In the modern world, Internet has become a wonderful place to gain knowledge, exchange ideas, share information, make new friends and whatnot. Even though, you can do all of this by remaining anonymous behind your monitor, your real life identity and personal details can still be at the risk of falling into the hands of strangers. This is where the term “doxing” comes into play!

What is Doxing?

Doxing simply refers to the process of gathering or deducing other people’s information such as name, age, email, address, telephone number, photographs etc. using publicly available sources such as the Internet. In other words, doxing is the act of using the Internet to search for personal details about a person.
Doxing is done by initially taking a piece of information (such as “name” or “email address”) and keeping it as a base to find out other possible details about the person. The term “doxing” is derived from the word “document tracing” which means to retrieve documents about a particular person or company in order to learn more about them.

Doxing Techniques:

Today, Internet has grown to such a size that it contains almost any information that you’ve ever imagined! All you’ve to do is use the right techniques to search for what you want. Here is a list of doxing techniques that are most commonly used by Internet geeks and ethical hackers:

Using Google:

Google is undoubtedly a powerful tool that plays a key role in doxing. Since Google indexes almost anything on the Internet (sometimes even the private information), it is possible to dox for details such as email ID, address, phone numbers and photographs of a person or company. Once you obtain the search results for your query, carefully examine the description part which in most cases contain the piece of information that you are looking for.

Social Networking Websites:

As most Internet users are found to be active on social media, social networking sites such as Facebook and LinkedIn provide a virtual goldmine of information necessary to perform doxing. As most users are unaware of online security issues, they have weak privacy settings on their profile. This makes it easy for the attackers to gain access to personal information such as photographs, real names, location, job, partner’s name etc.

Reverse Cell Phone LookUp:

A “Reverse Cell Phone Lookup” is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number and vice versa. There are many online services out there such as cell phone registry that provide access to the personal details about a given person based on his/her phone, name and email ID.

Whois Searches:

If a person or company has a website (or domain name) associated with them, you can easily perform a “whois search” for their website to obtain personal details such as full name, address, email and phone number. Just visit whois.domaintools.com and enter the domain name for which you want to perform a whois search. It will show up all the details associated with the domain name.

Why Would Anyone Want to Perform Doxing?

Most people perform doxing out of general curiosity about a person or company. However, there are some wicked minds out there who do this for the purpose of blackmailing or taking revenge by exposing the information that they have gathered about the person.

What are the Consequences of Doxing?

It can be slightly irritating and embarrassing when private data fall in the hands of people who are not intended to have access to such information. However, things can go even worse if the doxed information such as a person’s social activities, medical history, sexual preference and other vital bits of information is made public. This can have a serious threat to health, livelihood or relationship of the victim.

Steps to Protect Yourself from Doxing:

The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing:
  • Full name
  • Age, gender and date of birth
  • Location and place of birth
  • Email addresses and username
  • Phone number
  • Social networking profiles, websites and blogs
So, it is always a good practice to keep the above bits of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public. You can consider the following additional tips for further protection:
  1. Do not upload personal photographs on web albums such as “Picasa”. Even if you do, make sure that your album is hidden from public and search engines.
  2. If you do not intend to show up your profile on search engines, it is a wise choice to make all the Internet profiles private.
  3. Maximize the privacy settings of your social network profiles. Make sure that your individual albums and photographs have their privacy settings configured.
  4. Do not use the same email address for all you accounts. Instead, create separate email IDs for individual activities such as gaming, forum participation, banking accounts etc.

Is Doxing a Crime?

Doxing is definitely not a crime when used within the ethical standards and no harm is being caused to anyone. However, if doxing is done to cause intentional damage such as harassment, blackmailing or taking revenge it might well be considered an offence.
Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable.

When an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack.


Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they
are typing in the password to their email or bank account, but are instead typing into
an invisible frame controlled by the attacker.


At present this attack mostly use on social network websites like Facebook and twitter, Because this attack is used by convinced victim for click on the link and Social Network website might be very useful for attack on victim.


Code:
 <style>
 iframe { /* iframe from facebook.com */
  width:300px;
  height:100px;
  position:absolute;
  top:0; left:0;
  filter:alpha(opacity=50); /* in real life opacity=0 */
  opacity:0.5;
}
</style>

<div>Click on the link to get more followers:</div>
   
<iframe src="/files/tutorial/window/clicktarget.html"></iframe>

<a href="http://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a>

<div>You'll be get 10000 followers..!!</div>

Output:

Click on the link to get more followers
Click Me
You'll be get 10000 followers..!! 

