XerXeS DoS - Wikileaks Hacking Tool

DoS Attack Video Part 2
The Hacking tool used to DoS Wikileaks
This is demonstration of a XerXes DoS Attack in action against atahadi.com
Whats new from the first demo video is that more is revealed about the attack technique.
See for yourself :

Activate FullScreen for a better experience 
Click on this link to view the first video
This second video of XerXeS shows more of the XerXeS dashboard, and reveals even more about the attack technique – It's an Enhanced version of XerXes able to dos secured Apache servers !
Take a look at 02.25 when he sets up the target server:

XerXes can now affect multiple server flavors – some still more are under development. 
This time he dropped a Secured server which is supposed have the Apache setup that is impervious to a XerXeS hit.  
Denial of Service (DoS) Attacks
The basic premise to this attack is that by sending (but never fully completing) numerous requests to Apache, one could get the Apache process to consume all system resources and stop serving up the actual web content.  
The Apache vulnerability is only the beginning, Xerxes will be able to hit IIS in the future. 
DoS or DDoS ? 
The attack is performed on a single low-spec computer, and while The Jester sends relatively few packets from his own machine, the attack results in brief outages of the target site. 
So he is not using any intermediaries or botnets, sorry for having wrote DDoS in my first post xD
You can view part 1 here: XerXes in action
You surely can follow Jester here:

Hackers attack Mastercard


If you tried going to MasterCard’s web site this morning you might have found yourself waiting a long time. Hackvists Hackers supporting WikiLeaks founder Julian Assange claim to have taken down the website of MasterCard, which shutdown its payment service to the controversial website on Monday. 

The hacktivist group dubbed Anon_Operation said in one tweet that "www.mastercard.com/ is down" and designated mastercard.com as their "current target" in what was taking the proportions of cyber war.

WikiLeaks has benefited from a massive groundswell of online support. Twitter is choked with messages of solidarity. The site's Facebook page has 1 million fans. And tech-savvy supporters are organizing boycotts and other stunts.  

 Operation:Payback occurs after the credit-card company withdrew its funding services for WikiLeaks. The whistleblower Web site’s founder Julian Assange was arrested yesterday and denied bail. He remains in the custody of British police.

View our previous post to see Xerxes, the tool used to ddos Wikileak, in action. A tool able to make a distributed denial of service attack, created by the jester...

Wikileak Xerxes Dos Attack

Want to have a look at the tools which Jester (the one who did a Ddos distributed denial of service) attack against Wikileaks ? Here you go :

Xerxes in Action
The tool used to Ddos Wikileak

Activate FullScreen for a better experience xD
View the preceding post to get the full story xD

Wikileaks hacked - Mass Distributed Denial of Service (ddos) attacks

Wikileaks under mass distributed denial of service attacks

Wikileaks, the famous whistle blower website has attracted high attention after publishing confidential information otherwise not available to the public.in April 2010, WikiLeaks posted video from a 2007 incident in which Iraqi civilians and journalists were killed by U.S. forces, on a website called Collateral Murder. In July of the same year, WikiLeaks released Afghan War Diary, documents about the War in Afghanistan not previously available for public review.
Just recently, Wikileaks says it is the target of a computer-hacking operation, ahead of a release of secret US documents.

DDOS (Distributed Denial of Service)
Distributed denial-of-service attack (DDoS attack)
In short: Distributed Denial of Service, or DDoS. A group of computer users or an organization distributed across multiple systems floods the host's servers with spurious requests for access, 
Is showed in the below graph,  traffic to one of Wikileak’s primary hosting provider> At approximately 10:05am EST, traffic abruptly jumps by 2-4 Gbps as the attack begins.

The attack was "exceeding 10 Gigabits a second" 
Another way to think of it is that someone, somewhere is demanding that the WikiLeaks cablegate site deliver the equivalent of 114 movies per second
That's a massive attack, but it's not as big as some it has survived in the past. So why did it have so much trouble today?

