Security Override - New articles

Windows Hack Part 2: Win Vista

Mon, 21 Jun 2010 18:35:33 +0200

ill not be responsible blah blah blah blah OK LETS START: Creating a Windows Vista password reset disk: ?Click on Start and then Control Panel. ?Click on the User Accounts and Family Safety link. Note: If you're viewing the Classic View of Control Panel, you won't see this link. Simply double-click on the User Accounts icon and proceed to Step 4. ?Click on the User Accounts link. ?In the task pane on the left, click the Create a password reset disk link. ?When the Forgotten Password Wizard window appears, click Next Note: You will need some kind of portable media before being able to create a password reset disk. This means that you will need a flash drive (pen Drive) or a floppy disk drive and blank floppy disk. ?In the I want to create a password key disk in the following drive: drop down box, choose the portable media drive to create a password reset disk on. ?Click Next to continue. ?With the disk or other media still in the drive, enter your current account password in the text box and click Next. ?Windows Vista will now create the password reset disk on your chosen media. ?When the progress indicator shows 100% complete, click Next and then click Finish in the next window. ?You can now remove the flash drive or floppy disk from your computer. ?Label the disk "Password Reset" and store it in a safe place. Tips: ?You only need to create a password reset disk for your Windows Vista logon password once. No matter how many times you change your password, this disk will always allow you to create a new one. ?While a password reset disk will certainly come in handy if you ever forget your password, keep in mind that anyone who possesses this disk will be able to access your account at any time, even if you change your password. Hack Windows Vista Screensavers: Windows Vista's screensavers, for incomprehensible reasons, cannot be customized using the user interface. Want to change the way bubbles look in the Bubbles screensaver? Forget about it. You won't find a way to do it. You can, though, hack the Windows Registry to customize many of the screensavers. For the Bubbles screensaver, for example, you can add three new values to the Registry, and turn the bubbles metallic or keep them transparent; configure whether the bubbles should have shadows; and display the bubbles against the desktop or instead against a solid black background. To do it, open the Registry Editor, then go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionScreensaversBubbles. Select Edit-->New DWORD (32-bit) Value, and create a new DWORD called MaterialGlass. Give it a value of 1 for glassy, transparent bubbles, and a value of 0 for metallic bubbles. Create a DWORD called ShowShadows, and give it a value of 1 to display shadows below the bubbles, and a value of 0 to have no shadow displayed. Create a DWORD called ShowBubbles and give it a value of 1 to show the bubbles on the desktop, and a value of 0 to show them against a solid black background. When you exit the Registry Editor, your new settings will take effect. You can similarly hack the Ribbons screensaver. Open the Registry Editor, then go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionScreensaversRibbons. Select Edit-->New DWORD (32-bit) Value, and create a new DWORD called NumRibbons. Click Decimal, and then type in the number of ribbons you want to be displayed. The minimum number of ribbons is 1; the maximum is 256. Create a DWORD called RibbonWidth, click Decimal, and then type in a number to determine the width of each ribbon. The smaller the number, the narrower the ribbon. When you exit the Registry Editor, your new settings will take effect. To go back to your old settings, delete the Registry values. Hack the Elevated Command Prompt: When you run certain commands from the command prompt, you're told that you don't have administrative rights to run them, even if you're currently logged in as an administrator. What gives? You'll have to run the command prompt itself as an administrator, which is called running an elevated command prompt. One way to do it is to type cmd into the Search box on the Start menu, right-click the command prompt icon that appears at the top of the Start menu, and then select "Run as administrator." But if you don't want to go about doing that each time you run a command prompt, there's a simpler way. You can create a Desktop shortcut for an elevated prompt, or pin the elevated prompt to the Start menu. To create a shortcut on the Desktop: - Right-click the Desktop, and select New-->Shortcut. - In the text box of the Create Shortcut dialog box that appears, type CMD and then click Next. - On the next screen, type a name for the shortcut--for example, Elevated Command Prompt. Then click Finish. - Right-click on the shortcut you just created and select Properties. - Click the Shortcut tab and click Advanced. (See Figure 3.) - Check the box entitled "Run as administrator," click OK, and then OK again. Now, when you want to run an elevated command prompt, simply double-click the shortcut. If you'd like the elevated command prompt to appear on the Start menu, drag it from the Desktop to the Start button, and place it where you would like it to be. Hack Aero's Glass Borders: The borders around system windows, such as dialog boxes and the Control Panel, are transparent in Windows Vista's Aero interface. If you'd like, you can make those transparent borders larger or smaller: - Right-click the Desktop and select Personalize. - Click Windows Color and Appearance. - Click "Open classic appearance properties" for more color options. - From the dialog box that appears, make sure that Windows Aero is selected as the color scheme. Click the Advanced button on the right side of the dialog box. - Select "Border Padding" in the Item drop-down box. To change the size of the border, type a new size for the border. (The default is 4.) Click OK, then OK again. The sizes of the borders will now change. Hack System Restore: System Restore can chew up tens of gigabytes very quickly. If you want to regain that precious hard disk space, you can delete all restore points except your most recent one: - Click Start, then choose All Programs-->Accessories-->System Tools-->Disk Cleanup. - From the screen that appears, choose "Files from all users on this computer." - If a dialog asks which drive to clean up, choose the drive on which Windows Vista is installed. Click OK. - Disk Cleanup will now scan your hard drive and display a dialog box. Click the More Options tab. - In the System Restore and Shadow Copies section, click "Clean up." - A dialog will ask, "Are you sure you want to delete all but the most recent restore point?" Click "Delete." - Click OK to close the Disk Cleanup window. Keep in mind, though, that when you do this, you will also delete any older Shadow Copies of files, and older Windows Complete PC Backup images as well. Hack Vista's Blinking Cursor: Windows Vista's blinking cursor can be razor thin, and sometimes it can be very hard to find, especially if you're using a laptop. But it's easy to make the cursor thicker--pretty much as thick as you want. Select Control Panel-->Ease of Access-->Optimize visual display. Scroll toward the bottom of the screen until you come to "Make things on the screen easier to see," as shown in the nearby figure. In the box next to "Set the thickness of the blinking cursor," select a number. The larger the number, the fatter the cursor. You'll see a preview of the cursor next to the box. Click Save. The cursor throughout Windows Vista will now be fatter and easier to see. I have compiled a list of Rundll32 commands, which can be used for directly invoking the specified functions or to create shortcuts of those, which you use and require frequently. These shortcut / commands have been compiled from various sources, all of which have been acknowledged at the end of the article. To Create Desktop Shortcuts : Rt click on desktop > New > Shortcut. In the first box of the Create Shortcut Wizard, copy-paste the desired command. Then Click Next. Give the Shortcut a Name. Finally, select an appropriate icon for it. More on How to Create a Shortcut on the Desktop at KB140443. Some of them can prove to be rather useful, eg, copy-paste rundll32.exe keymgr.dll,KRShowKeyMgr in Vista's Start Menu Search bar and hit enter; and you will see the Stored User Names and Passwords Box pop up ! The Stored User Names and Passwords Applet lets you assign user names and passwords to use, when needing to authenticate yourself, to services in domains other than the one you are currently logged into. Its normally very awkward to access buts this way lets you do so faster ! You can thus access quite a few useful functions easily ! Add/Remove Programs: RunDll32.exe shell32.dll,Control_RunDLL appwiz.cpl,,0 Content Advisor RunDll32.exe msrating.dll,RatingSetupUI Control Panel RunDll32.exe shell32.dll,Control_RunDLL Delete Temporary Internet Files RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 Delete Cookies RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 Delete History RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 Delete Form Data RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 Delete Passwords RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 Delete All RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 Delete All + files and settings stored by Add-ons RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 Wireless Network Setup RunDll32.exe shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW If you wish to disable the Autoplay feature for USB Drives & Audio CDs, here are some ways you can do it in Windows Vista: 1) Type gpedit.msc in the Start Search box, and then press ENTER to open the Group Policy Editor.(use group policy editor carefully) Under Computer Configuration > expand Administrative Templates > expand Windows Components > click Autoplay Policies In the RHS Details pane, double-click Turn off Autoplay to open the Properties box. Click Enabled, and then select All drives in the Turn off Autoplay on box to disable Autorun on all drives then Restart. Additional Read: How to selectively disable specific Autorun features and more on KB953252. 2) You can also open the Control Panel and set the options as per your preferences. Control Panel > Hardware and Sound > AutoPlay 3) The same can be achieved by editing the Registry. Run regedit and navigate to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer In the RHS, create a new dword and rename it to NoDriveTypeAutoRun. Right click on it and give it a decimal value 225 (or Hexadecimal value 000000FF). Exit regedit. Reboot. This will disable AutoRun on all drives. If you wish you may download this .reg fix and double click it and add the entries to your registry.

