Law9

The Knowledge-Base!

Artikel getaggt mit Google

How easy it is to hack a Gmail , yahoo and a Hotmail password !

Nov 8

Gepostet von admin in Misc | 7 Kommentare

googlenotebookIn a follow up to my previous tutorial on how you can hack your Girlfriends or your friends yahoo password I am writing a follow up on how easy it is to hack your yahoo password with either a just little effort.

I will divide the whole group of net surfers in three basic parts.

  1. Absolute beginners.
  2. Regulars
  3. Experts

lets talk about the Beginners first.

This category of people usually do not have a lot knowledge of internet passwords and how they work. For instance this category will most likely use the save my password button on a public computer.

Lets crack their password first.

  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”

Statistically speaking that should probably cover about all you beginners. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)

One of the simplest ways to gain access to your information is through the use of aBrute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

Now moving on to the second category

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forumyou frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache.

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters		 0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia		 0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?

Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.

Here are some password tips:

  1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0?, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend usingRoboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
  7. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

Another thing to keep in mind is that some of the passwords you think matter leastactually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!

Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.

I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.

There are a lot of other techniques like Sql injection , Rat , ActiveX and a lot others.hacking the third category password will not only be tedious but very dangerous.Lets say that it is quite possible still.Depending on the type of person it would not take more than a day to break his password in most cases.I will write an advance tutorial expaining how this can be achieved.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Google Improves Scanned Document Indexing With Optical Character Recognition (OCR) Technology

Nov 1

Gepostet von admin in Google | Comments off

Scanned documents are really very useful which may contain text and images. Until now Google rarely included scanned documents in it’s search results. Recently Google has announced that it will now include scanned documents in the search results. Google had used the Optical Character Recognition (OCR) technology to scan the documents so that words in the documents can be searched and Indexed.

So you can find more valuable data from Google. Earlier Google used to Index these as Image Files. So only the title and meta data is used for a search. But now as the scanned document is converted to PDF format it can search and index the entire data. So if there are any scanned documents you can view them in either PDF format or as a HTML file.

To see the new system at work, click on these search queries.

[ repairing aluminum wiring ]
[ spin lock performance ]
[ Mumps and Severe Neutropenia ]
[ Steady success in a volatile world ]

Tags: , , , , ,

Google Announces limited API support for OpenID 2.0

Nov 1

Gepostet von admin in Google | Comments off

Yesterday Google announced it’s support for OpenID 2.0 protocol. So now with your existing Google account you can login and use other sites. I think this move was made after Microsoft announcing that they will give an OpenID for all its Windows Live users. This new log-in offering is not available to all site owners. But you can apply for it using the sign-up form. Zoho, Plaxo and Buxfer are the launch partners for this new API.


Google’s OpenID implementation doesn’t directly give your OpenID identifier to other sites, instead it acts as a middleman, authorizing you through it before it hands it over. Now a wide range of largest web service providers like Google, Yahoo, Microsoft, MySpace etc are using OpenID.

Google had announced that it is planning to combine the OAuth and OpenID protocol so that a service can not only request a user’s identity through OpenID, but also “request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs.”

Tags:

10 Google Chrome Tricks that you did not notice !

Okt 24

Gepostet von admin in Google | Comments off

  1. You can easily resize the text area by dragging it on the lower right corner. So if you need to write a BIG comment in a Blog you can easily extend the text area.
  2. You can reopen the recently closed tab by pressing “Ctrl+Shift+T”. Alternatively you can check the “Recently closed tabs” section when you are opening a new tab.
  3. You can easily search for keywords by pressing either Ctrl+K or Ctrl+E. You can also do this even simpler by typing “?keyword”.
  4. You can also use other search engine if you are not interested in Google. You can do this by right clicking on the Omnibar(Address bar) and choose “Edit search engine“. But I personally prefer Google.
  5. There are many about pages in Google Chrome. You can type about:memory in the address bar and you will get a report showing browsers running in your machine. It will also display the Details of memory usage by different Google Chrome’s processes. There are many other about pages like about:stats, about:version, about:network, about:dns, about:crash, about:histograms, about:cache, about:plugins, about:hang etc.
  6. You can easily drag a window anywhere you like. You can create a new window from your browser tab and you can also add it back to the original window.
  7. If you are looking to browse in private mode then you can try the “Incognito Mode”. You can enter the Incognito Mode by keying Ctrl+Shift+N. You can also right click a link and say “Open link in incognito window.”
  8. You can directly drag and drop a downloaded file directly from Google Chrome on to the desktop or a particular folder.
  9. You can Monitor the resources used by a web page just by right click inside the page and selecting “Inspect element”. You can also switch to “Resources” tab to view the objects load time.
  10. There is an easter Egg in Google Chrome. If you type about:internets it will show a series of tubes taken from the tubes screensaver. It works with Windows XP.

Tags: , ,

Android Phone Virtual keyboard will be here by 2009 !

Okt 24

Gepostet von admin in Google | 1 Kommentar

T-mobile G1 has really got excellent features. But there was no virtual keyboard. To force the users to use the QWERTY keyboard they haven’t had a virtual keyboard. As many users are complaining about it, the latest version of Android coming in Q1 09 will have a Virtual Keyboard. It is really annoying to type on the QWERT keypad and you will definitely love to use the virtual keyboard.

However the silk soft touchpad isn’t that bad as well.Given the fact that the operating system is very smooth and the experience is enriching the keyboard now adds on to our wishlist.

The Android roadmap for Q1 of 2009 has got some good things for us to make our lives easy. They are working on Input method framework and Input method engines.

Input method framework (IMF)

IMF will enable us to use other input methods like soft keyboards. I would be easier to use a virtual keyboard rather than using a physical keyboard. IMF will also help application developers to provide IME applications.

Input method engines (IME)

IME will support soft keyboards, a dictionary of suggestions, and a suggestion algorithm. This will help us to type the messages very quickly and easily.

Tags: , , , , ,