Amazon dropped it
On 2 December 2010 Amazon.com severed its ties with WikiLeaks, to which it was providing infrastructure services, after an intervention of an aide of US Senator Joe Lieberman. Amazon denied acting under political pressure citing a violation of its terms of service. Fuck !
DNS too (Dynamic Network Services Inc.)
On 2 December 2010 American owned EveryDNS dropped WikiLeaks from its entries, citing DDoS attacks that "threatened the stability of its infrastructure".The site's 'info' DNS lookup remained operational at alternative addresses for direct access respectively to the Wikileaks and Cablegate websites

The Hacker who took it down (The Jester) 
So who is this hacker?
The hacker, who calls himself The Jester and goes by the name th3j35t3r on Twitter, said he was motivated to take down WikiLeaks for patriotic reasons. He also said his other targets include Web sites used by Al Qaeda and other terrorists groups for recruiting purposes. 
What he used? - XerXeS
He apparently developed a multi-thread, thin-client denial of service attack application that effectively allows him to launch a distributed denial of service (DDOS) attack on a website from a single linux server.
The everal interviews with The Jester, along with two videos he made for Infosec Island that demonstrate the XerXeS Dos attack in action.

Hacking Website : Training for hackers to hack websites

Hi there, all of you who come here to know how to hack a website have come to the right place. Hack-website.blogspot.com is the place to visit if you wants loads of information on website hacking. Further post wil be added about this but first lets start with a little bit of training. To get the basics of website hacking, you must understand how all these things work: webservers, web pages, vulnerabilities and sql injection. I will cover these parts later but for beginners i would recommend to sign up at hackthissite.org. This is the best place to start learning what is essential to hacking websites.

Certified Ethical Hacker Training Videos

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
So here you go with 13.52GB of Certified etical hacker training.

Certified Ethical Hacking Training - CEH Overview

Hacking involves creativity and thinking 'outside-of-the-box', that is why vulnerability testing and security audits will not ensure the security proofing of an organization. To ensure that organisations have adequately protected their information assets, they must adopt the approach of 'defence in depth'. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure.

The goal of the Ethical Hacking & Countermeasures Course is to teach a delegate to help his organization to take pre-emptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. Delegates should be prepared for action paced course and the sheer size of the course content, however do not be intimidated as we will release e-learning prior to the delegate attending the course and also the instructor will prepare them thoroughly for the Certification Examination, the maunuals can then be taken home and to work and can be used as excellent reference volumes.

EC-Council Certified Ethical Hacker Certification: EC-Council has successfully certified more than a thousand information security professionals. CEH examination is becoming more demanding and more effective in measuring the true skills of a Penetration tester. Students are now required to be able to interpret identify exploits, log files, identify attack signatures, recommend countermeasures, have a firm grasp of the main tools and know standard procedures involved in penetration testing. The student is tested on 150 questions picked randomly from a pool of questions contributed by the security community. Our Pass rate to date is 98%  