Bruteforcing: There will always be a need.

Mon, 21 Jun 2010 18:35:17 +0200

Bruteforcing is something we've learned to take for granted lately. Maybe it's due to the fact that we have so many tools available to brute force passwords for us. Or, maybe we say things like: "Yeah. Bruteforcers are so easy. I'll get around to writing one whenever I feel like it." But then, we never seem to get around to it, and quickly lose focus of why this type of attack is useful for a hacker to learn. In the real world, I've never been so up to my eyes in the need to crack MD5 hashes, that I've had to use a rainbow table. I'm sure there are scenarios where this could be beneficial. But, for all the purposes I've seen, gaining access to real world systems, involved implementing something custom, on the fly, and off the cuff. Predefined lists of hashed passwords were absolutely no help. And, I found myself coding up simple bruteforcers built around a target specific implementation. Let me give you an example: Corporate Meatpuppet Jim, is the head peon for the local branch of Big Business Corp LTD (store number 1123), that delivers to you, your never ending supply of useful gadgets. But Jim is just the figurehead, and not the person you see handing you gadgets every week. In fact, you've never even met Jim. Instead, you've become friends with Bill, the guy that drives the truck for Big Business Corp. Bill is a friendly, down to Earth, nine-to-fiver, that's always willing to tell you the kind of crap he's going through at work. It seems there's always some sort of drama going on in the corporate world, and he always has a fresh load of gossip to give. But, they don't treat Bill well at all, and he knows something doesn't look too bright in his future. But, the ties are tied too tight at BBCLTD, and they won't even give Bill a clue whether or not he should be looking for another job. His family could really use that information. One day, curiosity bites you, and you decide to take the information Bill has given you, and see what's happening at Big Business Corp for yourself. It dawns on you, "Hey! They let school children take tours of the facility on field trips, why wouldn't they allow one of their best customers to come down and take a look as well?" Long story short, you find yourself in Jim's office, talking about lame and contrived corporate BS, that seems to be going in one ear and out the other, when you stumble across some interesting information. It turns out, that Jim is a forgetful guy, and likes to write things down on sticky notes he posts haphardly around the walls of his office. So, as he's filling your deaf ears with useless corporate garbage, you're looking around ... "trying to get a feel for the place" ... when you see, in big bold print: [quote] Big Business Corp LTD - Primary Teleconferencing Hub 1-800-555-1234 user id = 1123 password = 123456# alternate user id = 11231123 password = 654321# [/quote] Your hacker senses start tingling, and you draw some really good conclusions about this information: 1) - Whatever is being said on that hub is so important they needed to password protect the information. 2) - The user id is based on the store number. 3) - The password is extremely easy to replicate. Now you start examining the problems. 1) - Jim's password may be old, and may have changed. 2) - Even if it's not, using the local branch to gain access may not be the wisest move you could make. 3) - That there's no way Cain, Abel, or your good friend John, are going to help you with this. There's only one solution now, and that's to whip up a quick and dirty bruteforcer to give us passwords for any branch. In this example, we would need a system to attempt different passwords for a given store number, convert those passwords into DTMF tones, and then either continue, or break, based on what kind of response we get from the system designed to log in to the hub. Since this article isn't about changing strings of characters into DTMF tones, I'm going to simply walk you through the things you'll need to know in order to write the bruteforcer. First thing we need is a way to plug in each possible combination (technically called a permutation). We have a range of valid characters, in this case 0-9, arranged in an array six characters long, giving us 10 ^ 6 possible combination for the result, since our keyspace (0-9) is ten digits wide. That's only one million, which is a hell of a lot better than the astronomical permutations used for some computer passwords. Anyway, there are two ways we can do this. We have an iterative approach, or a recursive approach. In most cases, we have to resort to a recursive approach, because we simply don't know how long our passwords may be. In this case that's not necessary, so we could use either. There's a lot to be said about using an iterative vs recursive approach when it comes to speed and memory usage. But, in the real world, all of those concerns tend to be theoretical. In any event, I'll show you both methods, so that you're familiar. For an iterative approach, we simply nest a set of [b]for[/b] loops, like so: [code] int lowChar = (int)'0'; int highChar = (int)'9'; for(int i = lowChar; i <= highChar; i++) { password[0] = (char)i; for(int j = lowChar; j <= highChar; j++) { password[1] = (char)j; for(int k = lowChar; k <= highChar; k++) { password[2] = (char)k; for(int l = lowChar; l <= highChar; l++) { password[3] = (char)l; for(int m = lowChar; m <= highChar; m++) { password[4] = (char)m; for(int n = lowChar; n <= highChar; n++) { password[5] = (char)n; password[6] = '#'; password[7] = '�'; CheckPassword( password ); } } } } } } [/code] That's a LOT of looping. But that can't really be avoided, even if we use a recursive approach. Iterative approaches are generally faster, but the recursive approach is much more clean, and really only starts to becomes a problem memory wise, when dealing with passwords that are thousands of characters in length. So, a more universal solution might look somthing like this: [code] int lowChar = (int)'0'; int highChar = (int)'9'; void recurse(int pos, char* password, int length) { int i = 0; for(i = lowChar; i <= highChar; ++i) { password[pos] = (char)i; if(pos < (length - 1)) { recurse(pos + 1, password ,length); } else { CheckPassword( password ); } } } void bruteforce(int length) { char password[length]; password[length] = '�'; recurse(0, password, length); } [/code] In both of the above code examples, the CheckPassword() function is where we would have written the code to convert the password to DTMF tones and monitor the response from the teleconferencing hub. But, this could have been anything, including comparing two MD5 hashes. The function call just makes the code more universal, and much easier to read. Hopefully this all makes sense. ;) As it turns out, Big Business Corp LTD did have intentions of firing Bill, those sorry bastards. But, thanks to our help, Bill and his family, don't have to worry, since we gave him that bit of information just in time for him to look for a new job. He still comes by every once in a while, but we've since found a better company for our own personal gadget needs.

Anonymous Online Purchasing

Sat, 12 Jun 2010 03:19:08 +0200

Now many of us love online purchases. Dont have to deal with the annoying salesperson, you get what you want from where you want, and nothing is ever truly out of stock. Unfortunately there are some downsides to online shopping. Since the only effective means is using paypal or credit cards you risk getting your information or accounts and cash stolen every time you make a purchase and often these risks persist way after your purchase has been completed such as when a site gets compromised. This has been the thinking that has kept me away from buying things online for a great deal of time, until the day of this writing when I figured out a way to complete online purchases with a greater degree of safety and an added element of anonymity. Im sure others are aware of this method but many do not, so I am here to share it for the benefit of those who dont know. First of all you need to understand Visa gift cards. Im sure other gift cards work fine and dandy but currently I only know of Visa for sure. These gift cards come in the standard $25, $50, ect. types for purchase at your local walmart or whatever and can be refilled at will. Now these Visa gift cards allow you to register them online using your card number on front(like a regular credit card) and the three digit 'security code' number on the back next to the signature spot. You will then need to fill out your card's information. Heres the important part. You can put in WHATEVER information you want. Although recommended to keep your shipping address the same for cases like when HP requires the card and shipping address to be the same, many retail stores dont check this, so you can ship wherever you want. The beauty of it comes down to three points: 1.)You can lie about your name, 2.)You control how much you put in, even if the site gets compromised the worst outcome is you lose one or two dollars and not your ENTIRE CREDIT CARD ACCOUNT :) while your personal info is safe, at most they get is an address which if you use an extra P.O Box doesnt give much to the malicious and 3.)You can ship anywhere without anyone knowing who it came from. A few disclaimers are in order however: 1.)Lieing about your name IS a violation of U.S contract law thanks to misrepresentation. Luckily the only punishment would be that they could cancel your order but lets be realistic no company is going to care enough to do so(less you are trying to purchase restricted materials which I do not recommend). 2.)You still have to reveal the shipping address(duh). and 3.)I do not recommend using this as part of any criminal activities, because quite frankly the only use in crime this is going to give wouldnt protect against what actually gets people like carders caught, and will only help the prosecutor. The benefits of anonymous online purchasing via gift cards only truly benefits those you do not wish to hand out their name will-nilly and wish to lessen the risk of credit card identity theft. Happy Shopping! -Madf0x

