.whatismyip.com

What are Private IP Addresses?

An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks):

10.0.0.0 – 10.255.255.255 (Total Addresses: 16,777,216)
172.16.0.0 – 172.31.255.255 (Total Addresses: 1,048,576)
192.168.0.0 – 192.168.255.255 (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from 192.168.1.1 to 192.168.1.10. Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP [...]