Who Should Attend? This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network and enterprise security.
Module 1: Introduction to Ethical Hacking
  • Why Security?
  • The Security, functionality and ease of use Triangle
  • Can Hacking be Ethical?
Module 2: Footprinting
  • Defining Footprinting
Module 3: Scanning
  • Definition of Scanning.
  • Types of scanning
Module 4: Enumeration
  • What is Enumeration?
  • NetBios Null Sessions
Module 5: System Hacking
  • Administrator Password Guessing
  • Manual Password Cracking Algorithm
  • Automated Password Cracking
Module 6: Trojans and Backdoors
  • Effect on Business
  • What is a Trojan?
Module 7: Sniffers
  • Definition of sniffing
  • How a Sniffer works?
Module 8: Denial of Service
  • What is Denial of Service?
  • Goal of DoS(Denial of Service)
Module 9: Social Engineering
  • What is Social Engineering?
  • Art of Manipulation
Module 10: Session Hijacking
  • Understanding Session Hijacking
  • Spoofing vs Hijacking
  • How Web Servers Work?
Module 11: Hacking Web Servers
  • How are Web Servers Compromised?
Module 12: Web Application Vulnerabilities
  • Web Application Set-up
  • Web Application Hacking
Module 13: Web Based Password Cracking Techniques
  • Authentication- Definition
  • Authentication Mechanisms
  • HTTP Authentication
Module 14: SQL Injection
  • Attacking SQL Servers
  • SQL Server Resolution Service (SSRS)
Module 15: Hacking Wireless Networks
  • Introduction to Wireless Networking
  • Business and Wireless Attacks
Module 16: Virus
  • Virus Characteristics
  • Symptoms of 'virus-like' attack
Module 17: Physical Security
  • Security statistics
  • Physical Security breach incidents
Module 18: Linux Hacking
  • Why Linux?
  • Linux basics
Module 19: Evading Firewalls, IDS and Honeypots
  • Intrusion Detection Systems
  • Ways to Detect Intrusion
Module 20: Buffer Overflows
  • Significance of Buffer Overflow Vulnerability
  • Why are Programs/Applications Vulnerable?
Module 21: Cryptography
  • Public-key Cryptography
  • Working of Encryption
Module 22: Penetration Testing Course
  • Introduction to Penetration Testing (PT)
Module 23: Advanced Exploit Writing
Module 24: Advanced Covert Hacking TechniquesModule 25: Advanced Virus Writing Techniques

Module 26: Advanced Reverse Engineering Techniques

Security training - Certified ethical hacker certification

"To beat a hacker, you need to think like one".

With the increasing security threats to computer networks and web servers, there is a great need to make networks "hacker-proof". Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.The best way to do this is by understanding the methods employed by hacker's to intrude into systems.

The objective of the ethical hacker is to help  take preventive measures against hacking attempts by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. As technology advances and organization depend on technology increasingly, information assets have evolved into critical components of survival.

The Certified Ethical Hacker Certification certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker Certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.

Some of the topics covered in ethical hacker certification:
    Penetration Testing Methodologies
    Network Protocol Attacks
    Network Reconnisannce
    Vulnerability Identification
    Windows Exploits
    Unix/Linux Exploits
    Covert Channels & Rootkits
    Wireless Security Flaws
    Web Application Vulnerabilities
    Business and Technical Logistics of Penetration Testing
    Information Gathering
    Linux Fundamentals
    Detecting Live Systems
    Reconnaissance -- Enumeration
    Vulnerability Assessments
    Malware – Software Goes Undercover
    Hacking Windows
    Advanced Vulnerability and Exploitation Techniques
    Attacking Wireless Networks
    Networks, Firewalls, Sniffing and IDS
    Injecting the Database
    Attacking Web Technologies

Listed below are some of the Ethical hacker certifiying bodies:

CEH - Certified Ethical Hacker by EC Council - http://www.eccouncil.org/
CPT - Certified Penetration Tester - http://www.iacertification.org/cpt_certified_penetration_tester.html

Hacker training - Great Hacking tutorials 2010

That is the best ever hacking tutorials of 2010 combined altogether to give hackers an edge.
Great hacker training articles, tutorials and courses covering vast areas of hacking like

More Hacking/The Greatest Hacker of all time
More Hacking/The Hacker’s League
More Hacking/The Inner Circle Book’s Hacking Techniques
More Hacking/The Lamahs-Guide to Pirating Software on the Internet
More Hacking/The M.M.C. Guide to Hacking, Phreaking, Carding
More Hacking/The National Information Infrastructure-Agenda for Action
More Hacking/The Newbies Handbook- ‘ How to beging in the World of Hacking
More Hacking/The Newbies-User’s Guide to Hacking
More Hacking/The Pre-History of Cyberspace
More Hacking/The Price of Copyright Violation
More Hacking/The REAL way to hack RemoteAccess
More Hacking/The Secret Service, UUCP,and The Legion of Doom
More Hacking/the UNIX operating system (Berkley 4.2)
More Hacking/Theft of Computer Software-A National Security Threat
More Hacking/Thoughts on the National Research and Education Network
More Hacking/Tips on Starting Your Own BBS.1
More Hacking/undocumented DOS commands
More Hacking/UNIX Computer Security Checklist
More Hacking/UNIX Use and Security – By the Prophet
More Hacking/UNIX Use and Security From The Ground Up
More Hacking/UNIX- A Hacking Tutorial.SIR
More Hacking/Viruii FAQ
More Hacking/Virus-Trojan FAQ
More Hacking/What Files are Legal for Distribution on a BBS
More Hacking/What To Look For In A Code Hacking Program
More Hacking/What To Look For In A Code Hacking Program
More Hacking/What You Should Know About Computer Viruses