Advanced KMP String Search

Wed, 26 May 2010 03:11:45 +0200

Sooner or later you're going to have to deal with pattern matching at a lower level than you're typically accustomed. For instance, you may need to implement a search feature within a text editor. What follows is an example of the KMP (Knuth�Morris�Pratt) algorithm with a nice little hacker twist to give it slightly better performance. For those who are unfamiliar, the basics of this algorithm are simple. Rather than perform a search against every character of the input ( i.e. strcmp(); ), we instead perform a match against only key positions of the string. This allows us to easily eliminate positions from the search space simply because the key positions do not match. Here's an example the universe: ABAABACDEGAAA the key:........EGA On the first pass, we compare ABA to EGA using only key position 0. A is not equal to E so we can avoid that position and move to the next, which saves the time of doing a string comparison on the remaining pieces. So the next pass becomes the universe: ABAABACDEGAAA the key:..........EGA B is not equal to E, so skip that position as well. Only when we've found a matching key position, do we start to evaluate the remaining characters. It may not seem like it, but this is actually a tremendous time savings over doing a naive strcmp() on each key position. However, a problem arises in the speed of the algorithm, when we have a universe that has many potential matches. For example: the universe: EGXEECAEGADEGA the key:........EGA In this scenario, we spend a bit of extra time looking at sections that have similar key positions, ultimately to find out, that they never result in a perfect match. Using the KMP algorithm, this can't really be avoided. It's just how the algorithm works. But, it can be improved. Time for that hacker twist I talked about. What happens if we examine two positions at once? We can effectively cut our comparison time in half by narrowing the search space during each pass from both ends. If we get a match with the first key position, and the second key position, we know that there may be a need to keep processing, and if not, we've found a entire section of the universe which can safely be ignored, as opposed to only a single key position. For our purposes, I've chosen the initial key positions to be search_text[0] for the left key position, and strlen( search_text ) for the right. During each pass, non-matching sections of the universe are ignored, and then the left side is incremented, and the right side decremented. Saving even more time, since we no longer have to check the first and last positions. Hopefully you're still with me. If not, it's just the KMP algorithm working from both ends of the string. Simple eh? So how to do this in C/C++? The toughest question we'll have to answer is: "How do we ignore an entire section of the universe?" Well, how about using one of the standard containers? How about a stack? If we treat our search space as a stack, we can simply ignore non-matching patterns by popping them during each pass. The next pass will then automatically begin with only the sections of the search space that have the potential to form a match. The code below is that very scenario in a nutshell. It's only a demo of the algorithm, but with only slight modification you can use it for any of your string searching purposes. Enjoy. Oh, and for more on string search algorithms be sure to check out the [url=en.wikipedia.org/wiki/String_searching_algorithm]wiki[/url]. [code]#include #include int main() { std::vector search_space_stack; std::vector match_stack; char universe[] = "This is a very, very, very, hairy algorithmvery"; char search_text[] = "very"; int len_pattern = std::strlen(search_text); int previous_first_position = 0; // populate the universe (a.k.a search space) for the initial pass for(int i = 0; i < strlen(universe) - (len_pattern - 1); i++) { search_space_stack.push_back(i); } // the heart and soul of the search while( search_space_stack.empty() == false ) { int start_position = previous_first_position; int end_position = (len_pattern -1) - start_position; char first_char = search_text[start_position]; char last_char = search_text[end_position]; char test_char1 = universe[ search_space_stack.back() + start_position ]; char test_char2 = universe[ search_space_stack.back() + end_position ]; int result = (test_char1 == first_char) + (test_char2 == last_char); if( result != 2 ) { search_space_stack.pop_back(); previous_first_position += end_position; } else if( (end_position - start_position) < 1 ) { match_stack.push_back( search_space_stack.back() ); search_space_stack.pop_back(); } else { previous_first_position++; } } // now to display our results for(int i = 0; i < match_stack.size(); i++) { char buffer[256]; std::memset((void*)buffer,0,256); std::memcpy((void*)buffer,(void*)&universe[match_stack[i]],len_pattern); std::cout << match_stack[i] << " " << buffer << std::endl; } // clean up before exit match_stack.clear(); return(0); } [/code]

