Welcome to Tricks4indya.

Tricks4indya is a blog/website where you get latest computer tips and tricks, hacking tricks, Windows tips and tricks and most important learn about Ethical Hacking.

Why you visit Tricks4indya daily?

Because Tricks4indya is not one taste blog and daily update(daily share two or three article sure). If you visit daily then you get different taste of article to read means those friends who don’t like to read HACKING article but like windows tips, awareness(to protect from hackers) article, information about newly technology…ect.

Tuesday, 24 May 2011

Hacking Facebook – Orkut – Gmail – Yahoo account | The Reality

Hii Friends, today I am going to share most important article for the beginners who have just started exploring hacking and for people who aren't interested in learning hacking but needs somebody's account password anyhow. I want you to aware about common misconceptions in regarding Email/Social Networking Sites about online accounts hacking.

Otherwise those thoughts/misconceptions/articles/Blogs can seriously put you in trouble. We usually start like googling this, "how to hack gmail", "softwares for hacking orkut", "how to hack facebook"… etc  but unfortunately reach some malicious websites, follow stupid instructions and our own accounts get hacked.

When I was a beginner, my rediffmail account gets hacked because of lack of awareness or knowledge.

Okay talking in general, suppose you just have signed up for an account (gmail, yahoo or any other reputed website). Your password is stored only at two places: -
·        In website's database
·        In your mind
(Don’t say a stupid thing that it is also saved in a text file on your PC or in your girlfriend's mind etc)

Stealing your credentials (Id/password) from website's database is almost impossible. Company like Microsoft, Google, Yahoo, Facebook…ect are paying millions of dollars for securing their systems. Hard Core hackers might get success.

Now talking about your mind, it might be really very simple to do this with the help of
Social Engineering.

Shocked?

At this point, I must say that hacking an email account depends strongly on carelessness/foolishness of victim.


FAQs or misconceptions regarding the following points:-


·        Does any free/paid software/program/cracker exist to hack such accounts?

No ...You might get numberless free or premium software’s which claim to crack email accounts. The software’s just ask you to enter victim's email and start cracking/generating password.

I have already told you about two places where one's password is. From where the hell, these softwares would bring passwords for you? This kind of stuff is undoubtedly scam/rubbish.


·        Is there any free/premium online service to hack such accounts?

No... You might have logged on to many websites that claim to crack any email account for some amount of money. They are completely fraud and be aware of them. Don’t lose your money there!!



·        Another type of fraud: -

You might have come across many tutorials/videos that instruct you to compose an email to something@something.com. You are asked to write victim's email ID, your email ID, your password and are assured that you would get requested password within 24 hours.

Needless to say, it is an idea of befooling innocent people. Of course, your own account gets hacked.


Believe me, you can’t imagine the number of people who become victim of such rubbish things. They lose their money, time, accounts but get nothing in return. So take care.

The above all points are examples of one type of Hacking known as “Social Engineering - Art of Manipulation


How to hack these accounts?

Every method directly/indirectly involves victim's carelessness/lack of knowledge.


·        Non-Technical : -

While signing up for an account, we are asked to set a security question like our nickname, birthday place etc so that we could recover our account in case we forget our password. Many innocent people sets the correct answer which they are not supposed to do. Gather some information about victim and try to guess the answer of security question is very simple.
 
·        Technical-


1.   Phishing - The most common way of hacking them is phishing. The common type of phishing is Fake Login Page. The victim is anyhow anyway made to enter his credentials in fake login page which looks like genuine login page and gets hacked. Read More here.


2.   Malicious files - The victim is given a malicious file. It could be binded with or hidden behind a genuine file. It is usually a keylogger or trojan. A keylogger secretly records everything you type and sends to attacker. Obviously records your passwords too. Read more here.


3.   Stealing Sessions - Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option. An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim clicks 'Sign out', session gets destroyed and attacker too also gets signed out. Read more here.


Note-You might be thinking that one could sniff the credentials sitting in same network. But I should remind you that, they would be encrypted ones and cracking the SSL encryption is almost impossible.


Conclusion: -

Sign up for an account at gmail/yahoo/facebook/orkut/hotmail. Now forget its password and recovery options. Never login into it. Can anyhow the password be cracked/hacked.?? Answer is big NO.

So, this is one more awareness article share by TRICKS4INDYA & some of the previous awareness articles are: -

 
Main aim of TRICKS4INDYA to post awareness article is to make aware you from cybercriminals / Hackers. If you know above tricks written in these articles then I think you are update & very less chance to become victim of cybercriminals / Hacker. As I told you one of the best methods to protect yourself is “Awareness”.

Kindly Share this knowledge with as many people as you can and aware them about the misconceptions.Feel free to mention your queries/doubts in comments. Keep Learning. 

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.


If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook page to keep informed about the latest security.

By: TwitterButtons.com

Wednesday, 18 May 2011

Microsoft: One in 14 downloads is Malicious


The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.


In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.

Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.


So, Don’t download windows software from untreated website.  

Kindly Share this knowledge with as many people as you can and aware them about these malicious software. Feel free to mention your queries/doubts in comments. Keep Learning.


If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.

Tuesday, 17 May 2011

Enable Facebook Login Approvals : Login With a Code Sent to Your Phone

Facebook is one of the most popular websites in the world. That makes it one of the most insecure places in the world! Loads of spam rains, hacked accounts, hacked pages, phishing links, malware links, and many more threats. Facebook doesn’t care much about most of these issues. But, they do care about hacked accounts! That’s why they have added Login Approvals! Now no one can login to your Facebook account without your mobile phone!


Normally, if someone figure out your user name and password or if some one manage to crack those login details, they can easily login into your account! But, if you enable login approvals, the hacker have to get his hands on your mobile phone to crack your account. Whenever you try to login to your Facebook account from an unrecognized machine, it will send a text message to your phone with a security code. You have to enter this code in order to log in. Once you login, it will remember your machine by sending a cookie. So, it won’t ask for approvals from that machine again! (Until you clear your cookies!). More security for your account! But, you also have to make sure you don’t lose your phone! If you lose it, you can login from a previously authorized machine and change the number or turn off the feature. If you have cleared the cookies from that authorized machine, then you are doomed!

 

Now, lets see how to set up Login Approvals: -

 

·        First, login to your profile, click on “Account” menu located on the top right corner and go to “Account Settings”.

·        Now, in the account settings menu, click on the link called “change” near the “Account Security” section.

·        Now you should see the tick box to activate “Login Approvals” as shown below: -


·        After you click on it, you’ll see a message as shown below: -


·        Click “Next” and the’ll send a test message to your phone (Note: -You have to add your phone number to your account to make this work. If you are concerned about your privacy, change the privacy settings (Under the Account menu) to hide your number)

·        Now, enter the code you received on the next screen: -


·        After you complete the above steps, you are good to go!

·        Next time when you login, Facebook will send you a message and ask you to enter the code in that message as shown below: -


I think it’s better if everyone can enable this feature. It will make you feel more secure. But, don’t lose your phone! So, what do you think? Will this stop all the hacker? I don’t think so!

Kindly Share this knowledge with as many people as you can and aware them to Enable Facebook Login Approvals. Feel free to mention your queries/doubts in comments. Keep Learning.


If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.

By: TwitterButtons.com

Monday, 16 May 2011

From Where Spammers/Hackers Get You E-mail Ids

I know many of you always receive a special kind e-mail with advertisements known as spam & for social engineering hacking emails. You might be asking yourself from where a spammer/hacker might have got your e-mail ID. So here's the answer, following are some of the methods via which spammers gets your email ids.



·        Social Networking Sites:-

If you are a social network animal then you might know that sometimes we just add anyone as our friend without even knowing who the person is. Reason, most of us just want to show off that we have a big friend list. But there are some people who are actually preparing this friend list to get your e-mail ids. People hardly care about privacy settings and leave their telephone numbers and e-mail ids open for spammers/hackers to have a look on. Now how they extract your email ids, all major e-mail clients like gmail and yahoo provide their users with API(Application Programming Interface) to pull e-mail ids of friend list available on social networking sites. Once all emails are pulled spammer download this email list as excel sheet and your e-mail ids are now ready to get spammed.


·        Online Applications:-

If you have ever used facebook then you might be knowing whenever you access any facebook application it asks for access to all your private data, once you allow application access you give your e-mail to them, now they can use it for any purpose.


·        Online Games And Contests:-

Many people have habit of playing games online and contests that appears free with prize. The fact is that many people might be playing those games and only one gets prize via lucky draw. How much legitimate that appears. These contests are nothing but sure shot funds of companies to grab personal details of people visiting their sites. How this pays them, this list helps them prepare job lists for eligible and needy persons thus they don't pay a penny for job recruitment and also gets an employee ready to work on minimum payments. Next they can use this list to spam you with advertisement of their own products or they may even plan to sell their e-mail list to spammers for hefty amount.


·        Job/Technology/Career/Game Fairs:-

You might have seen many people standing with some kind of forms in these kinds of fairs to invite people with job opportunity, free stuff delivery or contest, which actually never is the case. Such fairs are good targets since by spending just few bucks a contact list with several thousand e-mail IDS and phone numbers is built that too without anyone suspecting.


·        Online Forums:-

Hey don't worry I don't mean they sell e-mail ids or their database are hackable. While on forums many people unknowingly don't set privacy settings, also they post their e-mail ids as it is as comment or reply. These e-mail ids can be extracted using software used for extracting e-mail ids.


·        Web Mail Extractors: -

Web Mail Extractors are software that search websites for patterns like this “@domain.com/@domain.net, @domain.org etc”. Once found they extract complete email ids and save them in their database. One such tool is “Web e-mail Miner”. For today I would advise you to download it and try to find out how it works. Don't worry about how to use it, you just have to enter name of site and press enter and it'll pull email for you. Try a name of famous online forum, guaranteed to get a list with more than thousand e-mails.