Download: 6.51 MB


Certified ethical hacking course

A little note about EC Council Exam 312 50

For ethical hacker certification, EC council is perhaps one of the best certification body that provides regognised hacker certification in the world. Lets take a closer look at the EC Council exam courseware.

Ethical Hacking and Countermeasures EC Council Exam 312 50 Student Courseware

 By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide to system security provides the tools necessary for approaching computers with the skill and understanding of an outside hacker. A useful tool for those involved in securing networks from outside tampering, this guide to CEH 312-50 certification provides a vendor-neutral perspective for security officers, auditors, security professionals, site admistrators, and others concerned with the integrity of network infrastructures. Complete coverage of footprinting, trojans and backdoors, sniffers, viruses and worms, and hacking Novell and Linux exposes common vulnerabilities and reveals the tools and methods used by security professionals when implementing countermeasures.

Hacker training - hacking ebook : The art of exploitation

This is a fine hacking book that every hacker should have.
Learn hacking by reading this hacking book considered one of the best hacker resource on the web

The Art of exploitation
This marvelous piece of information introduces the hacker to the spirit and theory of hacking as well as the science  behind it in a step by step method of learning which proves to be very effective. It begins at the basic level and jumps to the core hacking techniques and tricks and you can then start to think like a hacker. Essential and elemental techniques that hackers and security professionals use are here well described and discussed which helps the user to gain a real insight of the hacking world. The course also covers network traffic sniffing and manipulation as well as a cryptography section.

Facebook new security flaw unveiled - Open graph

Facebook is again the victim of a security breach. It was necessary to wait six years and more than 400 million registered members for the vulnerabilities of social network to be finally unveiled. The site has fixed a flaw in its website customization system based on the Open graph. It allowed to retrieve location data of a user.

A closer look and we find that the fault was based in an option of using the Facebook site for Internet Yelp recommendations. Techcrunch says that Yelp is one of three sites chosen by Facebook to test its function of "instant custom" with Pandora and Docs.com. Therefore, if a user connects to one of these sites, Facebook provides a way encrypted personal data so that his visit is personalized. 

However, malicious code could be injected via the method of cross-site scripting. All this information prior Figures were visible to an attacker. It was even possible to recover the encryption key and thus benefit from all the information on the Internet.
Still, if the fault has been corrected in less than two hours, it leaves a gaping doubt about the capabilities of Facebook to preserve the identities of Internet users. It should be noted that the site of Mark Zuckerberg is destined to share the email addresses of its users to third party sites. It could be that companies wish to eventually use this valuable information. Unless a wave of unsubscriptions're right social network ...

How to hack a facebook account - hack a facebook account

How a facebook account can be hacked

Facebook is one of the most widely used Social Networking website by many across the world . Most of them are now a days making the fake accounts both for abuse or maintaining secret relations. So, it’s no wonder that many people have started to devise methods to hack a Facebook account.
Now i will show you some of the working and best ways to hack a Facebook account
Now a days the security standards are greatly increased even the brute force attacks don’t work don’t get fooled there are so many people who try to fool the people by telling them to hack Facebook and any other service like orkut ,gmail,yahoo, orkut, there are only a few ways to get that account and the easiest relies on the ignorance of the user. The hardest relies on the skill of the hacker…
Starting with the easiest…and going to the rare and intermediate hacks

#Using a Keylogger
The hacker sends a client keylogger software that captures everything the user types in, including passwords. The captured keysrokes are sent by email, FTP or sare stored on the victim’s computer for later removal.
Counter : Use a firewall and don’t accept suspicious programs(specially when they are light) Using a virtual keybord also helps.