A Brief History Of The Internet

Tue, 25 May 2010 17:18:23 +0200

Investigate and Outline the History of the Internet by LiquidFusi0n Introduction In this report I will be researching and investigating the history of the internet. I will pick out some of the milestones in the internets development and study them in depth. I will then outline these milestones and show a thorough understanding of them. ARPANET (Advanced Research Projects Agency Network) 1969 ARPANET is the first of the milestones of internet development that we will look at. ARPANET which stands for Advanced Research Projects Agency Network was created in the cold war by the US Department of Defence. The ARPA Network was the first successful packet switching network in the world to our knowledge. Packet switching is a vast improvement on the older technology of Circuit Switching. Packet Switching is still to this day the core system used to transfer data over the web. Packet Switching is a method designed to take any form of data immaterial of what it contains and split it into smaller packages called packets. These packets are then sent over a shared network but are dealt with as separate items. A scientist at ARPA called Lawrence Roberts designed his own version of packet switching and this was at the core of ARPANET. One of the first ideas of a computer network was thought of in 1962 and was the creation of a man called J.C.R Licklider. J.C.R Licklider was later on appointed to work at ARPA and whilst there managed to persuade a man called Ivan Sutherland that his ideas were of vital importance, unfortunately J.C.R Licklider had left working at ARPA before he could see any of his ideas develop. The first ARPANET contained 4 IMP�s (Interface Message Processor) these four were placed at The University of California Los Angeles, The Stanford Research Institute, The University of California Santa Barbara and The University of Utah. After this the first ever message was sent by a student of UCLA, the message was �login� the computer managed to process the �lo� but then crashed. So the first ever message sent through some form of network was �Lo�. After this the first computer network was created it was a simple 4 host network, but it worked. The first ever e-mail sent in 1971 was sent through this network and its message was something along the lines of �QWERTY� but this is not accurate as the contents of the message have actually been forgotten. APRANET used 1822 as its core host to host platform. 1822 referred as this because of its report name was a way to connect any host computer to an ARPANET router, mentioned earlier as an IMP. 1822 worked by a host computer typing a message and entering an address for the receiving computer much like modern day IP addresses this would then send to an IMP and this would route it to the destination, this is much like how modern day routers work. The difference being that in modern day technology we cannot fully rely on IP, 1822 however was 99.9% reliable because if the IMP could not send the message it would return a message to the originating host saying that it could not deliver. This however was flawed slightly because on the odd occasion an IMP would give out a false positive where it would return a �lost� message when in fact the packet had been transmitted correctly. When the IMP had successfully sent a packet it would also return the message RFNM (Ready for Next Message). In 1983 however the Transmission Control Protocol replaced 1822 and ARPANET IMP�s just became part of the ever expanding internet. Once e-mails had become functional they accounted for 75% of ARPANET�s traffic. Later on in 1973 FTP (File Transfer Protocol) had been designed and was usable over ARPANET to send files from one host to another. After this the growth of ARPANET was exponential and by 1981 alone there were 213 hosts on the network. This increased more and more as years went by and newer technology making it easier to connect to ARPANET came about. ARPANET was the spark that started it all it got people thinking differently about computers and the power that they actually held within them and it made people think about the many different ways that we can use computers to make our lives easier. Electronic Mail (E-Mail) 1971 E-mail is the biggest and most important milestone in communication over the internet and could be called one of the most vital parts of the internet today. Every day millions of emails are sent worldwide sharing knowledge and information between millions of people. Because of this, e-mail is a huge marketing and business tool for people to use this can be good and bad. The idea of an email first came into play with the creation of timesharing computers. These computers could run more than one program and developers made software for users to be able to send message between different terminals. The only problem with this was that the software was limited to a group of users sharing one computer. Ray Tomlinson is alleged to have sent the first email and also to be the first person to make use of the �@� sign to separate the name of the user and the users machine. In the early 1970�s Ray Tomlinson was working with a small group of people developing the operating system TENEX this operating system was to have built into it two pieces of software to allow local messaging these were SNDMSG and READMAIL. Later in 1971 Ray Tomlinson greatly improved SNDMSG to be used on ARPANET by adding CPYNET to it which allowed users to send messages over a network this was a huge breakthrough. Ray informed his staff of this achievement by sending them all an email with instructions on how to use the software. Jon Postel one of the main pioneers of the internet is said to have commented on Ray Tomlinson�s work by describing it as a �nice hack� To make an addressing system Tomlinson use the �@� symbol and the syntax of that would be user@host this is the addressing method still used today. The early program was simple and command line only. In 1972 the FTP program got two new additions to its software these were to be the commands MAIL and MLFL. MAIL and MLFL were added to the FTP software to allow standard network capabilities for the transport of emails. This then became the standard for sending email over ARPANET until around the 1980�s when SMTP was created which included many valuable improvements on MAIL and MLFL. Email as a tool changed the world from ARPANET to Internet it allowed now millions of people worldwide to connect and had a whole world of possibilities. Possibly the most important mail protocol was SMTP (Simple mail transfer protocol) this protocol is still used to this day but the protocol did not put enough energy into finding out weather the person sending the message was who they said they were this lead to very simple forgery which was then exploited by viruses and worms. The biggest development in email technology however was the creation of the POP (Post office protocol) protocol. POP servers started appearing everywhere and quickly become the industry standard for the transfer of email. When POP was first initialised users had to pay per minute for the use of email most users of this set up huge discussion groups were the would email information these were known as newsgroups and all of them together created what is known as USENET. From this the World Wide Web developed and user friendly interfaces for email such as Yahoo were created these were free to use. At this point email become commercialised and everyone wanted or had an email address. Hundreds of millions of people adopted the idea of email and got email addresses this quickly became one of the most important uses of the internet. Email is one of the biggest milestones in internet history it allowed people anywhere in the world to talk to each other instantaneously regardless of time or date. IPSS (International Packet Switched Service) 1978 IPSS or International Packet Switched Service was created in 1978 and was the collaborative works or the UK post office the Western Union International and the United States Tymnet. You would connect to the network via a PSS (Packet switched stream) modem or a X.25 PAD (Packet Assembler/Disassembler) its growth was rapid covering a worldwide scale by the early 1990�s. To access IPSS you needed to attain either dedicated access or a public dial access facility, this unfortunately costs money. IPSS is available 24 hours a day 7 days a week unless restricted by the overseas company or the local authorities in the area limiting the connections. The connections were offered in 3 different speeds the fastest obviously costing the most money. Newsgroups and Bulletin Boards 1970�s With the internet growing rapidly new technologies and new ways to communicate came about two of these are newsgroups and bulletin boards. Newsgroups are internet discussion forums in newsgroups people discuss many different areas of interest from aviation to knitting. In a newsgroup the messages posted can be viewed by anyone that accesses the newsgroup. Most newsgroups became part of the Usenet system or were set up on the Usenet system to access newsgroups you need a newsreader such as UseNext. Usenet newsgroups have the same functionality as online discussion forums but they are technically different in the way that discussion forums are usually viewed through a web browser where as newsgroups are accessed through software called a newsreader. Newsgroups allow posting to different groups as long as your post is on-topic, off-topic posts are frowned upon. The administrator of the newsgroup has to make a decision as to how long the posts stay there this is called the retention. The retention time differs from server to server one may be two days one may be 3 months if the server had a retention time of two days and you post an article that article will only exist on the server for two days this is used to save space and avoid the discussion becoming stagnant. Usenet groups come in two different types, text and binary, the end result of both of these is the same but the way the server handles the users bandwidth is different. Newsgroups quickly became a place for people to start flame wars and troll but also became a very important place for information and friendship. There are over 100,000 newsgroups but only about 20,000 are active at this time. Newsgroups are arranged into hierarchies to make them easy to navigate. On Usenet there were seven main hierarchies these were known as �The Big 7� they were as follows: 1. comp.* � Discussion of computer-related topics 2. news.* � Discussion of Usenet itself 3. sci.* � Discussion of scientific subjects 4. rec.* � Discussion of recreational activities (e.g. games and hobbies) 5. soc.* � Socializing and discussion of social issues. 6. talk.* � Discussion of contentious issues such as religion and politics. 7. misc.* � Miscellaneous discussion�anything which doesn't fit in the other hierarchies. Before 1986 these hierarchies were all part of one main hierarchy called �net.*�. �The Big 7� came about during what is known as the �Great Renaming� of 1986-1987. There was huge discussions about which newsgroups would be allowed but Usenet Cabal who effectively ran �The Big 7� at the time did not allow anything concerning recipes, drugs or sex. A company called Deja News started to archive Usenet in the mid 1990�s they made a searchable web interface so people could search posts from newsgroups. Google bought the archive off Deja News and started to buy other archives in an attempt to archive all newsgroups and postings. Google also provided users with a search function but also provided them with a way to post to newsgroups within Usenet. Newsgroups are the foundation for the idea of forums and the internet is full of forums so as we can see Newsgroups have a major part to play in the development of the internet. TCP/IP (Transmission Control Protocol/Internet Protocol) & National Science Foundation (NSF) 1983 TCP/IP as it is commonly referred to stands for Transmission Control Protocol/Internet Protocol and is the Internet Protocol Suite and is a networking standard. TCP/IP is actually a whole family of protocols and, TCP and IP are only two of them. TCP/IP was first used in 1983. TCP/IP had been in development many years before this and the project was run by the Defence Advanced Research Projects Agency (DARPA). But it was in 1983 that ARPANET fully migrated to using TCP/IP. Like many suites it can be said that the internet protocol suite works in many layers the top layer being closer to the user and the bottom layers actually preparing the data to be transmitted. TCP/IP has four layers I will list these here from the highest layer to the lowest layer: 1. Application Layer 2. Transport Layer 3. Internet Layer 4. Link Layer We will now look at each layer individually and in depth. The first layer is the link layer. The link layer is used to take care of all the hardware components of the network it pulls in the packets of the wire and then strips it of any link layer information and passes it on too the network layer which is the next level up. The networking layer is the layer that contains the tools to send the information to its destination. The networking layer is not concerned with reliability this is the task of the transport layer. The networking layer contains the protocols IP (Internet Protocol) and ICMP (Internet Control Message Protocol). We use ICMP for certain utilities such as traceroute and ping. It is the IP�s job to work out how to get a packet to its correct destination and when it receives on it becomes its duty to work out where it belongs. The IP does not care whether or not the packets actually reach there destination nor is it concerned with weather the packets come in the same order as they were sent, if the IP gets a corrupt packet it silently discards it without any errors being returned to the user. It is possible to send information between computers because each computer has a unique number attached to its NIC (Network Interface Controller). When you send a packet it will be sent through many different computers to get to its destination. Machines determine where a packet is going next by using routing tables. Our routing tables contain 3 main bits of information these are; �Addresses of Routers�, �Addresses they can Handle� and �The interface to which they are connected�. A packet will be sent to a machine and that machine will look and see if it has a direct root to the destination machine. Let�s say we are sending a packet to another computer but our computer doesn�t have a direct root it will send it to any computer in its list and then that computer will look in its list and see if it has a direct connection to the destination machine. This is essentially how our packets arrive at there destination but we must remember it is not the IP�s job to make sure our sending is successful. We can use a tool called Traceroute(Unix) or Tracert(Windows) to follow one packet on its journey through all of the machines it runs through. Example Input(Windows) Command: C:Documents and Settingsscottor.NETHERHALL.001>tracert 212.219.204.254 Example Input (Unix) Command: liquidfusi0n@ubuntubox:~$ traceroute 212.219.204.254 Example Output: Tracing route to 212.219.204.254 over a maximum of 30 hops 1 1 ms <1 ms <1 ms 10.100.16.1 2 <1 ms <1 ms 9 ms 10.178.159.1 3 1 ms 1 ms 1 ms 10.106.254.117 4 3 ms 3 ms 3 ms 10.106.254.34 5 4 ms 4 ms 3 ms 212.219.204.254 Trace complete. You can see from the example output that to get to that address we had to go through more than one machine, every time we connect to another machine we call it a hop. Using the above tools we can limit how many hops we take amongst many other things. Now we will look at the 2nd layer which is the transport layer. The transport layer consists of two components the first is TCP(Transmission Control Protocol) the second is UDP (User Datagram Protocol). TCP is a reliable way to transport our packets where as UDP isn�t. TCP works on the ports system we will look at how the server handles TCP first then look at what UDP is and why we might use it. All TCP and UDP packets contain an identification number which is the port number the packet is to be sent to. It is important to remember that port numbers are not hardware-based. On a server there will be a port open and it will be what we call �listening� this means that it is listening for any incoming packets. We can only have one process listening on one port unless the processes are using different protocols. When the transmission control protocol receives data it checks the port number and sends the data to that port the listening machine will then accept that request. UDP can be looked at basically as IP with port numbers. UDP is roughly as reliable as IP is and this can be the main reason as to why people would choose not to use it. The reasons people use UDP is because we do not have the limits of TCP and we are allowed access to IP-style datagrams this is helpful for people who are perhaps trying to create there own protocols. Two examples of processes that use UDP are the NFS (Network file system (Port 2049)) which no longer uses UDP because people felt it was a bad design choice and all newer versions of NFS use TCP. Our second example of an application that uses UDP is DHCP (Dynamic Host Configuration Protocol (Port 68)) this uses UDP because the requests and replies are short and fast. There are some applications that will use both methods of transport one of these is DNS (Domain Name System). DNS uses both UDP and TCP and uses each different one for different kinds of scenarios for instance for short and easy tasks DNS will use UDP but for larger tasks or tasks that need more reliability DNS will switch over and use TCP. This is a good system to use as it maximises efficiency it is pointless using TCP for really small tasks when it is more efficient to use UDP and vice-versa. DNS (Domain Name System) 1984 When the internet was first starting out users systems were identified by a 32 digit number known as an IP address and if computers wanted to connect to each other this address was needed. To make life easier for the end user human readable names were attached to these numbers so a user trying to access 127.0.0.1 could simply access �localhost�. Before DNS both the 32 bit address and the more user friendly name were stored in a master host file. It is the DNS that allows us to use our browser and access a page via an address such as �www.google.com� rather than having to type the IP address of the server that Google is hosted on. The way the DNS labelling system works is that we work from right to left. Lets look at �www.securityoverride.com� from right to left the �.com� is the top level and �securityoverride� is a sub-domain of that level and �www.� is a level below security override. Domain names are generally concatenated together with a period. We can go up to 127 different levels and each �label� is aloud to have up to 63 characters. Technically a domain can contain any character that can be represented in a octet but because of various reasons we now have a subset of the ASCII table allowing us to use the characters A to Z (Capital and Lowercase), 0-9 and the hyphen. Without the development of the DNS people would still be accessing websites by their servers IP address. Test to see how many 32 bit IP address you can remember compares to how many words you can remember. DNS was a natural progression within the internet. First Commercial Dial Up 1990 In 1990 the first ISP was founded and along with this so was the first ever commercial dial up service. It was a company to go by the name of The World who would be the ones to commercialize dial up internet. In this time there were many other ISP companies setting up such as PSINet, Netcom and UUNET but it was to be The World that would succeed the best with the commercial market. We have The World to thank for the internet being made more easily accessed by even computer novices. World Wide Web CERN 1991 CERN - the European Organization for Nuclear Research is a community of scientists from about 60 different countries and hosts about 7500 scientists. CERN also holds some of the worlds greatest scientists who are working on ground breaking discoveries. In 1989 a scientist from CERN called Tim Bereners-Lee invented the world wide web. The first concept of the World Wide Web was created so that scientists could have an automatic sharing of information between scientists at all different institutes and universities. After this the first few web servers to ever exist were set up but the problem was that only a few people had access to using the NeXT platform on which the first browser was ran but CERN counteracted this by releasing a much simpler browser that could be used on any system. The first web server to go online in America was initialised in 1991 the issue being that users only had access at this time to two different kinds of browsers. The first being the originally developed browser which needed the NeXT platform to run and the second being the cross platform browser but this lacked and power user features. Later on more browsers were developed by independent programmers. You can visit the first ever website http://info.cern.ch/ this is the site that was hosted on the first web server to go online in the USA. The development of the world wide web is possibly what has made the internet so accessible to everyone and without its development perhaps the internet might not have reached the mass scale that it has today. First Widely Used Browser (Mosaic) 1993 Mosaic was developed at NCSA (National Centre for Supercomputing Applications) and must be credited as the browser that lead to what is known as the internet boom. Mosaic was one of the first GUI browsers and its features are still replicated to this day in modern browsers such as Google Chrome, Internet Explorer 8 and Firefox 3.6. Some members of the Mosaic team went on to create another browser called Netscape Navigator however the two shared no code. Mosaic was not the first web browser for Windows another little known program called Cello was but Mosaic even without being the first outshone the rest. Mosaic differed from the rest because it had a full time team of programmers working on it and the software itself was so simple to use and install even a amateur could do it. Mosaic had essentially made the internet accessible to you everyday person and because of this we hit the internet boom. Mosaic also had one feature that currently other browsers did not have and that was the ability to be able to display text and images inline with each other. On any other browser to view an image the browser would have to open a new windows for that image but with Mosaic you could view them alongside the text and this was very appealing to a lot of people. Mosaic is probably responsible for the way we use our browsers today and for how we access the internet on a whole and is also responsible for initiating the 1990's internet boom. Search Engines 1990 The first search engine to come into existence is believed to be Archie named after the word archives. This search engine was in existence before most websites were. The first few hundred websites came into existence in 1993 and were mainly hosted at colleges and universities but Archie being created in 1990 was around before they were. Archie was created by a man called Alan Emtage. In 1990 Alan Emtage referred to Archie as pretty brain-damaged but about 3 years later showed more confidence in the abilities of Archie. Archie didn't have the same power as today's search engines but this is to be expected based on the time it was made. Archie had the ability to search for exact files so if you knew you were searching for a file called 'wow.txt' Archie would be able to search for this file. Archie did not have the capability to list the contents of a text file however but another search engine first adopted this feature that search engine was known as Gopher. With the growing popularity of the World Wide Web the way that search engines worked changed quite a bit. One of the first ever a method of indexing and archiving the World Wide Web was created by a man named Martijn Koster; it was to be named ALIWEB (Archie-Like Indexing in the Web). ALIWEB never really took off as much as other competing search engines but Martijn Koster's work with robots was to play a vital part in future search engines such as Google. Without the power of search engines how would we navigate our way around the World Wide Web how would we target what we were searching for to come up in relevance to our search string? Search Engines are not only a great development but they are an essential one this is what differs them. Email was not a nessaccery development just a good one. Search Engines however are essential to the World Wide Web. Modern Day Technologies 2010 In this section we will look at 3 or 4 new technologies that have been developed in the last 10 years (2000 � 2010). Webcasting is a way for a person to stream an image from there webcam to the internet for people to watch. One great example of this would be the infamous Chris Pirillo who webcasts his life 24/7 for all to see. This is a pretty modern development and has been utilised in many different was from entertainment to illegally streaming movies and it is even heavily used in the pornography industry with the invention of cam sites. VoIP (Voice over Internet Protocol) is a way to transmit our voice over the internet. Any person can go out and buy themselves a VoIP phone and it will connect to the internet to transmit the sound. VoIP calls are cheaper than traditional landline calls or mobile phone calls and VoIP is quickly growing in popularity. Another form of VoIP is the software Ventrillo and its competitor Team Speak. These two pieces of software allow a user to set up a server to which there friends can connect and all be in what is known as a channel from there they can talk to each other over the internet using a headset with a microphone built in. HTML5 is a new HTML (Hypertext Mark-up Language) standard replacing HTML4 and will contain many features built in that HTML 4 didn't. We currently use Adobe's Flash for most of our animations or streaming videos. Flash has to be downloaded to use and is not built in to your web browser by default but you can very easily obtain it. HTML5 has features that are very similar to Flash and will allow us to stream videos within the HTML its self which means that no longer will users have to download Flash because HTML5 will have made all features of Flash a standard. Conclusion This has been a pretty brief look into the history of the internet and there is tones more information to be accessed and a lot more developments we have just looked at some of the biggest ones to help give you a basic understanding of the internet and how it came about. Bibliography Dave Crocker. �Email History�. 15/3/2010. Ian Peter. �The history of email�.15/3/2010. Wikipedia. �ARPANET�. 7/3/2010. Wikipedia. �International packet switched service�.15/3/2010. Anonymous. �PTI International Packet Switched Service�.31/7/2001.15/3/2010. Microsoft. �What are newsgroups�.18/3/2010. David Kristula. �What are Discussion Boards and Newsgroups�.18/3/2010. Wikipedia. �Usenet Newsgroups�.18/3/2010. Wikipedia. �Internet Protocol Suite�. 12/4/10. Jason Yanowitz. �Under the hood of the Internet: An overview of the TCP/IP Protocol Suite�. 15/4/10. Anonymous.'Where the web was born'. 16/5/10. Wikipedia. 'Mosaic (web browser)'. 16/5/10.

