Recently Kaspersky, Bit-defender, Face book websites were attacked via XSS and SQL Injections and their databases were exposed. Screen shots about their vulnerability and database tables were posted over internet.

Kaspersky is one of the leading companies in the security and antivirus market. Their website is down right now (9 feb 09, 6:42 pm) as I checked it, which was hacked recently. They are in maintenance mode. It seems as though they are not able to secure their own data bases. The companies who claim to secure our computers are not secure themselves. Seems incredible but unfortunately, its true. Through SQL injection some hackers were able to expose users, activation codes, lists of bugs, admins, shop and many more tables of their database. This is just a security alert though. No loss to customers and company as I suppose because the team involved is saying that their purpose is to alert the big companies about security measures. They have posted all the names of the tables in database though. Now I suppose we will see the new secure Kaspersky website. I have used myself this antivirus for quite a long time and then I had shifted to another one.

{ Continue Reading }

There are many ways to break down windows password. I have mentioned some method related to earlier SAM files in windows and of course there is a way to use LIVE version of any appropriate operating system to enter in the system.

If you care to purchase some software for that then I can recommend you a very useful software which does exactly that and without any hassle or loss.

If you can't Login To Windows? Locked Out? Forgot Your Password?
There is just One Step - No Hassle Solution! by Windows Geeks.

Windows Geeks Removal Tool Features

• Removes and Unlocks All Windows Passwords Instantly
• 24/7 Support
• Best, Quickest and Easiest Solution!
• Does all the work! No need to know any complex commands
• DOES NOT require original Windows disc or proof of purchase
• Works on all computers running Windows (including Windows XP, Vista, NT, 2000, 2003)
• You don't have to be computer literate to use our software!
• 100% Effective
• 100% Safe - No data loss of any kind
• 100% Safe Transaction - No Viruses/Spyware/Adware

I have used this software recently. I used USB version which is very easy. Steps involved are followings.

You need a blank USB/flash drive.
Software comes with a folder "usbmemkeyboot" containing 'SP27608.exe' which is HP Windows Format Utility for USb drive. This will install the software. After installation run this utility to make your USB bootable.

Now along with this software there are some other files in the package which you just copy and past in USB drive. There are instructions for the process in detail at their website.

After you have created bootable flash disk, open command prompt by using command cmd in run and browse there your USB drive. Suppose USB is starting with letter f.
You might get the following displayed at the command prompt
c:\documents and settings\PCUserName>
type f: ahead of that and press enter.
It will give you f:\>
Type syslinux f: ahead of that and press enter. i.e.
f:\>syslinux f:
You are done.
This last step is important.

Now you have created your USB disk for password removal. You will create it earlier for later use or you can create it at another PC obviously if your computer has been locked down already.

Just check your boot sequence from motherboard setup. Make sure it is boot from USB.
Restart PC, plug in USB drive and let it boot from the USB drive.

All you will get is following.

All passwords of administrators or users will be removed. Restart the PC. Eject USB. Now Windows will be password free and all passwords will be erased. Your user settings remain same. Files remain same. Everything same. Just windows users passwords will be removed. This is a very useful utility for erasing password of any windows operating system.

Website
Windows Geeks Password Removal Tool

The screen above is showing you two windows users. You can have as many as you want. Many users do not bother about creating more then one accounts. While installing windows XP, user is asked about administrator password. Some users provide password and some not. In case you have not given administrator password and created another windows user. Suppose you forgot user's password then you can always Ctrl+alt+Del twice at Logon screen to switch between Log On Mode which will bring prompt asking you user's name and password. Write administrator in user input box and press enter. You are in. That is ok.

I am discussing here the worst case. Consider the following scenario:

- You gave administrator password during installation.
- You did not created another user other then administrator after windows XP installation.
- And then you forgot your password.
- Now you have Log on screen asking you the the user's password or administrator password which you have forgotten. Now what?

What to do (You might not want to do the installation again or secure some files etc.)

There are number of ways to cope this problem. i.e.