Download
ClickJacking Tool


For Defence:
Clickjacking Protection


For more information:
OWASP
A Reverse Cell Phone Lookup is simply a process of finding someone’s personal details such as name, age, address and related information by using their cell phone number. At times, it becomes necessary for us to start investigating on someone to know their personal details.

The reason for this can be many – Some people may go for a cell phone lookup in order to locate their old friends, some to investigate the prank calls or to trace a suspicious number.

Reverse Cell Phone Lookup Services:

There exists a lot of websites on the Internet that offer reverse cell phone search, some claim to be free while others ask you a small fee for the subscription. There also exists a few directories that provide access to both landline and cell phone numbers thereby providing an all-in-one lookup service.

Since most people wish to access this information for free, they go in search of those websites which provide the reverse cell phone lookup service for free. Most scam websites take up this tendency of people as an added advantage and try to attract more and more visitors by promising them to provide the search service at a free of cost. In reality, the visitors of these websites may pick up malware programs like viruses and trojans.

So, you should be very careful not to visit any of such websites unless you are 100% confident about their legitimacy. Hence, in order to do a reverse cell phone lookup, you need to find a trusted website/directory service that provide information which is accurate and authentic.

There are a number of top quality directories used by various private detectives, journalists and those who are in need to spy on their cheating spouse or children. These companies invest a lot of time and financial resources in gathering mobile phone and landline numbers by using both private and public sources, as well as major cell phone carrier restricted databases.

Thus, by using this service it becomes just a cakewalk for anyone to find the details associated with any phone number whether it be a cell phone or a landline. The entire process of finding someone by cellphone number is very straightforward – all you need to do is just enter the phone number that you want to trace down and hit the “Search” button. You will be able to instantly view the information such as the phone owner’s name, age, mobile provider, billing address, previous addresses and more.
You can now easily monitor your room, office or workplace for activities going on during your absence without having to invest on expensive hidden cameras. If you’ve ever wondered to find a way to turn your PC webcam into a spy camera, here is a simple and effective solution. This can be really handy to monitor your children and pets in home or even catch a cheating spouse red handed! For this, all you need is a computer with an Internet connection and a webcam attached to it.

If your computer meets the above simple requirements, then you are all set to go. The site called UGOlog.com provides a free solution to simply transform your webcam into a powerful spy camera in just a few steps. You can sign-up for a free account and start using the service immediately.

Since UGOlog service runs as a web application from within the browser, there is no need to install any additional software on your computer. That means, when your spouse or children look through the installed programs, they don’t find anything that arouses suspicion.
The following are some of the advantages of using UGOlog service over other software programs or a conventional spy camera:
  • Firstly, the service comes for free, so that you don’t need to buy anything to start with.
  • Unlike software programs such as “Webcam Monitor” which is complicated to configure and lacks stealth operation, UGOlog needs no installation and is simple to setup.
  • UGOlog comes with powerful features such as as motion detection, email alerts, and interval snapshots.
  • You have the option to view the camera remotely from anywhere just by logging into your UGOlog account.


Once you’ve created your account, you can take up a quick tour and browse through the configuration guide to begin using the service. The free version of UGOlog limits the service for only 1 webcam and 50 MB of storage space. If you wish to setup more than one camera and need additional space for recording more videos, you can easily switch for paid plans as per your convenience.
As the use of Internet is increasing, the chances of your computer getting hacked are also increasing dramatically. There is plenty of file sharing and web surfing that is being done, which makes your computer vulnerable for attack. But this article will help you in deciding what steps to take if your computer gets hacked.

How to Find if Your Computer is Hacked?

It is important to know when your computer has been actually hacked and when it is just behaving weird:
  • Sometimes it’s just simple and the hacker may leave some note or warning to prove that your computer is actually hacked.
  • You are not able to access your various mails and social media accounts or at worst you are not able to access your computer.

Steps to Take if Your Computer Gets Hacked:

1. Check the Impact of Damage

After using your computer for some time you would know what type of infection you are facing whether it’s malware, virus, trojan, keylogger (spyware) or anything else. In case a keylogger application is installed, you can use a good antispyware program to remove the infection. However, formatting the hard drive is a better option if the infection is severe. You should try to back-up all the important and confidential files that you may have in your computer before formatting.

