Archive for Abuse

Evil little animation and too much coffee….

// August 17th, 2008 // 1 Comment » // Abuse, Funny, Graphic Design, Graphics, Update, WTF


I love this evil little animation….I actually watched it for far too long..gave me evil little thoughts

Sorry I have no clue who made it..if you know just let me know..but don’t be a bitch about it or I’ll have to slap the shit out of you.

So anyway..too much coffee…you know Jack and the box has some strong ass iced coffee nowadays…YUM!!

McDonald’s Iced Hazelnut coffee is super Yummy but Jack in the Box’s coffee is stronger by far. :)

Makes me a little shakkyyiieee




Protect yourself from a DNS rebinding attack

// May 7th, 2008 // No Comments » // Abuse, Admin Tools, Cool Links, DNS, Errors, For Geeks, Geeks, I recommend, News, Tutorial, Useful, WTF, Windows, webmaster


OpenDNS released a free tool called fixmylinksys.com that lets Linksys users easily change their default password to protect themselves from the [DNS rebinding] hack which Kaminsky explains after the cut….

(more…)




Hacker Super Bowl – PWN 2 OWN – Mac goes down in two minutes

// April 10th, 2008 // 1 Comment » // Abuse, Apple, For Geeks, Geeks, Microsoft, News, Videos, WTF, Windows


Most Mac users today live in a fantasy land. Mac’s can’t get Hacked? DOH! Read on my Mac friends…you’ve been pwned!

It’s the most anticipated matchup in the hacker world: Linux versus Mac OS X versus Vista. Who will get hacked first?
That’s what organizers of the CanSecWest security conference hope to discover this week as they give show attendees a shot at hacking into the three laptops they’ve put on display here in Vancouver.
The catch? They have to use a brand-new “zero day” attack that nobody has seen before. The prize is $20,000, plus you get to keep the laptop.
Show organizers are calling the contest PWN 2 OWN. It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers — and a $10,000 cash prize — Thursday after breaking into a MacBook Air at the CanSecWest security conference’s PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed “0day” attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges on Friday.

Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

Vista Falls on the Last Day

The Vista laptop fell on the last day of the conference.

Since it was the third day of the contest, which saw a MacBook Air get hacked on Thursday, the TippingPoint Zero Day Initiative relaxed the rules even further. On the first day of the contest, only the operating system could be targeted, but on the second day that was expanded to include standard applications. An undisclosed Safari flaw led to the MacBook Air’s downfall.
But on Friday, hackers could target any “popular” piece of application software that you might find on a system. The Fujitsu laptop, running Vista Ultimate, was compromised by a previously undiscovered flaw in Adobe’s Flash software.

More….

Read: Adobe already knew of Flash flaw that allowed Vista attack By Emil Protalinski | Published: April 05, 2008




RogueRemover FREE – Anti-Spyware Tools

// March 21st, 2008 // 3 Comments » // Abuse, Anti-Spyware Tools, For Geeks, Freeware, Useful


Author: Malwarebytes.org
Size: 674 KB
License: Freeware – Anti-Spyware Tools
Requires: NT/200x/XP/Vista

The Internet today is full of scam sites, otherwise known as phishing sites that try to sell you products. These products can be potenially harmful to your computer. They install malware, provide false feedback about your computer, and can slow down the computer drastically. These products are known as rogue applications and come in a variety of forms – from anti-malware applications to registry cleaners and even hard drive utilities.

We at Malwarebytes realize this is becoming a more prevalent issue, and have created a free application to help keep you safe and secure.

RogueRemover FREE is an application that can remove rogue antispyware, antivirus, and hard drive cleaning applications with ease. Rogue applications provide false information about the safety of your computer as well as, give erroneous scan results or put their own malware on your computer.

RogueRemover FREE has the ability to completely remove WinAntiSpyware/WinAntiVirus, SpyAxe, VirusBlast, VirusBursters, as well as a number of other rogue applications.

RogueRemover Pro is also available. It has the acclaimed realtime RogueMonitor which will alert you if you want to download a rogue program.

Download at malwarebytes.org




Catch-All Email Addresses and Email Spoofing

// March 7th, 2008 // No Comments » // Abuse, DNS, Domain Names, Email, For Geeks, Hosting, Useful, Web Hosting, web tools


Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:

  • email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this
  • email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

Using a Catch-All Email Address and Spoofing
One thing I recommend is that you do not use a catch-all email address for your domain name. Creating a catch-all email address, means anything@yourdomain.com will be forwarded to you; it doesn’t have to be an actual email address it just has to be sent to @yourdomain.com and any email that cannot find a valid recipient and would therefore bounce under normal circumstance gets successfully delivered without returning an error message to the original sender which sounds great but it also gives spammers a wide open door to attack you and use your domain name to send spam.
If you want to use a catch all email address then you should add a SPF record to your DNS that identifies the mail servers that are allowed to send email representing your domain name. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the e-mail that didn’t come from a permitted mail server.
SPF (Sender Policy Framework) record will certainly help the spoofing situation (you can read more about how this works here but keep in mind this is not completely foolproof yet because it also requires the receiving organization supports SPF or SenderID and unfortunately SPF is still not supported by everyone.

If you don’t directly manage your DNS record (most don’t) or you don’t know what any of this means, the quickest way to a solution is to call the tech support department of your Internet Service Provider or email hosting provider. Tell them about the problem you’re having, that you think it might have something to do with SPF, and let them help you.

Forms of Cybersquatting

Cybersquatting – registering a domain name using a trademarked name or company name that is not yours with the goal to make money off the company name, personal name or trademark. Sad thing is not all companies or people have a trademark so a cybersquatter can easily register a domain name using their name and then force them to buy it from them in order to use it. There are laws to protect people from cybersquatter but it is a very expensive to fight. (see more info on Domain Name Dispute Resolution Policy )

Typosquatting - registering a domain name that is a close to the spelling of or a common misspelling of a trademarked brand name or a well known name. For example: Gooogle.com

Domain tasting is when someone registers domain name(s) and then keeps only the ones that have economic value. If they find that the domain name does not make them money then they have the domain name refunded using the five day “grace period”. Domain tasting should not be confused with domain kiting.

Domain kiting is the process of deleting a domain name during the five-day grace period and then immediately re-registering it for another five-day period. This process is repeated any number of times with the end result of having the domain registered without ever actually paying for it.

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as user names, passwords and credit card details, by masquerading as a trustworthy website. eBay, PayPal and online banks are common targets. You’ll usually find phishing links sent out in an email or an instant message that will direct users to enter details at a website that “looks” like eBay for example. Always type the domain name you want to visit directly into your address bar. Never click on a link to a site where you plan on entering your personal information unless your 100% sure it’s legit and you can never be 100% sure so just type it in. It’s easy to hide where the link your clicking on is actually going and it’s also very easy to design websites that look and act exactly like your banks site or ebays site. Be safe!