nokia cheats

Mon, 24 May 2010 18:43:15 +0200

On the main screen type in: *#06# for checking the IMEI (International Mobile Equipment Identity). *#7780# reset to factory settings. *#67705646# This will clear the LCD display(operator logo). *#0000# To view software version. *#2820# Bluetooth device address. *#746025625# Sim clock allowed status. #pw+1234567890+1# Shows if sim have restrictions. *#92702689# - takes you to a secret menu where you may find some of the information below: 1. Displays Serial Number. 2. Displays the Month and Year of Manufacture 3. Displays (if there) the date where the phone was purchased (MMYY) 4. Displays the date of the last repair - if found (0000) 5. Shows life timer of phone (time passes since last start) *#3370# - Enhanced Full Rate Codec (EFR) activation. Increase signal strength, better signal reception. It also help if u want to use GPRS and the service is not responding or too slow. Phone battery will drain faster though. *#3370* - (EFR) deactivation. Phone will automatically restart. Increase battery life by 30% because phone receives less signal from network. *#4720# - Half Rate Codec activation. *#4720* - Half Rate Codec deactivation. The phone will automatically restart If you forgot wallet code for Nokia S60 phone, use this code reset: *#7370925538# Note, your data in the wallet will be erased. Phone will ask you the lock code. Default lock code is: 12345 Press *#3925538# to delete the contents and code of wallet. Unlock service provider: Insert sim, turn phone on and press vol up(arrow keys) for 3 seconds, should say pin code. Press C,then press * message should flash, press * again and 04*pin*pin*pin# *#7328748263373738# resets security code. Default security code is 12345 Change closed caller group (settings >security settings>user groups) to 00000 and ure phone will sound the message tone when you are near a radar speed trap. Setting it to 500 will cause your phone 2 set off security alarms at shop exits, gr8 for practical jokes! (works with some of the Nokia phones.) Press and hold "0" on the main screen to open wap browser. these may cause damage 2 ur phone so ignore their usage