#Using a Trojan
This is same as the keyloggers if u want more control over the victom then u can use Trojans (Rats) these are remote administrator tools which give the complete control over the victim system. Relies fully on whether the user accepts the infected file or not. Trojans are quickly detected by antivirus software but packing the Trojan can get around that. Trojans or Rats can also be binded with legitimate software using exe binders.
Counter : Antivirus and Suspicion. Trojan also generate a lot of network activity when operating, so it is easy to spot them. Firewalls also work gr8.

PHISHING is the most commonly used method to hack into any web based systems like orkut ,gmail ,yahoo.
Phishing is proved the best and easy way to hack into any web based system u can even hack into Facebook it has high success rate . And also there is no need of any scripting knowledge like html just upload the page to any free hosting accounts and send the link to the victim. It works by creating a copy of a Login page (facebook login) ,changing some stuffs in it so as it emails the input username and password to the hacker and redirect to the REAL Facebook login page after so as the user does not get a hint of what is happening. Once the user has input his credentials, they are sent as plain text to the hacker.
Counter: The fake login page usually have to be hosted somewhere and must have a domain name. Naturally it cannot be the same as login.facebook.com so check for the URL when you are login in.

I personally hate this tool. Won’t talk much about it.. damn automatic hacker
The attacker just needs the victims IP and some skill to pull the attack. So don’t just give out your Ip and don’t download stuffs from Instant Messengers as it is in this way that the attackers obtain the ip address. Beware also of emails containing strange link as clicking on a link can send your IP adrress to the hacker.

#Cookie Stealing
Involves using an exploit to steal session cookies which when injected into the hackers session (cookie injection), gives him access to your facebook account without needing to input your password. But that limits the damage he can do.
A > Downloads the HomePage.
B > Allows you to the Target’s Wall and
C > Retrieve your Target’s Friend’s List

The hacker needs your IP, skills and skills.
A software I heard that can give you control of a facebook account is FBcontroller. You have to feed it the live cookies of a victim and it does the rest.
You can get the target’s cookie by sniffing, XSS, amusing engineering, ARP Poison-Sniffing, Scroogle chase or about you like.

Facebook rh hack tool - facebook hacking tool

Facebook rh hack tool is presumed to be a hacking tool allowing hackers to hack a facebook account. Basically facebook hacking tools are in great demand and easily get a big buzz on the net. A quick search on google and you
will find thousands of download links Facebook rh hack tool v1.6 or later but these links seem to go nowhere. From the hacker underground, it is very clear that rh hack tool is a ghost software, it does not exist. It is technically very difficult to develop such a tool, hackers uses a mix of techniques mos commonly SQL injection or phishing to get a hand on facebook accounts. Having a tools that automatically does these things in one go is hoax. So next time you here about a facebook hacking tool, don't even go looking for it. The key to hacking facebook is knowledge and skill. 
To end, Facebook rh hacking tool = HOAX .

Control Facebook accounts without the Password - FBController

FBController - The Ultimate Utility to Control Facebook accounts without the Password.

Let me clear this again like last time that this utility WON'T hack/crack Facebook accounts.

You need to feed it biscuits (cookies) before you can do anything.

You can get the target’s cookie by sniffing, XSS, social engineering, ARP Poison-Sniffing, Scroogle search or however you like.

Once you have the cookies you can use FBController to have Full control over the target’s Facebook account.

Login to your Facebook account and sniff your own cookie OR collect a few live Facebook Biscuit/s of your Target/s.

Changes in version FBController 2.0 

- You don't have to provide each and every cookie variable in the command parameter.

Just save your cookie into a file and point FBC towards it.