2. Damage Control

You should run antivirus programs to determine the extent of damage. Users of Windows OS can run “Malware bytes” which can be found freely and recognises various harmful applications which antivirus cannot. Sophos Mac antivirus is a free application which can be used by Mac users.

3. Removal

After running several scans you will know what is the extent of damage you are facing. After making the list of viruses and malware that have infected your computer, next thing you need to find is what the impact of damage is. For that you must check the details about those viruses and malware programs to know how they rank in terms of damages they can have in your computer. You must carry out the searches from a neutral device which is not hacked and search for removal tools for those malware programs which have infected your computer. Unfortunately, if after several tries you are not able to clean your computer then the only option left is to re-install your operating system.

4. Offline Hacking

This is true that Internet is the most common way to hack a computer, but it is possible that anybody can hack your system using USB devices. The process of removal of the infection is the same in this case as well. The best precaution you can take to avoid such situations is to password protect your computer OS and BIOS. This makes it difficult for anyone to gain access to your computer.

Conclusion:

The best thing that you can do is to protect your computer by using fully updated antivirus and a good firewall. It is also wise to have a protection tool for windows registry. To protect your files, you can use encryption tools so as to encrypt the data on your hard disk. As there is no 100% foolproof way to prevent hacking it is always better to take precautionary measures.
Every computer on the Internet has a unique IP address allotted to it which makes it possible to trace it back to its exact location. Even though the concept of Internet Protocol address has been designed for its transparency and traceability, in some cases this questions the privacy of the Internet user where one would not like to reveal his/her identity to the outside world.
Well, if you are one such person who is in search of ways to hide your IP address online, then you are at the right place. In this post, I will discuss some of the easy and popular ways to mask your IP address so that your identity and privacy is kept safe.

Why Hide IP Address?

The following are some of the common reasons why people want to mask their IP address online:
  1. By hiding the IP address, people can browse websites anonymously without leaving the trace of their identity.
  2. To access websites and portals that are not available to the IP addresse’s their Geo location.
  3. Stay safe from intruders and hackers by showing a fake IP to the world.
  4. Hiding IP means hiding geographical location.
  5. Hiding IP prevents leaving a digital footprint of their online activity.

How to Hide Your IP?

Some of the most common ways to hide IP and safeguard your online identity are discussed below:

1. Using a VPN Proxy – The Safe and Secure Way to Hide Your IP

Using a trusted VPN service is the best way to hide your IP during your online activities. Here is a list of most popular and highly reliable VPN services that you can go for: 
  • VyprVPN: VyprVPN offers the world’s fastest VPN services to its clients and supports wide range of operating systems including Windows, Mac, Android and iOS.
  • Hide My Ass VPN: Hide My Ass is one of the most popular and trusted VPN service that allows people to easily conceal their IP address and protect their online privacy.
The following are some of the advantages of using a VPN service over any other method of concealing your IP address:
  1. In addition to hiding your IP, a VPN service encrypts all your web traffic to keep you safe from hackers and intruders.
  2. Unlike other IP hiding methods (discussed in the latter part of this article) which affects your speed of browsing, a VPN service keeps your Internet speed fast without affecting its performance.
  3. You have a long list of countries and states to select from as your place of origin. For example, if you are originally from United Kingdom, you may choose an IP address that belong to United States so that the websites that you visit will see you as from US and not UK.
  4. By selecting an IP address of your choice, you can easily bypass location blocks and even access restricted websites that are not available for your country.

2. Website Based Proxy Servers

This is another popular way to quickly mask IP address on the Internet. Since it is a web based service, users need not have to install any piece of software program on their computer. The following are some of the popular websites that offer free services to hide IP address:
The downside of using these free services to hide your IP address is that most of them become overloaded and are too slow to use. In addition, some of them will not offer a secured connection (SSL) and you will often be presented with annoying ads and pop-ups during the course of your browsing.

3. Browser Configured Proxy Servers

There are hundreds of freely available open proxies that can be found on the Internet. You can obtain the IP address of one of those freely available proxy servers and configure your browser to start hiding your original IP address. However, as they are openly available to public, most of them are either dead or perform too slow under normal conditions.