Baisc unix commands

Mon, 24 May 2010 18:41:59 +0200

Location: king of hell * ls --- lists your files ls -l --- lists your files in 'long format', which contains lots of useful information, e.g. the exact size of the file, who owns the file and who has the right to look at it, and when it was last modified. ls -a --- lists all files, including the ones whose filenames begin in a dot, which you do not always want to see. There are many more options, for example to list files by size, by date, recursively etc. * more filename --- shows the first part of a file, just as much as will fit on one screen. Just hit the space bar to see more or q to quit. You can use /pattern to search for a pattern. * emacs filename --- is an editor that lets you create and edit a file. See the emacs page. * mv filename1 filename2 --- moves a file (i.e. gives it a different name, or moves it into a different directory (see below) * cp filename1 filename2 --- copies a file * rm filename --- removes a file. It is wise to use the option rm -i, which will ask you for confirmation before actually deleting anything. You can make this your default by making an alias in your .cshrc file. * diff filename1 filename2 --- compares files, and shows where they differ * wc filename --- tells you how many lines, words, and characters there are in a file * chmod options filename --- lets you change the read, write, and execute permissions on your files. The default is that only you can look at them and change them, but you may sometimes want to change these permissions. For example, chmod o+r filename will make the file readable for everyone, and chmod o-r filename will make it unreadable for others again. Note that for someone to be able to actually look at the file the directories it is in need to be at least executable. See help protection for more details. * File Compression o gzip filename --- compresses files, so that they take up much less space. Usually text files compress to about half their original size, but it depends very much on the size of the file and the nature of the contents. There are other tools for this purpose, too (e.g. compress), but gzip usually gives the highest compression rate. Gzip produces files with the ending '.gz' appended to the original filename. o gunzip filename --- uncompresses files compressed by gzip. o gzcat filename --- lets you look at a gzipped file without actually having to gunzip it (same as gunzip -c). You can even print it directly, using gzcat filename | lpr * printing o lpr filename --- print. Use the -P option to specify the printer name if you want to use a printer other than your default printer. For example, if you want to print double-sided, use 'lpr -Pvalkyr-d', or if you're at CSLI, you may want to use 'lpr -Pcord115-d'. See 'help printers' for more information about printers and their locations. o lpq --- check out the printer queue, e.g. to get the number needed for removal, or to see how many other files will be printed before yours will come out o lprm jobnumber --- remove something from the printer queue. You can find the job number by using lpq. Theoretically you also have to specify a printer name, but this isn't necessary as long as you use your default printer in the department. o genscript --- converts plain text files into postscript for printing, and gives you some options for formatting. Consider making an alias like alias ecop 'genscript -2 -r !* | lpr -h -Pvalkyr' to print two pages on one piece of paper. o dvips filename --- print .dvi files (i.e. files produced by LaTeX). You can use dviselect to print only selected pages. See the LaTeX page for more information about how to save paper when printing drafts. Directories Directories, like folders on a Macintosh, are used to group files together in a hierarchical structure. * mkdir dirname --- make a new directory * cd dirname --- change directory. You basically 'go' to another directory, and you will see the files in that directory when you do 'ls'. You always start out in your 'home directory', and you can get back there by typing 'cd' without arguments. 'cd ..' will get you one level up from your current position. You don't have to walk along step by step - you can make big leaps or avoid walking around by specifying pathnames. * pwd --- tells you where you currently are. Finding things * ff --- find files anywhere on the system. This can be extremely useful if you've forgotten in which directory you put a file, but do remember the name. In fact, if you use ff -p you don't even need the full name, just the beginning. This can also be useful for finding other things on the system, e.g. documentation. * grep string filename(s) --- looks for the string in the files. This can be useful a lot of purposes, e.g. finding the right file among many, figuring out which is the right version of something, and even doing serious corpus work. grep comes in several varieties (grep, egrep, and fgrep) and has a lot of very flexible options. Check out the man pages if this sounds good to you. About other people * w --- tells you who's logged in, and what they're doing. Especially useful: the 'idle' part. This allows you to see whether they're actually sitting there typing away at their keyboards right at the moment. * who --- tells you who's logged on, and where they're coming from. Useful if you're looking for someone who's actually physically in the same building as you, or in some other particular location. * finger username --- gives you lots of information about that user, e.g. when they last read their mail and whether they're logged in. Often people put other practical information, such as phone numbers and addresses, in a file called .plan. This information is also displayed by 'finger'. * last -1 username --- tells you when the user last logged on and off and from where. Without any options, last will give you a list of everyone's logins. * talk username --- lets you have a (typed) conversation with another user * write username --- lets you exchange one-line messages with another user * elm --- lets you send e-mail messages to people around the world (and, of course, read them). It's not the only mailer you can use, but the one we recommend. See the elm page, and find out about the departmental mailing lists (which you can also find in /user/linguistics/helpfile). About your (electronic) self * whoami --- returns your username. Sounds useless, but isn't. You may need to find out who it is who forgot to log out somewhere, and make sure *you* have logged out. * finger & .plan files of course you can finger yourself, too. That can be useful e.g. as a quick check whether you got new mail. Try to create a useful .plan file soon. Look at other people's .plan files for ideas. The file needs to be readable for everyone in order to be visible through 'finger'. Do 'chmod a+r .plan' if necessary. You should realize that this information is accessible from anywhere in the world, not just to other people on turing. * passwd --- lets you change your password, which you should do regularly (at least once a year). See the LRB guide and/or look at help password. * ps -u yourusername --- lists your processes. Contains lots of information about them, including the process ID, which you need if you have to kill a process. Normally, when you have been kicked out of a dialin session or have otherwise managed to get yourself disconnected abruptly, this list will contain the processes you need to kill. Those may include the shell (tcsh or whatever you're using), and anything you were running, for example emacs or elm. Be careful not to kill your current shell - the one with the number closer to the one of the ps command you're currently running. But if it happens, don't panic. Just try again Smile If you're using an X-display you may have to kill some X processes before you can start them again. These will show only when you use ps -efl, because they're root processes. * kill PID --- kills (ends) the processes with the ID you gave. This works only for your own processes, of course. Get the ID by using ps. If the process doesn't 'die' properly, use the option -9. But attempt without that option first, because it doesn't give the process a chance to finish possibly important business before dying. You may need to kill processes for example if your modem connection was interrupted and you didn't get logged out properly, which sometimes happens. * quota -v --- show what your disk quota is (i.e. how much space you have to store files), how much you're actually using, and in case you've exceeded your quota (which you'll be given an automatic warning about by the system) how much time you have left to sort them out (by deleting or gzipping some, or moving them to your own computer). * du filename --- shows the disk usage of the files and directories in filename (without argument the current directory is used). du -s gives only a total. * last yourusername --- lists your last logins. Can be a useful memory aid for when you were where, how long you've been working for, and keeping track of your phonebill if you're making a non-local phonecall for dialling in. Connecting to the outside world * nn --- allows you to read news. It will first let you read the news local to turing, and then the remote news. If you want to read only the local or remote news, you can use nnl or nnr, respectively. To learn more about nn type nn, then tty{:man}, then tty{=.*}, then tty{Z}, then hit the space bar to step through the manual. Or look at the man page. Or check out the hypertext nn FAQ - probably the easiest and most fun way to go. * rlogin hostname --- lets you connect to a remote host * telnet hostname --- also lets you connect to a remote host. Use rlogin whenever possible. * ftp hostname --- lets you download files from a remote host which is set up as an ftp-server. This is a common method for exchanging academic papers and drafts. If you need to make a paper of yours available in this way, you can (temporarily) put a copy in /user/ftp/pub/TMP. For more permanent solutions, ask Emma. The most important commands within ftp are get for getting files from the remote machine, and put for putting them there (mget and mput let you specify more than one file at once). Sounds straightforward, but be sure not to confuse the two, especially when your physical location doesn't correspond to the direction of the ftp connection you're making. ftp just overwrites files with the same filename. If you're transferring anything other than ASCII text, use binary mode. * lynx --- lets you browse the web from an ordinary terminal. Of course you can see only the text, not the pictures. You can type any URL as an argument to the G command. When you're doing this from any Stanford host you can leave out the .stanford.edu part of the URL when connecting to Stanford URLs. Type H at any time to learn more about lynx, and Q to exit. Miscellaneous tools * webster word --- looks up the word in an electronic version of Webster's dictionary and returns the definition(s) * date --- shows the current date and time. * cal --- shows a calendar of the current month. Use e.g., 'cal 10 1995' to get that for October 95, or 'cal 1995' to get the whole year.