- Many changes have taken place over the time in the FB UI and the Cookie structure as explained on the blog.

- FBConTroller v2.0 now has a menu based Operation making it easier to control.

- FBConTroller as of now can Write onto one's own wall, other's walls, Retrieve Profile Page, Retrieve Friends List and even attempts to Retrieve Inbox and Send Messages.

Russian Hacker sells hacked facebook accounts

A spammer/scammer named Kirloss is selling 1.5 million Facebook accounts for a few pennies apiece. Yours might be one of them.

Want to hear some good news? We now know exactly how much your Facebook profile is worth on the open market: Between 25 and 45 cents, depending on whether you have more than 10 friends.
The bad news? How we found out.

According to Verisign's iDefense, a Russian hacker known as Kirllos is selling 1000 Facebook IDs at a pop for $25 (if you have 10 friends or less) or $45 (if you're in the 11+ friends crowd). Thus explaining that rash of bogus Facebook password reset spam I got last month. He's apparently successfully phished log ons for some 1.5 million Facebookers, which he's now hawking on the antichat.ru forums.
Is your account one of them? There's really no way to know for sure, unless you're seeing stuff posted under your name you didn't put there. But if you've recently responded to an email purporting to be from Facebook asking you to log into your account, there's a very strong chance the answer is yes. (I'd recommend logging in and changing your password to something tricky. Do it right now. Go on, I'll wait.)
What can some miscreant do with your Facebook identity?
* He can use it to infect other Facebook users by posting links on your friends' walls to Web sites containing malware, a la the Koobface worm, which has been tormenting users of Facebook, MySpace, and Twitter for two+ years. Koobface can suck your PC into a botnet, at which point it doesn't really belong to you any more.
* He can use it to run big-money con games on your friends, a la the infamous "London Scam" in which a cybercrook pretends to be an old friend of yours who's stranded overseas and needs you to wire him cash -- fast. The London Scam took at least one U.S. victim for $4,000. Unlike Nigerian 414 scams, which requires mind-numbing stupidity on the part of its victims, the London Scam directly attacks affluent, college-educated, computer literate people. (I had a friend who got approached by the same scammer, who was seriously considering wiring the money until I explained what was going on.)
* He can use it to embarrass, harass, or blackmail you. Want to ruin someone's reputation in a hurry? Log on as them and post humiliating or hateful content on their page.
But here's the bigger threat. Facebook really wants to be the single sign-on engine for the Web (see "What's to like about Facebook's 'Like' button?"). So a Facebook log on isn't just a Facebook log on anymore; it's also a log on to sites like Unvarnished, the Huffington Post, and any others that use Facebook Connect. If that's not an argument against using Facebook for single sign on, I don't know what is. Even if you don't use FB Connect, most people tend to use the same log ons for multiple sites; once a crook has your email address and favorite password, he can go to town on you. Nervous yet?
Bottom line: Your Facebook credentials are important, and only getting more so. If you want to protect yourself online, you'll need to protect them as well. Start by mixing up your passwords for your favorite sites, changing them semi regularly, and not getting duped by every stupid email marked "urgent."
Also: I gotta say I find this whole thing kind of insulting. I've got 700+ friends. I think my account is worth at least $1.50. Don't you?

Facebook Security Issues

Facebook has been the victim of five different security problems in the month of March, says Trend Micro.
According to the security firm, four hoax applications have become available on the social network along with a new variation of the Koobface virus, which was first detected at the end of last year, and directs users to a fake YouTube page where they are encouraged to install malware.