·        Improperly Configured or Unprotected Servers:-

Usually company uses two kinds of domains/servers one valid of all and one valid only for their employees and customers. Sometimes these two are interconnected with each other for employees to make changes to website that is public. The internal server for employees usually contains lot of information about their employees and job recruitment in excel sheets or PDF files which can be opened using browser. If they are not configured properly “Web Mail Extractors” can easily crawl in revealing thousands of quality e-mail ids.



Knowingly or unknowingly we might have made many of above mistakes which have lead our e-mail ids open to spammers or hackers. If you want to save yourself to begin hacked than please keep above points in your mind. Feel free to comment about what you think about above information.



Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.

If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.

By: TwitterButtons.com

Thursday, 5 May 2011

Bin Laden Video Is a Virus, FBI Warns

The U.S. Federal Bureau of Investigation warned computer users Tuesday that messages claiming to include photos and videos of Osama bin Laden's death actually contain a virus that could steal personal information.
The warning comes as security companies said that they've spotted the first samples of malicious software disguised as photos of the dead Al Qaeda leader.
Security vendor F-Secure said Tuesday that criminals are e-mailing a password-stealing Trojan horse program called Banload to victims, and Symantec said it's seen criminals spamming victims with links to fake "Osama dead" news articles that launch Web-based attacks on visitors.

U.S. authorities do have photos of bin Laden, who was shot in the head during an early morning raid Monday in Pakistan. But these photos have not been released publicly.
Scammers have also used a technique called search engine poisoning to try to trick search engines into listing hacked Web pages that are loaded with malware in their search results. "It's unlikely you'll find pictures or videos of Bin Laden's death online -- but searching for one will certainly take you to sites with malware," wrote F-Secure chief research officer Mikko Hyponnen in a blog post.
The FBI warned Internet users to watch out for fake messages on social network sites and to never download software in order to view a video. "Read e-mails you receive carefully. Fraudulent messages often feature misspellings, poor grammar, and non-standard English," the FBI warning stated.
As a major international news event, bin Laden's death has shown the amazing way information can spread online. Many learned of the terrorist leader's death through Twitter, where the story first broke, or Facebook. But it also underscores how the unfiltered media can quickly spread bad information worldwide.
In the three days since the early morning raid, the bin Laden story has generated fake photographsfake quotes, and plenty of scams.
Security experts said that shady marketers and so-called rogue antivirus vendors have also jumped on the bin Laden bandwagon. The rogue antivirus software bombards victims with pop-up messages telling them they have a computer problem. Its aim: to nag them into paying for bogus software.
Shady marketers are spreading messages on Facebook that try to lure victims into spreading the message to friends and visiting marketing Web sites, by claiming they have a censored video.
If you want to keep up-to-date on the latest scams, and are a member of Facebook, don't forget to join the Tricks4indya Facebook page to keep informed about the latest security news.

Kindly Share this knowledge with as many people as you can and aware them from about Bin Laden Video Is a Virus. Feel free to mention your queries/doubts in comments. Keep Learning.


If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

By: TwitterButtons.com

Osama Shoot down video scam spreads on Facebook


Facebook users are being tempted to click on links to what purports to be a video of Osama bin Laden being shot, in the latest in a series of scams exploiting the hot news story of the Al Qaeda leader's death.

The messages appear as follows: -


Watch the Osama Shoot down video

Osama Dead - Censored Video Leaked on.fb.me
Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch. Leaked by Wikileaks.

Clicking on the link, however, will not instantly show you some sensational footage of US Navy Seals attacking Osama bin Laden's compound in Pakistan.

Instead, you're told you will have to take an online survey.


That should be enough to set your alarm bells ringing - as survey scams are a continuing problem on Facebook, earning scammers commission with every survey they manage to trick users into completing.

What's most interesting about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser's address bar.

Not that you'll realize that you're doing that, of course. As far as you know all you're doing is following a sequence of instructions and keyboard presses before you watch the video.


But any time you paste a script into your browser's address bar, you're effectively running code written by the scammers without the safety net of protection.


Before you know it, you'll be sharing the news of the "Osama Shoot down video" with all of your Facebook friends, and the scam will be spreading virally.

My guess is that you don't want to make it so easy for the scammers to run their scripts on your browser - so don't fall for scams like this.

Be very careful not to be fooled by scams related to Osama bin Laden's death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don't forget to join the Tricks4indya Facebook page to keep informed about the latest security news.

Kindly Share this knowledge with as many people as you can and aware them from such Osama bin Laden death video scam. Feel free to mention your queries/doubts in comments. Keep Learning.


If u like then ple follow my blog & also help to promote. Don’t forget to leave comment.

Related Posts Plugin for WordPress, Blogger...
Twitter Delicious Facebook Digg Stumbleupon Favorites More