The Current Underground

Wed, 05 May 2010 17:44:15 +0200

|=-----------------------------------------------------------------------=| |=-------------------=[ The Underground Myth ]=------------------=| |=-----------------------------------------------------------------------=| |=------------------------=[ By Anonymous ]=-----------------------=| |=-----------------------------------------------------------------------=| 1 - Hacker's Myth 2 - The Security Industry 3 - Black Hat, Two Faces 4 - Technology 5 - Criminals 6 - Forgotten Youth 7 - The Forward Link ----------------- Hacker's Myth ----------------- This is a statement on the fate of the modern underground. There will be none of the nostalgia, melodrama, black hat rhetoric or white hat over-analysis that normally accompanies such writing. Since the early sixties there has been just one continuous hacking scene. From phreaking to hacking, people came and went, explosions of activity, various geographical shifts of influence. But although the scene seemed to constantly redefine itself in the ebb and flow of technology, it always had a direct lineage to the past, with similar traditions, culture and spirit. In the past few years this connection has been completely severed. And so there's very little point in writing about what the underground used to be; leave that to the historians. Very little point writing about what should be done to make everything good again; leave that to the dreamers and idealists. Instead I'm going to lay down some cold hard facts about the way things are now, and more importantly, how they came to be this way. This is the story of how the underground died. --------------------- The Security Industry --------------------- Then in the U.S. music scene there was big changes made Due to circumstances beyond our control... such as payola The rock n roll scene died after two years of solid rock - The Animals, circa 1964 There is little doubt that the explosion of the security industry has directly coincided with the decline of the hacking scene. The hackers of the eighties and nineties became the security professionals of the new millennium, and the community suffered for it. The fact is that hackers, mostly on an individual basis, decided to use their passion as a source of income. Whether this is good, bad, or just pragmatic is completely irrelevant. Nearly all the hackers that could get jobs did. For the individuals that decision has been made (for better or worse), and in general there's nothing that will change this. This was a hacker exodus. What really mattered was not the loss of any individuals, but the cumulative effect this had on the underground. The more hackers that left the underground for a corporate life, the fewer that came in. And those who stayed became entrenched, increasingly disconnected. Collaboration in this new age of career hackers has all but ceased to exist. Individuals are now obsessed with credit. For their career, for their standing in the community, it must be absolutely clear who this research, this vulnerability, or even this opinion belongs to. There is no trust in this corporate community; an underground issue greatly amplified by corporate motivations. A single person can go months or even years without telling anyone exactly what he is working on, and whats more, will be genuinely worried about someone "publishing" their results before him. There is no respect for the information he holds, no belief that information should be free, no belief that research should be open. All that matters is credit; all that matters is fame and money, their career. This is purely the fault of the security industry, who has exploited and cultivated this culture, designed it for their needs. The truly sad thing is that the corporate security world hasn't realized that they are sitting on a gold mine, and as a result the mine is likely to collapse; and likely to take their industry down with it. The security industry uses information as its sole commodity, information about insecurity. Who has the information, and who doesn't is what makes this economy work. Whats more, the economy has been founded on the continued output of a finite group of hackers. For the most part, founded on those hackers that came out of the underground scene at their technical prime. But these hackers are not going to continue their production indefinitely. They will lose their technical edge, move on to other industries, perhaps climb the ladder up to management, and then retire. The question is, then what? Then it will be up to the new wave of young security professionals, whose motivation is as much financial as it is passion for the technology and the thrill of the hacking game. To imagine that these new wave office workers, university trained and disinterested, can match the creative output of a genuine hacker is laughable. The industry will stagnate under these conditions. The rapid technical advancement we have seen will end, no more breakthroughs: no more new security products or services. Just the same old techniques being rehashed again and again until the rock has been bled dry. I am trying to show you the symbiotic nature of the security industry and the hacking scene. Industry needs insecurity to survive, there is no doubt about this. A secure and stable Internet is not profitable for long. Hackers provided instability, change, chaos. So the industry became a parasite on the hacking scene, devouring the talent pool without giving anything back, not thinking of what will happen when there are no more hackers to consume. For this reason, the security industry, much like the hacker underground, is doomed, perhaps even destined for failure. But for now, all that matters is that we have a thriving industry and... A hacker underground proclaimed to be dead. -------------------- Black Hat, Two Faces -------------------- It would be easy to lay the blame squarely on the shoulders of the security industry. A lot of people have. Unfortunately, its not that simple. Perhaps the underground could have survived without the lure of a six figure job, but one thing should be made clear. The self-proclaimed black hat movement does nothing to help. Various black hat groups have claimed to be the voice of the underground, but the black hat scene was only ever a pale imitation of the actual underground. The underground wasn't at all interested in public self-aggrandizement, but this is all the black hats ever did. All that their various rants and escapades accomplished was to show how desperate they actually were for fame and recognition. But whats worse, while they often talk a big game, they very rarely have the pedigree to back it up. This is mostly because these self-proclaimed black hats are really just as self-serving as the white hats they pretend to detest. With few exceptions, those black hats that aren't already working in the security industry are those that don't have the skills to cut it. The entire anti-security theme was simply embarrassing. This was just the black hat movement admitting that they couldn't step up and represent in an increasingly technical world. Where once hacking skill commanded respect, now the black hats were promoting misinformation in order to make what few hacks they managed to pull off easier. They couldn't step up to a challenge, they couldn't outsmart the white hats they so detest. This ineptitude and misguided fervor of the black hat scene had a massive negative impact on the hacking underground. The true voice of the underground was lost behind the noise and drama, until the voice became a whisper. And then eventually fell silent. ---------- Technology ---------- The very nature of technology, a dynamic and intractable force, had a lot to say in the demise of the hacking world. In many cases, if a black hat had been active 5 or 10 years earlier they would have been technically competent and may well have contributed significantly. This is because with the utmost respect, and despite all the nostalgia, hackers of the past had it easy. In the early years, the problems hackers faced were largely related to the availability of information. Isolated groups of people had their tricks and techniques, and sharing this information was problematic. This is in direct contrast with the situation today, where there is an excess of information but a void of quality. As a result of many differing factors, the world is becoming aware of the threats posed by lax security. When there is money at risk, steps will be taken to protect those assets. We see now an increasing move towards technical security mechanisms being employed as part of a defense in depth strategy, and as a result, to be a hacker today requires immense technical ability in a broad range of disciplines. It takes years of individual study to reach this level. But unfortunately, fewer and fewer people are willing, or indeed capable of following this path, of pursuing that ever-unattainable goal of technical perfection. Instead, the current trend is to pursue the lowest common denominator, to do the least amount of work to gain the most fame, respect or money. There has also been an increasingly narrow range in what is published. In part this is because of the lack of accessibility of certain systems (through obscurity or price), but this is also increasingly dictated by fashion. In a desire to fit in with the community, to be accepted in to conferences, to be seen doing the right things in the right places with the right people, researchers are all too happy to slot in to this pattern of predictable and narrow progress. And even then, the standards of what makes acceptable research, or for what makes a vulnerability interesting, drops with every year. The gap between offensive research and defensive implementations continues to grow, to the point where public vulnerability research has become a parody of what it once was, a type of inside joke. There is no creativity, no sense of arcana anymore. --------- Criminals --------- From Operation Sundevil to cyber terrorism. The criminalization of computer hacking and, by association, computer hackers had a devastating impact on the underground. Hacking was criminalized in two ways, both of near equal importance: by legislation of computer crimes, and by the new trend of genuine criminals using hacking as a method for fraud. There should be a clear separation between these two things. The fact that the underground collectively became criminals under the law for what they had been doing for, in some cases, decades. And the fact that in public perception, even among professionals that should know better, there was very little distinction between a genuine hacker and those criminals using hacking purely as a method for profit. Indeed, little of what organized crime and terrorist/activist groups are doing could justifiably be labeled hacking. It is simply convenient to make this simplification, in media and in industry. The security industry knows the difference, but they have no economic interest in there being any clarity on this point. Any sort of hacking, anything they can sensationalize enough to scare their profit margin up suits them perfectly. For the underground, these issues largely affected individuals, not the broader structure of things. Each person had to make a personal decision on whether it was worth 1) being seen as a criminal under the law and 2) being seen as a criminal in public perception. Why should the hacker face this when such an easy, safe, respectable alternative is available in the security industry? Even the term black hat has been twisted into something more closely aligned to organized crime. For all their faults, black hats were not (in theory) motivated by this type of money. It comes down to an aging hacking population deciding, on an individual basis, to settle down with their families, their material possessions, their careers. No one can argue that there is anything wrong with this. It is just a fact that these hackers left the scene behind. Leaving a void too large to be filled. --------------- Forgotten Youth --------------- The forgotten aspect of this whole story is, without doubt, the importance of new talent entering the world of hacking. Historically, hacking has belonged to the young. With every passing year, the average age of hackers collectively increases. Some would claim this is a sign of a maturing discipline. For surely, what could youth possibly contribute in this technological landscape? They call them kids, dismiss them as irrelevant. Despite all of the issues facing the underground, if hackers had managed to get this one aspect right, if they had recognized the importance of those who would come after them, if they had given them something to aspire to be, if they had directly or indirectly taught them the accumulated wisdom that so often separates a hacker from the crowd; then perhaps there still would be a hacker underground. Nearly all of the situations surrounding the disestablishment of the underground were circumstantial, there was nobody to blame, and nothing that could be done. But one point for which this was not true was the underground's obligations to young hackers. An entire generation of talented hackers have lost the opportunity to become a part of something bigger than themselves by participating in a functioning hacking community, simply because hackers were too self-absorbed to notice. The decline of the underground scene happened relatively quickly, and also relatively quietly. The hacker who left the underground behind for his new life was unlikely to justify or explain his choices. In fact it was more likely he would deny being changed at all. It's likely he'd even continue to have contact with his fellow ex-hackers, in some imitation of the underground scene. This only helped to obscure what was actually happening. Today's youth, for the most part, have no true understanding of hackers or hacking. They have no knowledge of the history, no knowledge that a history even exists. Their hacker is the media's hacker, the cyber terrorist, the Russian mafia. This is unfortunate, but the real trouble begins for those few that somehow become interested enough to look a bit deeper. The average person requires some form of role model, something to aspire to, to imitate and to an extent, to idolize. At this time, the only visible efforts were the white hat researchers, the black hat horde or various other technically inept self-proclaimed 'experts'. There is so little inspiring research, and even less inspiring hacking, that anyone new to the world of hacking is almost invariably left with a skewed impression of things. Indeed, for a lot of the young people that managed to acquire the necessary technical base, hacking was seen as simply an interesting career path. There is no passion in these people, no motivation to extend and create. A competent professional, valued employee. But no longer a hacker. ---------------- The Forward Link ---------------- The hacker underground has been systematically dismantled, a victim of circumstance. There was no reason for this, no conspiracy, no winner. A conquered people, but with no conqueror, no enemy to fight. No chance of rebellion. Conquered by circumstance, if not fate. At first this would seem to be a bleak message. What is the point of even trying anymore? Why practice a dead art? But the truth is that the art is not dead, just the circle that brought the artists together. The hacker underground is broken, but the hackers are not. Casualties have been high; but there still exists a scattered, marginalized, and misrepresented people who are the hackers. Hackers, not black hat nor white, not professionals, not amateurs (surely none of this matters), are still out there in this world today, still with all the potential to be something great. The question is not then how to artificially group these people into a new underground movement. The question is not how to mourn the passing of the golden days, how to keep the memories alive. There are no questions of this sort, no problems that can be solved or corrected by individual action. All that remains is to relax, to do what you enjoy doing; to hack purely for the enjoyment of doing so. The rest will come naturally, a new scene, with its own traditions, culture and history. A new underground, organically formed over time, just like the first, out of the hacker's natural inclination to share and explore. It will take time, and there will be difficulties. Some will not be able to let go of the past, and some will fail for not remembering it. But in the end, after everything has been said and done, the equilibrium will be restored. A new world, at the frontier of cyberspace, belonging to the hackers by right.