Two of the hoax applications that have been downloaded by Facebook users include 'F a c e b o o k - closing down!!!' and 'Error Check System'. By downloading the app, users are giving hackers access to their profile and personal information, and also unwittingly forwarding fake messages to their friends, also encouraging them to download the programs.
Rik Ferguson, senior security advisor at Trend Micro told the BBC:"It's been a pretty bad week for social networking in general".
"It's almost as if the applications we have seen this week are a proof of concept," he said. "It would be much better for them to generate rogue applications that did not look like rogue applications."
Ferguson also revealed that he believes hackers are currently working on creating apps that don't initially appear to be malicious. He predicts these apps will appear on social networking sites very soon.
"One of the problems is that Facebook allows anybody to write an application and third party applications are not vetted before they are released to the public. Even as Facebook stamps out one malignant application, it can pop up in another place," said Graham Cluley, senior technology consultant at Sophos
However, it appears Facebook is still refusing to vet apps before they are made available on the social network.
Founder Mark Zuckerberg told Radio One last month: "Our philosophy is that having an open system anyone can participate in is generally better".

Passwords - user password trends (easy to crack passwords)

It is a disgrace that humans still got the hang of setting passwords. It seems as though that most internet users have inextricably tethered themselves to a promise of not setting strong-enough passwords, which may force hackers to reconsider their choice of profession for its grueling nature. As you devour more of this story, you will begin to envy hackers for having it stroll-in-the-park easy.

A new study has revealed that internet users nonchalantly continue to set unimaginative, fatuous passwords. The study appraised 28,000 passwords that were recently stolen from a U.S website.

Sixteen percent of the users had set their first name as their password. Around fourteen percent chose easiest to recall key combinations, including 1234 and 12345678. Other users, who apparently dont rate their mathematical ability highly, chose to steer clear of numbers and settled for passwords such as AZERTY and QWERTY.

Five percent of the passwords were found to be inspired by popular things and celebrities, including names of movies, TV shows and actors. The strongest password in this category was found to be Ironman as it sounds impenetrable.

Three percent of the people reckon passwords are another medium of expression. How else would you explain passwords like loveyou and Ihateyou..

If you want to set a password that for sure will be very hard to crack, use a combination of alphanumeric characters and special characters like underscores ampersand ect..Adding numbers in the middle of the password is damn effective too..

Hacking Software - Hacking Tools (password cracker)

So here is the first hacking tool hack website blog is posting: A damn powerful password cracker called
Windows password auditing and recovery application
L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys and reborn as LC6 in 2009. L0phtCrack can provide some decent level of funtionality in the free version but the juice stays in the paid version, so try to crack it or opt for version 5 for which there is already a keygen on the net. For free alternatives, consider Ophcrack, Cain and Abel, or John the Ripper. More posts comming for these hacking tools.

Hacker : White hat and Black Hat

I thought it would be good to start with something simple and straight forward, so what is a hacker and what kind of hackers are out there.. 

In common usage, a hacker is a person who breaks into computers, but does no harm. usually for fun or just the challenge . The subculture that has evolved around hackers is often referred to as the computer underground but is now an open community. hackers are people who are motivated by curiosity and adventuress spirit.

Other uses of the word hacker exist that are not related to computer security (computer programmer and home computer hobbyists), but these are rarely used by the mainstream media because of the common stereotype that is in TV and movies. Some would argue that the people that are now considered hackers are not hackers, as before the media described the person who breaks into computers as a hacker there was a hacker community. This community was a community of people who had a large interest in computer programming, often sharing, without restrictions, the source code for the software they wrote. These people now refer to the cyber-criminal hackers as "crackers". 

White hat
A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This type of hacker enjoys learning and working with computer systems, and consequently gains a deeper understanding of the subject. Such people normally go on to use their hacking skills in legitimate ways, such as becoming security consultants. The word 'hacker' originally included people like this, although a hacker may not be someone into security.

 Black Hat
 A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity.

Hack website : The hack blog

Welcome to hack website,  a hacking blog that has been remade (previously hackerz-shell) to convert itself to a blog specialised in web hacking.

This is a hack blog where you will learn how to hack : hack the web, hack the net, hack email, learn hacking tricks, hacking cracking, web hacking, hacking forum, hacking website, hacking facebook, hacking software, hacking books and hacking software..Lots of hacking tutorials and books as well as hacking tools to download.So stay tuned because very hot stuff coming to you right away.