Which Service to Choose?

If you only want to hide your IP address for a specific amount of time and are not concerned with the performance, go for the free web based services. On the other hand, if you have the necessity to hide your IP on a regular basis, need high security and performance, go for paid VPN services like Hide My Ass or VyprVPN.
For very many people, security is one of the most important issues when it gets to sending their files into the cloud. They worry that their files will be seen or even compromised by other persons because that is what took place in the past. The user accounts used to be hacked, cloud storage systems failed and personal files and data were exposed. Therefore, how can you successfully prevent that from ever happening even when the account gets hacked or something happens to your provider of cloud storage?

The answer to that question is encryption

Encryption can be defined as the process of making one’s files unreadable with a pass phrase or an encryption key so that even when another person gains access to the files, it does not matter because the intruder will only be able to see gibberish. To be able to see very properly what is in the file, one must have a key.
This article contains the two different ways through which one can make his or her files secure and be able to safely use cloud storage without any worries.

Available options

Essentially, when it gets to encrypting files in the cloud, one has two options from which he or she can choose, that is:
  • He or she may choose the cloud storage with a built in encryption.
  • Make use of a service which encrypts folders and/or files for him or her.

Cloud storage service with built-in encryption

Regardless of your choice, both of the ways to encrypt data to store in cloud have advantages and disadvantages. If you decide to go with the dedicated secure cloud service, you might be required to change the entire setup of transferring files to that specific service, familiarize yourself with the way it works and probably give up on a certain third party support, mainly if you come from the most well-liked cloud storage and syncing service, that is “Dropbox”. Alternatively, you have got everything under one hood and you do not have to worry any more about file security and integrity.

 

Service for encryption only

If you are using a service which is dedicated to encrypting your files, you will be having more control over which files you would like to encrypt and where you would like them to be stored. For instance, you may choose Dropbox, if at all you like the service; and not give up after encrypting the files properly. Conversely, your files might take longer to be properly synced in case you are getting them encrypted using third party apps.

Conclusion

Either way, it is believed to be very necessary to protect one’s files using the most proper encryption, most especially if he or she is using Dropbox for managing his or her critical files such as contracts, password databases, or any other personal or business files which may be considered to be very important.
Depending on an individual, some would like to install another software on their computers just for the purpose of encryption, while others not. Those who don’t may take advantage of the idea of signing up for a dedicated cloud solution which has built-in local encryption for all the files. Some of such solutions available include SpiderOak, Wuala and Cubby. If online viruses are among the things troubling you, you may also consider making use of the Norton Contact Phone number so as to inquire about how you can be helped.
The Security researcher Paulos Yibelo shared how he bypassing htmlentities().

Well I don’t know how to break it down for you, you just can’t (if the function is used properly and exactly where it should). But it’s more probable that most developers don’t use it the right way, since it’s like a norm for some developers to not use built-in functions properly :P. So I will talk about some of the cases I came up while pentesting. htmlentities() and htmlspecailchars() are functions mainly developed to filter out cross site scripting attacks.

But I can promise you that you can build a better function if your user input is massive since that’s when most exploitation scenarios begin. How? Well, the functions html entity the characters < , > “ and ‘. So without those there seems there is no XSS. Or isn’t really? Well, I can think of one. Something like javascript:alert(1); will be executed since none of the characters in it are filtered to be html entityed… but there is a limitation to this. Without using “> or any similar technique we will not be able to break out of the attribute we are inside.

Also the value attribute in html is not vulnerable since it only accepts strings and well we need scripts that can execute… something like href, onclick would do… but who would put such a foolish mistake right? Well you wouldn’t believe if I told you even big companies like Facebook does.
Have a code like?

print '<img src="'.htmlentities("$url").”';
or even
                print "<a href='".htmlentities($url)."'>Click Here</a>";

“javascript:alert(1);” will bypass it because it doesn’t contain the characters that will be filtered. But notice a limitation here? Our code will only execute if user clicks the Click Here button. So that’s a huge limitation. Or is it? The html code will become something like

<a href='javascript:alert(1);'>Click Here</a>

But we need to break out of the href tag and execute a more malicious javascript. But how? If we try to break out of it using ‘> it won’t work since both those characters are filtered out… and the code will become something like