Bypassing CPA-Lead Surveys

Tue, 27 Apr 2010 02:54:32 +0200

Hello, Today I am going to show you how to bypass almost, if not, EVERY CPA-Lead Survey screen. [b]Tools needed:[/b] [url=http://www.mozilla.com/en-US/firefox/personal.html]FireFox[/url] [url=https://addons.mozilla.org/en-US/firefox/addon/1843]Firebug[/url] [url=http://chrispederick.com/work/web-developer/]Web Developer Toolbar[/url] Half a brain... And any page with CPA-Lead Surveys on it... [b]First things first...[/b] Open the page and go to the Web-Developer tool bar and click "Disable" [img]http://i1044.photobucket.com/albums/b448/hexedh3art/dislike1.gif[/img] Then hover over "Disable Javascript" then click "All Javascript". [img]http://i1044.photobucket.com/albums/b448/hexedh3art/dislike2.gif[/img] Next, right click on the CPA-Lead Survey box... [img]http://i1044.photobucket.com/albums/b448/hexedh3art/inspect.gif[/img] And click "Inspect Element." You will then see something Similar to this: [img]http://i1044.photobucket.com/albums/b448/hexedh3art/inspect2.gif[/img] Scroll up until you see: [img]http://i1044.photobucket.com/albums/b448/hexedh3art/inspect3.gif[/img] And click on it, then press "DELETE" on your keyboard. [img]http://i1044.photobucket.com/albums/b448/hexedh3art/inspect4.gif[/img] It should go "poof" as seen above. Scroll up some more hovering your mouse over each object in the HTML code. When you see something that covers almost all of the page click it and press "Delete" on your keyboard. You should then be staring at what you wanted to see. If you want to be able to click (navigate the page) then look for another part, usually "

and you should then delete this too. [img]http://i1044.photobucket.com/albums/b448/hexedh3art/inspect5.gif[/img] There you have it. You should be looking at and you should be able to navigate the entire page. [b]Note:[/b] This can also be used on FaceBook. On pages that say "Join/Become a fan/Like, to view -------", right click just under the part saying that and click inspect element, expand the closest part of the code and you should see a part saying visibility: hidden. Just delete the word "hidden" or type some random gibberish in its place and you can then view the content on that page without joining the group. Hope I helped some of you. Say thanks if I did. Please don't leech without giving credits. Greets:: HexedH3art--- I'm sure I'm not the only person to find this but I found it on my own so if you don't like it then deal with it.

Full Path Disclosure Vulnerabilities

Wed, 21 Apr 2010 18:04:01 +0200

What is a Full Path Disclosure vulnerability?

Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/.

How Full Path Disclosure (FPD) vulnerabilities work

The FPD vulnerability is executed by injecting unexpected characters into certain parameters of a web-page. The script doesn't expect the injected character and returns an error message that includes information of the error, as well as the operating path of the targeted script.

why are Full Path Disclosure vulnerabilities useful?

While FPD vulnerabilities are consisderd low risk, they can be used in conjunction with other exploiting techniques and can often be the key to a successful hack.

One example of such a relationship would be the use of an LFI (Local File Include) vulnerability partnered with FPD. With LFI, the attacker may not be able to find the containing folder for a certain file they wish to view (for example: config.php) or maybe the standard includes folder has been renamed. If an attacker can cause an error that will spit out the location of the folder, it would make the hack much faster, smoother and easier then trying to guess the path.

Examples

Empty Array

If we have a site that uses a method of requesting a page like this:


http://site.com/index.php?page=about

We can use a method of opening and closing braces that causes the page to output an error. This method would look like this:


http://site.com/index.php?page[]=about

This renders the page defunct thus spitting out an error:


Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131

Null Session Cookie

Illegal Session Injection is made possible via changing the value of the session cookie to an invalid, or illegal character. There are many injectable characters that will result in the output of the operating path, but the most common, and most widely (un)supported is null characters; making the cookie value nothing. To inject a PHPSESSID cookie, use JavaScript injection and add the following line into your URL bar:


javascript:void(document.cookie="PHPSESSID=");

By simply setting the PHPSESSID cookie to nothing (null) we get an error.


Warning: session_start() [function.session-start]: The session id contains illegal characters, 
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2

FPD Prevention

Preventing an FPD injection without having an error handling / management system is as simple as disabling the display of error messages. This can be done in PHP's php.ini file, Apache's httpd.conf file, or via the PHP script itself: php.ini:


display_errors = 'off'

httpd.conf/apache2.conf:


php_flag  display_errors  off

PHP script:


ini_set('display_errors', false);