• Use bootable CD to log into Windows as another user
• Use Active Password Changer - www.password-changer.com
• I recommed you another way relating to SAM files.
  There is a location in Windows Xp as
  C:\WINDOWS\system32\config
  There are two files
  1- SAM.txt
  and
  2- SAM
  These files contain user information.
  Delete these and password will be removed for all accounts.
  Now you are not in Windows.
  You have encountered a screen asking you password.
  And you need to go to the path
  C:\WINDOWS\system32\config
  to remove SAM files.
  Use another PC.
  Connect your hard disk with locked account in that, run that other PC with connected 2nd hard disk and browse its C drive for that location and delete SAM files.
  Unplug your hard disk.
  Connect it to your PC.
  Boot the PC.
  Password will be blank.

Is your website secure? XSS attacks (Cross Site Scripting) provides hackers access to your website content and database. If web applications are not secure, then your entire database of sensitive information is at serious risk.

Hackers are on the lookout for Cross Site Scripting (XSS) vulnerabilities in YOUR web applications. Shopping carts, forms, login pages, dynamic content are easy targets. Beat them to it and scan your web applications with Acunetix Web Vulnerability Scanner:

• Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities
• Firewalls, SSL and locked-down servers are futile against web application hacking
• Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities
• Acunetix also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb, Wordpress etc.
• Acunetix identifies files with XSS vulnerabilities allowing you to fix them BEFORE the hacker finds them!

Audit your web site security with Acunetix Web Vulnerability Scanner. The best part about this software: Its free version is also available.

Download Link
http://www.acunetix.com/cross-site-scripting/scanner.htm

Change the PC resources in the way you like it. Thats what 'Resource Hacker' is all about. If you like to play tricks with your PC and like to tweak it a bit then 'Resource hacker' is a good choice out there and it is absolutely free and easy to use.

Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Win95, Win98, WinME, WinNT, Win2000 and WinXP operating systems.

Viewing Resources: Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed. WAV and MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.

Saving Resources: Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin).

Modifying Resources: Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res etc) or by using the internal resource script compiler (for menus, dialogs etc). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler.

Adding Resources: Resources can be added to an application by copying them from external resource files (*.res).

Deleting Resources: Most compilers add resources into applications which are never used by the application. Removing unused resources can reduce an application's size.

Download Resource Hacker

If you are having any important docs and you are afraid about its privacy then do not be worried because windows XP provides (not officially) a utility by which u can hide your PC's one or more drives. { Continue Reading }

This is suppposed to change your dynamic IP Address.

Open notepad and type 

ipconfig /flushdns
ipconfig /refresh
ipconfig /renew
ipconfig /all>newip.txt
end 

then save as (select all file types) --- ip.bat

this is now a batch file rather than a txt file. Simply hit run on the file and watch the progress.

If you want to print out the results then add this line into the same file befoe "END"

ipconfig /all>filename. txt

A report will be saved in the same directory as your batch file, detailing your new ip and a bit more...

While you're enjoying your latte and a bagel, some hacker might be accessing your passwords, credit card numbers, sensitive company data and much more. And standard antivirus software won't protect you. That's why AnchorFree is pleased to offer Hotspot Shield. This free security software keeps your Internet connection secure at public hotspots, home or work.

100% Security Through a VPN

Hotspot Shield creates a virtual private network (VPN) between your laptop and the wireless router. This impenetrable tunnel prevents snoopers and hackers from viewing your email, instant messages, credit card information or anything else you send over a wireless network. Which means you remain anonymous and protect your privacy.

Hotspot Shield security software is free to download, employs the latest VPN technology, and is easy to install and use. So go ahead - Get behind the Shield.

Hotspot Shield runs on:

• Windows Vista
• Windows XP
• Windows 2000
• Mac OS X (10.5 Leopard)
• Mac OS X (10.4 Tiger)

Here is how it does something with your online presence. I am in Pakistan but You can see my location and IP which are different then origional in image below. 

Download Hotspot Shield

Have you ever experienced that after you installed windows and set your user name and giving it a password someone managed to log into the computer.

Well here is a precaution to avoid that. While installing windows always give password to administrator account. While installation it asks for administrator password and many guys ignore it and when installation is done they set a windows user and start doing work.

Still there is an administrator account with blank password.

And if someone just press Ctrl+Alt+Del twice at welcoem screen it asks for default administrator account access and there he can enter with blank password and change your user password or access your files as an administrator.

Always set default account (administrator) password.