<a href='javascript:alert(1);&quot;&gt;'>Click Here</a>

Right? Well not exactly. Htmlentities comes with single quote ( ‘ ) not filtered by default and you have to specify a special switch called ENT_QUOTES to declare that. So the real output when values like “javascript:alert(1);’>” is given

<a href='javascript:alert(1);'&gt;'>Click Here</a>

A hope! We broke out of the attribute so giving values like

javascript:alert(1);’ onfocus=alert(1); autofocus

will output html source like

<a href='javascript:alert(1);' onfocus=alert(1); autofocus>Click Here</a>

So wow… our final payload to bypass the filter would look something like

paulos’ onfocus=alert(0); autofocus

Would successfully bypass the function htmlentities and prints out the source of

<a href='paulos' onfocus=alert(0) autofocus>Click Here</a>

Successful explotation of the function htmlentities.  so why not use the switch to enable the single quote (‘) and make our code secured. something like

 print "<a href='".htmlentities($url, ENT_QUOTES)."'>Click Here</a>";

Well now, we may can’t break out of the cage we are inside but still can execute JavaScript in the attribute we are inside. However, the value html attribute is off limits. we cannot execute JavaScript inside it. But when you find code like:

print "<input type='text' value=".htmlentities("$value").">";

even when using ENT_QUOTES, this is when value attribute becomes vulnerable.

paulos onmouseover=alert(1);

 will successfully bypass the value parameter and make html code like

<input type='text' value=paulos onmouseover=alert(1);>
Cool.

So not using quotes got us vulnerable, we will just use quotes then. Well I recommend not using single quotes… that’s when your code nearly becomes vulnerable when you forgot to use  the switch ENT_QUOTES, which you probably will.

But this isn’t just it… attackers can still attack your application using a different character set called UTF-7 even when you are using proper usage of htmlentities, so unless you protect your code by setting your charset to UTF-8 or any other charset other that 7, you are still vulnerable to XSS.
Disclaimer! This Software is designed only to be used to monitor your child or employee. We do not condone the use of this software for illegal or unethical purposes.
The PC Monitoring Software (keylogger) which we are talking about is WinSpy Software Pro which now supports Android smartphone monitoring. WinSpy Software Pro is a Complete Stealth Monitoring Software for Windows that can monitor your Local or Remote PC and now any Android device (cell Phone or Tablet); In short Win Spy can capture anything the user sees or types on the keyboard.

Unlike other Mobile Spy softwares that notify the users that they are being monitored by device notifications and a tamper-proof icon, the Winspy Android module is completely invisible on the target phone; i.e It could Stalk Android Smartphone without detection when it is installed on a target’s phone.
 
http://www.win-spy.com/
 

With the Android module you can:
  • View complete SMS text messages.
  • Get GPS locations as often as you wish.
  • Log call details and websites visited.
  • View memos, contacts and email.
  • FTP Option: Get all the data to your FTP account.

This New WinSpy Android module does not rely on the phone’s call or message database to log activities. So even if your target tries to delete their usage histories, the information will still be retained and inserted to your account.

With this Software you can easily monitor your child or Employee for potential misuse of the Smartphone and there is no limitations to the number of target phones you can monitor or install on.
We have seen Windows XP being Installed on Android device But this is nothing like you have seen before. First time someone has ported desktop Windows OS on iPhone and has managed to get it working. i.e Windows 98 (pre-millennium Windows version) on iPhone 6 Plus.

A Chinese hacker with the handle xyqo58775 on popular Chinese tech forum posted about how he was able to successfully install Windows 98 on an iPhone 6 Plus and even provides tutorial on the same. The install seems to be the real thing and not the script-based emulation.

The most interesting thing is that he managed to carry out this hack without jail-breaking his device. He reportedly used a legal version of iDOS, which probably does a fine job at emulating. iDos is an emulator that allows you to play dos games on your iPhone or iPad.

The hacker claims that he has only used the existing resources & tools available and he is “not a big God”. He also said that he will get Windows XP running on iPhone 6 Plus whenever he gets time. Meanwhile if you know Chinese you can refer his tutorial on Installing Windows 98 on iPhone 6 Plus here [Google Translate].

Check out the photos of Windows 95 on the iPhone 6 Plus:





Welcome to My Blog

Followers

Powered by Blogger.

- Copyright © 2014 Hack with Alpha -Hack with Alpha - Designed by Mr. Alpha -